Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit Virus Issue


  • This topic is locked This topic is locked
19 replies to this topic

#1 ianworrall

ianworrall

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:52 PM

Posted 20 June 2010 - 02:08 PM

Hello,

Please could someone help me with this issue.

I downloaded and opened an .exe file which almost immediately caused issues.

I cannot connect to the internet and if I try I can see numerous svchost.exe processes running in task manager. I am unable to access the regedit function.

I have run DeFogger, dds.scr and GMER. GMER told me I had a rootkit issue.

I have attached the log files as requested in your preparation post.

Thanks in advance for any help you can give me.

Ian

P.S. I can access the internet via another computer and download then transfer any files needed.

Attached Files


Edited by ianworrall, 21 June 2010 - 10:49 AM.


BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,689 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:06:52 AM

Posted 24 June 2010 - 01:29 PM

Hi ianworrall,

Welcome to Malware Removal (VTSMR) forum. I am going to assist you with your problem.

Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. In case of making changes I shall assume my assistance is not needed any more.

If the issue is not resolved please update me on the current condition of your computer.

#3 ianworrall

ianworrall
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:52 PM

Posted 24 June 2010 - 05:17 PM

Hi Farbar,

The current status is this:

The computer, when it has no internet connection, appears to be working fine, albeit a little slow.

If I attempt to connect to the internet whilst in safe mode with networking I can manage to get a connection to Google or Bing but very little else.
If I attempt to connect to the internet during normal operation I just receive a message saying the web pages are unavailable.

I know it isn't an issue with the internet connection itself because I can plug the network connection into my laptop and it connects without a problem.
It is the laptop I am using to post to this forum.

Also the cpu process goes up to 100% almost instantly. There are several svchost operations processing but I can't determine if they are genuine or not.

Thank you,

Ian

Edited by ianworrall, 24 June 2010 - 05:19 PM.


#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,689 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:06:52 AM

Posted 24 June 2010 - 05:44 PM

The system is heavily infected.

One or more of the identified infections is a backdoor trojan.

A backdoor Trojan can allow an attacker to gain control of the system, log keystrokes, steal passwords, access personal data, send malevolent outgoing traffic, and close the security warning messages displayed by some anti-virus and security programs.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the Operating System. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. If you decide to remove the infection please go on with the following steps.


Removal Instructions

Make sure you have logged in to your normal account while performing the following steps. It should take care of the internet connection issue too. But we still have some work to do after that.

You can download the tool and make the batch file using the clean computer.

  1. You have the program Spybot S&D (Teatimer option) running on your machine. We need to disable TeaTimer so it does not interfere with the fixes we are about to do. This will only take a few seconds.
    1. First disable TeaTimer:
      • Run Spybot-S&D
      • Go to the Mode menu, and make sure Advanced Mode is selected
      • On the left hand side, choose Tools -> Resident
      • Uncheck Resident TeaTimer and OK any prompts
      • Restart your computer.
      Instruction is also here: How to disable TeaTimer during HijackThis Cleanup
      Note:If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.
    2. Then download ResetTeaTimer.exe to your desktop.
      • Doubleclick ResetTeaTimer.exe and let it run.
    Note: The Teatimer should be kept disabled until I give you the clean sign.

  2. We are going to run this special tool.
    • Please download TDSSKiller.exe and save it to your desktop.
    • Run TDSSKiller.exe.
    • When it finished press any key to continue.
    • Also it makes a txt file on the C:\ directory (like TDSSKiller.2.3.2.0_Date_Time_log.txt). Please attach it to your replay.

  3. Make sure the following setting is set as it is supposed to be set:
    • Go to Start -> Control Panel -> Double click on Network Connections.
    • Right click on your default connection (usually Local Area Connection) and select Properties.
    • Select the General tab.
    • Double click on Internet Protocol (TCP/IP).
      Under General tab:
      • Select "Obtain an IP address automatically".
      • Select "Obtain DNS server address automatically".
    • Click OK twice to save the settings.

  4. Please run Notepad (start > All Programs > Accessories > Notepad) and copy and paste the text in the code box (without the word CODE) into a new file:


    CODE
    @ECHO OFF
    Reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /f
    Reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f
    proxycfg -d
    reg delete HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /v NameServer /f
    reg delete HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4819501A-CADC-474D-9D40-FE83C9ED4A70} /v NameServer /f
    reg delete HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\efcccbx /f
    reg delete HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\igfxcui /f
    reg delete HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\mljhfgf /f
    reg delete HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\ocjzwkad /f
    reg delete HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\tyhkmlnr /f

    • Go to the File menu at the top of the Notepad and select Save as.
    • Select Save in: desktop
    • Fill in File name: fix.bat
    • Save as type: All file types (*.*)
    • Click save.
    • Close the Notepad.
    • Locate fix.bat on the desktop. It should look like this:
    • Double-click to run it. In Windows Vista: Right-click to run it as administrator.
    • A window flashes, this is normal.

  5. Reboot the computer now.

  6. Please run DDS and post a fresh DDS.txt to your reply. No need for the Attach.txt. Also tell me if the internet connection is restored.


#5 ianworrall

ianworrall
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:52 PM

Posted 26 June 2010 - 03:21 AM

Hello farbar,

I have followed your instructions.

Below is the DDS output:



DDS (Ver_10-03-17.01) - NTFSx86
Run by Ian at 8:56:59.65 on 26/06/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_19
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1622 [GMT 1:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Ian\Desktop\dds.scr

============== Pseudo HJT Report ===============

uLocal Page = \blank.htm
uStart Page = hxxp://www.skybroadband.com/
uInternet Connection Wizard,ShellNext = hxxp://www.dell.co.uk/myway
uInternet Settings,ProxyOverride = <local>
mURLSearchHooks: H - No File
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 9\SnagitBHO.dll
BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - No File
BHO: WormRadar.com IESiteBlocker.NavFilter: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - AVG Safe Search
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: CAB Class: {c6a91056-83e0-4c6e-8dcc-43fc0dfe7a0a} - c:\windows\system32\221XU3n7.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 9\SnagitIEAddin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\dap\dapextie.htm
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com
IE: {9239E4EC-C9A6-11D2-A844-00C04F68D538}
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - {7DD73374-7187-4103-8F29-622AA25E7C40}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ian\applic~1\mozilla\firefox\profiles\urrx3jl9.default\
FF - component: c:\program files\dap\dapfirefox\components\DAPFireFox.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0

============= SERVICES / DRIVERS ===============

R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\drivers\VCdRom.sys [2009-1-18 8576]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2010-6-20 632792]
R3 CnxTgN;Conexant AccessRunner PCI ADSL WAN Adapter Driver;c:\windows\system32\drivers\CnxTgN.sys [2006-1-9 108225]
R3 CnxTgP;Conexant AccessRunner PCI ADSL WAN Adapter Filter Driver;c:\windows\system32\drivers\CnxTgP.sys [2006-1-9 430687]
R3 CnxTgR;Conexant AccessRunner PCI ADSL Interface Device Driver;c:\windows\system32\drivers\CnxTgR.sys [2006-1-9 107944]
S0 Partizan;Partizan; [x]
S1 fgcde7c;fgcde7c;c:\windows\system32\drivers\fgcde7c.sys [2010-6-16 138272]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]
S2 McShield;McAfee.com McShield; [x]
S2 McTskshd.exe;McAfee Task Scheduler; [x]
S3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;h:\program files\adobe\elements organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-6 169312]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2010-5-17 23456]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;h:\downloads\software\common\database\bin\fbserver.exe [2010-2-6 1527900]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\7.tmp --> c:\windows\system32\7.tmp [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-8-2 32512]
S3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc.sys [2006-1-10 15576]

=============== Created Last 30 ================

2010-06-24 15:25:03 0 d-----w- c:\docume~1\alluse~1\applic~1\AVS4YOU
2010-06-21 20:47:48 98816 ----a-w- c:\windows\sed.exe
2010-06-21 20:47:48 77312 ----a-w- c:\windows\MBR.exe
2010-06-21 20:47:48 256512 ----a-w- c:\windows\PEV.exe
2010-06-21 20:47:48 161792 ----a-w- c:\windows\SWREG.exe
2010-06-21 19:19:57 0 d-----w- c:\docume~1\alluse~1\applic~1\SecTaskMan
2010-06-21 19:19:53 0 d-----w- c:\program files\Security Task Manager
2010-06-21 18:21:29 0 d-----w- c:\program files\Sophos
2010-06-20 10:23:23 0 ----a-w- c:\documents and settings\ian\defogger_reenable
2010-06-20 09:44:03 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2010-06-20 09:44:03 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2010-06-20 09:44:02 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2010-06-20 09:44:00 0 d-----w- c:\program files\common files\PC Tools
2010-06-20 08:39:52 15872 ----a-w- c:\windows\system32\dllcache\ne2000.sys
2010-06-20 08:39:51 10880 ----a-w- c:\windows\system32\dllcache\ndisip.sys
2010-06-20 07:25:43 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-06-20 07:25:43 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-06-19 22:34:58 103296 ----a-w- c:\windows\system32\dllcache\mtxvideo.sys
2010-06-19 22:33:57 164586 ----a-w- c:\windows\system32\dllcache\mdgndis5.sys
2010-06-19 22:32:57 37376 ----a-w- c:\windows\system32\dllcache\kousd.dll
2010-06-19 22:31:57 13056 ----a-w- c:\windows\system32\dllcache\inport.sys
2010-06-19 22:30:59 58592 ----a-w- c:\windows\system32\dllcache\i740nt5.sys
2010-06-19 22:29:58 68608 ----a-w- c:\windows\system32\dllcache\hpgt53tk.dll
2010-06-19 22:28:54 92160 ----a-w- c:\windows\system32\dllcache\fuusd.dll
2010-06-19 22:27:59 594238 ----a-w- c:\windows\system32\dllcache\es56hpi.sys
2010-06-19 22:26:57 20992 ----a-w- c:\windows\system32\dllcache\dshowext.ax
2010-06-19 22:25:59 86016 ----a-w- c:\windows\system32\dllcache\dc240usd.dll
2010-06-19 22:24:59 49182 ----a-w- c:\windows\system32\dllcache\cem56n5.sys
2010-06-19 22:23:59 102400 ----a-w- c:\windows\system32\dllcache\binlsvc.dll
2010-06-19 22:22:46 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll
2010-06-19 20:44:06 0 d-----w- c:\program files\Trend Micro
2010-06-19 20:36:49 0 d-----w- c:\program files\CCleaner
2010-06-19 11:35:36 45056 ----a-w- c:\windows\system32\221XU3n7.dll
2010-06-19 11:32:15 112 ----a-w- c:\docume~1\alluse~1\applic~1\8STl0L.dat
2010-06-19 11:26:28 0 d-----w- C:\Rbackup
2010-06-19 11:19:41 0 d-----w- c:\docume~1\ian\applic~1\AVG8
2010-06-19 10:45:57 47667 ----a-w- c:\windows\system32\ifarmed.html
2010-06-19 10:40:36 38 ----a-w- c:\windows\system32\online_{a256fb97-162a-4558-be23-08ae4bbcb195}
2010-06-19 10:40:34 38 ----a-w- c:\windows\system32\{a256fb97-162a-4558-be23-08ae4bbcb195}
2010-06-18 05:33:25 0 d-----w- c:\docume~1\ian\applic~1\Tific
2010-06-17 17:21:15 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton
2010-06-17 17:21:01 0 d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
2010-06-17 05:45:54 81288 ----a-w- c:\windows\system32\drivers\iksyssec.sys
2010-06-17 05:45:54 66952 ----a-w- c:\windows\system32\drivers\iksysflt.sys
2010-06-17 05:45:54 42376 ----a-w- c:\windows\system32\drivers\ikfilesec.sys
2010-06-17 05:45:54 29576 ----a-w- c:\windows\system32\drivers\kcom.sys
2010-06-16 22:02:25 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-06-16 05:58:32 210816 ----a-w- c:\windows\system32\dllcache\ndis.sys
2010-06-16 05:57:16 138272 ----a-w- c:\windows\system32\drivers\fgcde7c.sys
2010-06-16 05:57:14 35328 ----a-w- c:\windows\system32\atolpphm¸.exe
2010-06-16 05:57:14 35328 ----a-w- c:\documents and settings\ian\atolpphm¸.exe
2010-06-12 08:40:27 0 d-----w- c:\program files\common files\ScanSoft Shared
2010-06-12 00:48:08 0 d-----w- c:\program files\SmartFTP Client
2010-06-12 00:47:46 0 d-----w- c:\program files\SmartFTP Client 4.0 Setup Files
2010-06-12 00:03:04 6144 --sha-w- c:\windows\Thumbs.db
2010-06-11 21:47:37 0 d-----w- C:\LeoTheBorderterrier
2010-06-11 21:33:31 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-09 05:31:54 0 d-----w- c:\program files\Market Samurai
2010-05-31 12:10:17 3250 ----a-w- c:\windows\system32\wbem\Outlook_01cb00ba3bce8b60.mof

==================== Find3M ====================

2010-06-16 05:58:32 210816 ----a-w- c:\windows\system32\drivers\ndis.sys
2010-05-25 08:50:13 3755 ----a-w- c:\docume~1\ian\applic~1\SAS7_000.DAT
2010-05-21 21:18:51 88624 ---ha-w- c:\windows\system32\mlfcache.dat
2010-05-17 18:59:36 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2010-05-06 10:41:53 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-05-06 10:41:50 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-05-02 05:22:50 1851264 ------w- c:\windows\system32\dllcache\win32k.sys
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\dllcache\atmfd.dll
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-08 12:20:02 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 12:20:02 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-06 03:52:46 2462720 ----a-w- c:\windows\system32\dllcache\WMVCore.dll
2010-03-31 01:58:04 133616 ------w- c:\windows\system32\PxAFS.DLL
2010-03-31 01:58:04 125424 ------w- c:\windows\system32\pxinsi64.exe
2008-03-08 09:05:03 2 --shatr- c:\windows\winstart.bat
2007-05-16 23:51:36 104 --sh--r- c:\windows\system32\492269DF98.sys
2007-05-16 23:51:37 5852 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-01-06 16:10:47 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2008-09-03 05:35:13 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090320080904\index.dat

============= FINISH: 8:57:46.01 ===============


I have attached the TDSSKILLER file.

The internet connection appears to be working fine now although a little slow.

I noticed 2 files have been written to the C directory after I have run the TDSSKILLER program. They are hiberfil.sys and pagefile.sys - is that normal?

Thank you,

Ian

Attached Files



#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,689 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:06:52 AM

Posted 26 June 2010 - 06:00 AM

Great. thumbup2.gif

Those files yo mentioned are legit.

Please download Malwarebytes' Anti-Malware from one of these locations:
malwarebytes.org
majorgeeks.com
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the MBAM log.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


#7 ianworrall

ianworrall
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:52 PM

Posted 26 June 2010 - 06:47 AM

Hello farbar,

I have run Malwarebytes' Anti-Malware and here is the log:


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4243

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

26/06/2010 12:40:07
mbam-log-2010-06-26 (12-40-07).txt

Scan type: Quick scan
Objects scanned: 177490
Time elapsed: 7 minute(s), 30 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 41
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 27
Files Infected: 569

Memory Processes Infected:
C:\WINDOWS\Temp\BN1.tmp (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\ca.cab (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{833622f9-1720-4071-851a-8a5730c33565} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a1f2b3fc-1fc0-4562-9e6e-3a66e5c703e9} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c6a91056-83e0-4c6e-8dcc-43fc0dfe7a0a} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c6a91056-83e0-4c6e-8dcc-43fc0dfe7a0a} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c6a91056-83e0-4c6e-8dcc-43fc0dfe7a0a} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ca.cab.1 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\videoegg.activexloader (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{168dc258-1455-4e61-8590-9dac2f27b675} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1a8642f1-dc80-4edc-a39d-0fb62a58b455} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3f91eb90-ef62-44ee-a685-fac29af111cd} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5c29c7e4-5321-4cad-be2e-877666bed5df} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{83dfb6ee-ab18-41b5-86d4-b544a141d67e} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{88d6cf0e-cf70-4c24-bf6e-e4e414bc649c} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8f6a82a2-d7b1-443e-bb9f-f7dc887dd618} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9856e2d8-ffb2-4fe5-8cad-d5ad6a35a804} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a3d06987-c35e-49e4-8fe2-ac67b9fbfb4c} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a58c497b-3ee2-45e7-9594-daca6be2a0d0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ad0a3058-fd49-4f98-a514-fd055201835e} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ad5915ea-b61a-4dba-b5c8-ef4b2df0a3c7} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bb187c0d-6f53-4f3e-9590-98fd3a7364a2} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c5041fd9-4819-4dc4-b20e-c950b5b03d2a} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d17726cc-d4dd-4c4a-9671-471d56e413b5} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{db8cce99-59c6-4552-8bfc-058feb38d6ce} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{dc3a04ee-cdd7-4407-915c-a5502f97eecd} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e1a63484-a022-4d42-830a-fbd411514440} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e282c728-189d-419e-8ee2-1601f4b39ba5} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\videoegg.activexloader.1 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{be2b2900-fc91-4a07-ba4e-1b9f6a769894} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fd4cf969-c3b8-4d5a-a892-7d039fe3f2ad} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{14383b20-6fbb-47d3-a8cd-0986b9d8ca90} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fgcde7c (BackDoor.Gootkit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywaysearchassistantde.auxiliary (Adware.MyWaySearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywaysearchassistantde.auxiliary.1 (Adware.MyWaySearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\RABCO (Adware.RABCO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\xInsiDERexe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videoegg.com/publisher,version=0.2.0 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videoegg.com/updater,version=0.2.0 (Adware.VideoEgg) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\All Users\Application Data\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4115 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\messages (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\messages (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Updater (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Updater\4115 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Updater\4458 (Adware.VideoEgg) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\221XU3n7.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\VideoEgg\Loader\4115\npvideoegg-loader.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\atolpphm¸.exe (Trojan.Meredrop) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\fgcde7c.sys (BackDoor.Gootkit) -> Delete on reboot.
C:\WINDOWS\system32\spool\prtprocs\w32x86\17i317.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\1i93q7.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\1mYWS7.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\317c3s79.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\317m3gM9.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\31e9aAA9.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\3mYWSKU9.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\5555e.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\555qG.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\5wS5e.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\7qG1iQG.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\7yWS7e3.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\9317gM1g9.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\93a7kU17i.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\93c7sK179.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\eIQ5w.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\eIQG9i1q9.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\i7931q.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\KUOC17.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\o31mYW1u9.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ian\atolpphm¸.exe (Trojan.Meredrop) -> Quarantined and deleted successfully.
C:\WINDOWS\wmol40.dll (Trojan.Hiloti.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\VideoEgg\user.dat (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\DataLOCKED (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\aol_watermark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\audio_combo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\audio_source.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\bebo_tv_watermark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\bebo_tv_watermark_1.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\big_gray_logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\big_logo_cropped.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\blank_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\button_browse_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\button_browse_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\button_browse_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\camcorders_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\camcorder_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\camcorder_slide copy.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\camcorder_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\corners_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\corners_bottom_left_curve.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\corners_bottom_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\corners_top_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dropshadow_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dropshadow_horiz.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dropshadow_vertical.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dropzone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dv_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dv_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dv_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dv_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dv_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\email_instructions.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\email_sent.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\email_sent_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\email_sent_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\eraser.CUR (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\eraser_cursor.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\file_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\file_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\help.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_camcorders.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_ff.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_webcams.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\loading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\loading_movie.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\locating.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\logo_bottom.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\logo_middle.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\logo_top.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\mobile_btn_highlighted copy.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\mobile_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\mobile_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\mobile_slide_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\movie_placeholder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\ok.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\ok_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\ok_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_fast_forward_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_rewind_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_rewind_to_start.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\playhead.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\powered_by.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\progress.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\refresh_list_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\refresh_list_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\refresh_list_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\skin.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\skin.zip (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_over_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\stop_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\stop_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\stop_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\stop_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\stop_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\tab_slide_deselected.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\tape_control.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\upload.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading_medium.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading_thumbnail.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\upload_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\upload_from.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\upload_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\videoegg-large.ico (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\videoegg-small.ico (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\videoegg.ico (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_gray.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_green.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_orange.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_red.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\waiting_for_email.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\webcams_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\webcam_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\webcam_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\publisher.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4115\dbghelp.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\avcodec.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\crashRpt.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\dbghelp.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\FLVEncoder.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\lame_enc.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\LevelMeter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\libpng.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\npvideoegg-publisher.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\remoteblacklist (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\VideoEgg_FLVWriter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\zlib.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\aol_watermark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\audio_combo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\audio_source.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\bebo_tv_watermark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\bebo_tv_watermark_1.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\big_gray_logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\big_logo_cropped.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\blank_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\button_browse_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\button_browse_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\button_browse_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\camcorders_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\camcorder_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\camcorder_slide copy.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\camcorder_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\corners_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\corners_bottom_left_curve.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\corners_bottom_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\corners_top_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\done.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\done_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\done_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\done_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\done_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\done_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\dropshadow_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\dropshadow_horiz.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\dropshadow_vertical.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\dropzone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\dv_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\dv_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\dv_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\dv_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\dv_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\email_instructions.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\email_sent.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\email_sent_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\email_sent_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\eraser.CUR (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\eraser_cursor.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\file_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\file_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\help.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\icon_camcorders.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\icon_ff.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\icon_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\icon_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\icon_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\icon_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\icon_webcams.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\loading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\loading_movie.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\locating.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\logo_bottom.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\logo_middle.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\logo_top.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\mobile_btn_highlighted copy.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\mobile_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\mobile_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\mobile_slide_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\movie_placeholder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\ok.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\ok_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\ok_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\player_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\player_fast_forward_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\player_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\player_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\player_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\player_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\player_rewind_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\player_rewind_to_start.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\playhead.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\powered_by.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\progress.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\refresh_list_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\refresh_list_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\refresh_list_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\skin.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\skin.zip (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\start_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\start_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\start_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\start_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\start_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\start_over_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\start_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\stop_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\stop_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\stop_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\stop_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\stop_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\tab_slide_deselected.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\tape_control.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\upload.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\uploading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\uploading_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\uploading_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\uploading_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\uploading_medium.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\uploading_thumbnail.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\upload_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\upload_from.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\upload_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\videoegg-large.ico (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\videoegg-small.ico (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\videoegg.ico (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\volume_gray.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\volume_green.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\volume_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\volume_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\volume_orange.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\volume_red.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\volume_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\waiting_for_email.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\webcams_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\webcam_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\gid329\cid1124\bebo03\images\webcam_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\aol_watermark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\audio_combo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\audio_source.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\big_gray_logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\big_logo_cropped.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\blank_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\button_browse_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\button_browse_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\button_browse_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\camcorders_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\camcorder_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\camcorder_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\corners_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\corners_bottom_left_curve.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\corners_bottom_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\corners_top_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\done.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\done_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\done_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\done_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\done_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\done_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\dropshadow_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\dropshadow_horiz.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\dropshadow_vertical.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\dropzone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\dv_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\dv_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\dv_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\dv_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\dv_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\email_instructions.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\email_sent.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\email_sent_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\email_sent_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\eraser.CUR (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\eraser_cursor.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\file_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\file_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\help.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\icon_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\icon_camcorders.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\icon_camcorder_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\icon_camcorder_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\icon_ff.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\icon_file_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\icon_file_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\icon_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\icon_phone_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\icon_phone_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\icon_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\icon_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\icon_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\icon_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\icon_webcams.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\icon_webcam_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\icon_webcam_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\loading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\loading_movie.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\locating.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\logo_bottom.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\logo_middle.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\logo_top.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\mobile_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\mobile_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\mobile_slide_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\movie_placeholder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\ok.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\ok_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\ok_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\player_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\player_fast_forward_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\player_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\player_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\player_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\player_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\player_rewind_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\player_rewind_to_start.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\playhead.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\powered_by.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\progress.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\refresh_list_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\refresh_list_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\refresh_list_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\restart.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\restart_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\start_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\start_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\start_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\start_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\start_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\start_over_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\start_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\stop_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\stop_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\stop_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\stop_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\stop_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\tab_slide_deselected.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\tape_control.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\text_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\text_camcorder_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\text_file.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\text_file_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\text_phone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\text_phone_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\text_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\text_webcam_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\upload.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\uploading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\uploading_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\uploading_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\uploading_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\uploading_medium.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\uploading_thumbnail.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\upload_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\upload_from.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\upload_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\volume_gray.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\volume_green.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\volume_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\volume_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\volume_orange.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\volume_red.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\volume_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\waiting_for_email.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\webcams_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\webcam_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\images\webcam_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4152\resources\VideoEgg\messages\messages.en-US.bundle (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\avcodec.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\crashRpt.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\FLVEncoder.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\lame_enc.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\LevelMeter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\libpng.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\npvideoegg-publisher.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\VideoEgg_FLVWriter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\zlib.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\aol_watermark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\audio_combo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\audio_source.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\big_gray_logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\big_logo_cropped.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\blank_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\button_browse_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\button_browse_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\button_browse_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\camcorders_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\camcorder_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\camcorder_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\corners_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\corners_bottom_left_curve.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\corners_bottom_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\corners_top_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\done.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\done_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\done_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\done_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\done_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\done_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\dropshadow_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\dropshadow_horiz.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\dropshadow_vertical.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\dropzone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\dv_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\dv_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\dv_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\dv_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\dv_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\email_instructions.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\email_sent.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\email_sent_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\email_sent_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\eraser.CUR (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\eraser_cursor.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\file_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\file_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\help.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\icon_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\icon_camcorders.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\icon_camcorder_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\icon_camcorder_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\icon_ff.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\icon_file_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\icon_file_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\icon_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\icon_phone_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\icon_phone_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\icon_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\icon_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\icon_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\icon_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\icon_webcams.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\icon_webcam_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\icon_webcam_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\loading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\loading_movie.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\locating.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\logo_bottom.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\logo_middle.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\logo_top.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\mobile_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\mobile_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\mobile_slide_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\movie_placeholder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\ok.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\ok_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\ok_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\player_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\player_fast_forward_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\player_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\player_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\player_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\player_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\player_rewind_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\player_rewind_to_start.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\playhead.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\powered_by.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\progress.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\refresh_list_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\refresh_list_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\refresh_list_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\restart.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\restart_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\start_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\start_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\start_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\start_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\start_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\start_over_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\start_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\stop_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\stop_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\stop_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\stop_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\stop_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\tab_slide_deselected.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\tape_control.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\text_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\text_camcorder_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\text_file.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\text_file_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\text_phone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\text_phone_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\text_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\text_webcam_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\upload.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\uploading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\uploading_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\uploading_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\uploading_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\uploading_medium.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\uploading_thumbnail.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\upload_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\upload_from.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\upload_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\volume_gray.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\volume_green.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\volume_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\volume_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\volume_orange.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\volume_red.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\volume_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\waiting_for_email.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\webcams_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\webcam_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\images\webcam_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Publisher\4458\resources\VideoEgg\messages\messages.en-US.bundle (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Updater\updater.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Updater\VideoEggBroker.exe (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Updater\4115\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Updater\4115\updater.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Updater\4458\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matthew\Application Data\VideoEgg\Updater\4458\updater.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sarah\Desktop\Help and Support Center.lnk (Rogue.Link) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Drivers\ntndis.sys (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\ipsecndis.sys (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\Temp\BN1.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN9.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\BM2fc64e8b.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM2fc64e8b.xml (Trojan.Vundo) -> Quarantined and deleted successfully.


It said that some items were not removed but didn't specify which.

Ian

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,689 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:06:52 AM

Posted 26 June 2010 - 07:10 AM

We will remove all of them.

You have already run ComboFix. We need to run it again.
  1. Open your Malwarebytes' Anti-Malware.
    • First update it, to do that under the Update tab press "Check for Updates".
    • Under Scanner tab select "Perform Quick Scan", then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the MBAM log.

    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


  2. Elete your copy of Combofix if you still have it and download ComboFix from one of these locations:

    Link 1
    Link 2
    Link 3

    * IMPORTANT !!! Save ComboFix.exe to your Desktop

    • Disable your AntiVirus and AntiSpyware applications. They may otherwise interfere with the tool. (Information on A/V control HERE)
    • Double click on ComboFix.exe & follow the prompts.
    • You will get a warning about the not trusted download sites for ComboFix, click Yes.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please copy and paste the C:\ComboFix.txt in your next reply.


#9 ianworrall

ianworrall
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:52 PM

Posted 26 June 2010 - 08:06 AM

Hello,

Here's the log from ComboFix:


ComboFix 10-06-25.04 - Ian 26/06/2010 13:40:56.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1644 [GMT 1:00]
Running from: c:\documents and settings\Ian\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

Infected copy of c:\windows\system32\ws2_32.dll was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\ws2_32.dll

Infected copy of c:\windows\system32\drivers\ndis.sys was found and disinfected
Restored copy from - c:\i386\ndis.sys
.
((((((((((((((((((((((((( Files Created from 2010-05-26 to 2010-06-26 )))))))))))))))))))))))))))))))
.

2010-06-26 11:59 . 2010-06-26 11:59 -------- d-----w- c:\program files\Bonjour
2010-06-26 11:30 . 2010-06-26 11:30 -------- d-----w- c:\documents and settings\Ian\Application Data\Malwarebytes
2010-06-26 11:30 . 2010-06-26 11:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-26 11:30 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-26 11:29 . 2010-06-26 11:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-26 11:29 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-24 15:25 . 2010-06-24 15:25 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2010-06-21 19:19 . 2010-06-21 19:24 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2010-06-21 19:19 . 2010-06-21 19:19 -------- d-----w- c:\program files\Security Task Manager
2010-06-21 18:21 . 2010-06-21 18:21 -------- d-----w- c:\program files\Sophos
2010-06-20 09:47 . 2010-06-20 09:47 -------- d-----w- c:\documents and settings\Administrator\Application Data\Registry Mechanic
2010-06-20 09:44 . 2010-06-20 09:44 -------- d-----w- c:\program files\Common Files\PC Tools
2010-06-20 08:39 . 2001-08-17 12:49 15872 ----a-w- c:\windows\system32\dllcache\ne2000.sys
2010-06-20 08:39 . 2008-04-13 18:46 10880 ----a-w- c:\windows\system32\dllcache\ndisip.sys
2010-06-20 07:25 . 2010-06-22 22:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-20 07:25 . 2010-06-20 07:25 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-19 22:34 . 2001-08-17 11:50 103296 ----a-w- c:\windows\system32\dllcache\mtxvideo.sys
2010-06-19 22:33 . 2001-08-17 11:12 164586 ----a-w- c:\windows\system32\dllcache\mdgndis5.sys
2010-06-19 22:32 . 2001-08-17 21:36 37376 ----a-w- c:\windows\system32\dllcache\kousd.dll
2010-06-19 22:31 . 2001-08-17 12:47 13056 ----a-w- c:\windows\system32\dllcache\inport.sys
2010-06-19 22:30 . 2001-08-17 11:49 58592 ----a-w- c:\windows\system32\dllcache\i740nt5.sys
2010-06-19 22:29 . 2001-08-17 21:36 68608 ----a-w- c:\windows\system32\dllcache\hpgt53tk.dll
2010-06-19 22:28 . 2001-08-17 21:36 92160 ----a-w- c:\windows\system32\dllcache\fuusd.dll
2010-06-19 22:27 . 2001-08-17 12:28 594238 ----a-w- c:\windows\system32\dllcache\es56hpi.sys
2010-06-19 22:26 . 2001-08-17 11:20 334208 ----a-w- c:\windows\system32\dllcache\ds1wdm.sys
2010-06-19 22:25 . 2001-08-17 21:36 86016 ----a-w- c:\windows\system32\dllcache\dc240usd.dll
2010-06-19 22:24 . 2001-08-17 11:13 49182 ----a-w- c:\windows\system32\dllcache\cem56n5.sys
2010-06-19 22:23 . 2001-08-17 21:36 102400 ----a-w- c:\windows\system32\dllcache\binlsvc.dll
2010-06-19 22:22 . 2001-08-17 13:56 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll
2010-06-19 20:44 . 2010-06-19 20:44 -------- d-----w- c:\program files\Trend Micro
2010-06-19 20:36 . 2010-06-20 09:38 -------- d-----w- c:\program files\CCleaner
2010-06-19 15:16 . 2010-06-19 15:16 -------- d-----w- c:\documents and settings\Ian\Local Settings\Application Data\Threat Expert
2010-06-19 11:26 . 2010-06-19 11:26 -------- d-----w- C:\Rbackup
2010-06-19 11:19 . 2010-06-19 11:19 -------- d-----w- c:\documents and settings\Ian\Application Data\AVG8
2010-06-18 09:05 . 2010-06-18 09:05 -------- d-----w- c:\windows\system32\config\systemprofile\Tracing
2010-06-18 05:42 . 2010-06-18 05:47 -------- d-----w- c:\documents and settings\Ian\Local Settings\Application Data\Tific
2010-06-18 05:33 . 2010-06-18 05:33 -------- d-----w- c:\documents and settings\Ian\Application Data\Tific
2010-06-17 17:21 . 2010-06-17 17:21 -------- d-----w- c:\program files\Windows Sidebar
2010-06-17 17:21 . 2010-06-20 08:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-06-17 17:21 . 2010-06-20 08:49 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-06-17 05:45 . 2008-02-01 11:55 42376 ----a-w- c:\windows\system32\drivers\ikfilesec.sys
2010-06-17 05:45 . 2007-12-10 13:53 29576 ----a-w- c:\windows\system32\drivers\kcom.sys
2010-06-17 05:45 . 2007-12-10 13:53 81288 ----a-w- c:\windows\system32\drivers\iksyssec.sys
2010-06-17 05:45 . 2007-12-10 13:53 66952 ----a-w- c:\windows\system32\drivers\iksysflt.sys
2010-06-16 22:29 . 2010-06-16 22:29 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-06-16 22:02 . 2010-06-20 09:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-06-16 22:02 . 2010-06-16 22:02 -------- d-----w- c:\program files\Alwil Software
2010-06-16 20:28 . 2010-06-16 20:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\GlarySoft
2010-06-16 19:24 . 2010-06-16 19:24 -------- d-----w- c:\documents and settings\Administrator\Application Data\IObit
2010-06-16 19:22 . 2010-06-16 19:22 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-06-16 05:58 . 2010-06-16 05:58 210816 ----a-w- c:\windows\system32\dllcache\ndis.sys
2010-06-16 05:57 . 2010-06-16 05:57 -------- d-----w- c:\documents and settings\Ian\Local Settings\Application Data\fvvexk
2010-06-12 08:40 . 2010-06-12 08:40 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
2010-06-12 00:48 . 2010-06-12 00:48 -------- d-----w- c:\program files\SmartFTP Client
2010-06-12 00:47 . 2010-06-12 00:47 -------- d-----w- c:\program files\SmartFTP Client 4.0 Setup Files
2010-06-11 21:47 . 2010-06-11 23:43 -------- d-----w- C:\LeoTheBorderterrier
2010-06-11 21:33 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-09 05:31 . 2010-06-09 05:31 -------- d-----w- c:\program files\Market Samurai

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-26 12:04 . 2010-05-21 19:01 -------- d-----w- c:\program files\iTunes
2010-06-26 12:03 . 2010-05-21 14:20 -------- d-----w- c:\program files\Common Files\Apple
2010-06-26 11:55 . 2010-06-26 11:55 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-25 04:41 . 2008-11-29 13:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-06-22 22:09 . 2010-05-19 15:50 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-20 09:08 . 2010-05-21 07:22 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-06-20 08:51 . 2006-01-09 23:52 -------- d-----w- c:\program files\Norton AntiVirus
2010-06-20 08:49 . 2006-01-09 23:48 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-06-20 08:49 . 2006-01-09 23:53 -------- d-----w- c:\program files\Symantec
2010-06-20 07:27 . 2007-06-11 21:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-06-19 11:45 . 2010-06-19 11:32 112 ----a-w- c:\documents and settings\All Users\Application Data\8STl0L.dat
2010-06-19 11:26 . 2010-05-09 06:26 -------- d-----w- c:\program files\Perfect Uninstaller
2010-06-19 11:17 . 2008-07-27 11:38 -------- d-----w- c:\program files\Flock
2010-06-19 11:17 . 2008-07-27 11:38 -------- d-----w- c:\documents and settings\Ian\Application Data\Flock
2010-06-17 21:36 . 2007-05-17 05:48 -------- d-----w- c:\program files\DivX
2010-06-17 08:17 . 2007-08-25 16:25 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-17 04:59 . 2006-01-09 23:48 -------- d-----w- c:\program files\Conference
2010-06-16 06:04 . 2007-07-10 21:01 -------- d-----w- c:\documents and settings\Ian\Application Data\UseNeXT
2010-06-15 23:27 . 2006-01-09 23:53 -------- d-----w- c:\program files\TechSmith
2010-06-12 08:40 . 2009-09-19 11:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Nuance
2010-06-12 08:40 . 2009-09-19 11:08 -------- d-----w- c:\program files\Nuance
2010-06-12 00:48 . 2006-01-20 19:37 -------- d-----w- c:\documents and settings\Ian\Application Data\SmartFTP
2010-05-30 12:02 . 2010-05-30 11:58 664 ----a-w- c:\documents and settings\Morgan\Local Settings\Application Data\d3d9caps.tmp
2010-05-26 06:52 . 2008-05-29 15:42 -------- d-----w- c:\documents and settings\All Users\Application Data\EPSON
2010-05-25 08:50 . 2009-09-19 11:46 3755 ----a-w- c:\documents and settings\Ian\Application Data\SAS7_000.DAT
2010-05-21 21:18 . 2008-08-03 12:39 88624 ---ha-w- c:\windows\system32\mlfcache.dat
2010-05-21 19:01 . 2010-05-21 19:01 -------- d-----w- c:\program files\iPod
2010-05-21 19:01 . 2006-02-28 08:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-05-21 18:25 . 2006-09-19 22:28 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-05-21 14:24 . 2006-02-28 08:04 -------- d-----w- c:\documents and settings\Ian\Application Data\Apple Computer
2010-05-21 14:24 . 2010-05-21 14:22 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-21 14:22 . 2006-02-28 08:03 -------- d-----w- c:\program files\QuickTime
2010-05-21 14:21 . 2006-12-26 18:58 -------- d-----w- c:\program files\Apple Software Update
2010-05-21 14:04 . 2010-05-21 14:04 -------- d-----w- c:\program files\VS Revo Group
2010-05-21 08:37 . 2008-04-04 22:16 -------- d-----w- c:\documents and settings\Morgan\Application Data\Apple Computer
2010-05-21 08:37 . 2007-06-28 17:54 -------- d-----w- c:\documents and settings\Sarah\Application Data\Apple Computer
2010-05-21 08:37 . 2007-05-14 17:50 -------- d-----w- c:\documents and settings\Matthew\Application Data\Apple Computer
2010-05-21 07:22 . 2010-05-21 07:21 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2010-05-21 07:21 . 2010-05-21 07:21 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-05-21 06:48 . 2006-01-08 17:37 130696 ----a-w- c:\documents and settings\Ian\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-21 02:29 . 2006-01-14 14:50 -------- d-----w- c:\program files\Google
2010-05-21 02:10 . 2010-05-21 02:10 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-05-21 02:01 . 2010-05-21 02:01 -------- d-----w- c:\program files\MSXML 4.0
2010-05-20 20:34 . 2010-05-20 20:34 503808 ----a-w- c:\documents and settings\Sarah\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-439023ac-n\msvcp71.dll
2010-05-20 20:34 . 2010-05-20 20:34 499712 ----a-w- c:\documents and settings\Sarah\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-439023ac-n\jmc.dll
2010-05-20 20:34 . 2010-05-20 20:34 348160 ----a-w- c:\documents and settings\Sarah\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-439023ac-n\msvcr71.dll
2010-05-20 20:34 . 2010-05-20 20:34 61440 ----a-w- c:\documents and settings\Sarah\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5ec2a986-n\decora-sse.dll
2010-05-20 20:34 . 2010-05-20 20:34 12800 ----a-w- c:\documents and settings\Sarah\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5ec2a986-n\decora-d3d.dll
2010-05-20 19:29 . 2009-09-19 07:14 -------- d-----w- c:\documents and settings\Ian\Application Data\GlarySoft
2010-05-20 16:27 . 2009-01-19 20:59 -------- d-----w- c:\documents and settings\Ian\Application Data\IObit
2010-05-19 16:51 . 2006-02-14 23:32 -------- d-----w- c:\program files\Search Automator
2010-05-19 16:49 . 2007-02-20 20:22 -------- d-----w- c:\program files\SEO Elite 4
2010-05-19 16:45 . 2006-01-09 23:52 -------- d-----w- c:\program files\RoboDemo
2010-05-19 16:12 . 2006-01-24 20:15 -------- d-----w- c:\program files\XSite Pro
2010-05-19 16:03 . 2006-09-13 18:59 -------- d-----w- c:\program files\Microsoft Money 2005
2010-05-19 15:50 . 2006-01-08 20:06 -------- d-----w- c:\program files\Macromedia
2010-05-19 15:49 . 2008-05-20 19:44 -------- d-----w- c:\program files\Monarch Report Explorer
2010-05-18 15:35 . 2010-05-18 15:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 15:35 . 2010-05-18 15:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-17 19:24 . 2010-05-17 19:10 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverCure
2010-05-17 19:11 . 2010-05-17 19:10 -------- d-----w- c:\documents and settings\Ian\Application Data\DriverCure
2010-05-17 19:10 . 2010-05-17 19:10 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2010-05-17 18:59 . 2010-05-17 18:59 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2010-05-17 18:11 . 2010-05-17 18:11 -------- d-----w- c:\program files\Domain Samurai
2010-05-17 09:41 . 2007-05-19 06:39 -------- d-----w- c:\documents and settings\Ian\Application Data\DivX
2010-05-17 09:31 . 2010-05-17 09:31 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-05-17 09:31 . 2010-05-17 09:24 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-05-17 09:28 . 2010-05-17 09:28 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-05-17 09:28 . 2010-05-17 09:28 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-05-17 09:28 . 2009-06-18 16:30 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-05-17 09:24 . 2010-05-17 09:24 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-05-17 09:24 . 2010-05-17 09:30 754984 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-05-17 09:24 . 2010-05-17 09:30 1180952 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-05-16 20:09 . 2007-07-10 21:01 -------- d-----w- c:\program files\UseNeXT
2010-05-10 18:25 . 2010-05-10 18:25 -------- d-----w- c:\documents and settings\Morgan\Application Data\Canon
2010-05-10 18:19 . 2006-11-26 16:25 130312 ----a-w- c:\documents and settings\Morgan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-09 07:17 . 2007-05-18 20:44 -------- d-----w- c:\program files\BitComet
2010-05-09 06:34 . 2006-01-09 23:47 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-09 06:21 . 2010-05-09 06:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Innovative Solutions
2010-05-09 05:42 . 2009-01-17 14:33 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-05-09 05:42 . 2008-05-31 12:58 -------- d-----w- c:\documents and settings\Ian\Application Data\bang
2010-05-09 05:42 . 2007-05-17 23:41 -------- d-----w- c:\documents and settings\Ian\Application Data\Vso
2010-05-09 05:42 . 2008-06-23 20:54 -------- d-----w- c:\program files\eTrends
2010-05-09 05:42 . 2007-07-24 09:11 -------- d-----w- c:\program files\EasyDVDVideoCopy
2010-05-09 05:42 . 2006-07-12 14:25 -------- d-----w- c:\program files\HP
2010-05-08 20:38 . 2006-07-08 15:15 -------- d-----w- c:\program files\Keyword Elite
2010-05-08 20:35 . 2010-02-25 07:15 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-05-03 18:35 . 2010-05-03 18:35 -------- d-----w- c:\program files\Ashampoo
2010-05-03 18:31 . 2010-05-03 18:31 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2010-05-02 20:33 . 2010-05-02 20:33 -------- d-----w- c:\documents and settings\Ian\Application Data\Canon
2010-05-02 19:35 . 2010-05-02 19:32 -------- d-----w- c:\program files\Canon
2010-05-02 19:30 . 2010-05-02 19:30 -------- d-----w- c:\program files\Common Files\Canon
2010-05-02 05:22 . 2004-08-10 12:51 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-30 20:15 . 2006-07-20 21:19 130312 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-30 20:14 . 2006-04-01 09:42 -------- d-----w- c:\documents and settings\All Users\Application Data\TechSmith
2010-04-30 00:08 . 2010-04-30 00:08 -------- d-----w- c:\program files\Glance25
2010-04-28 14:45 . 2010-04-28 14:45 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-04-20 05:30 . 2004-08-10 12:50 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-06 17:05 . 2010-04-06 17:05 503808 ----a-w- c:\documents and settings\Morgan\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-31841c87-n\msvcp71.dll
2010-04-06 17:05 . 2010-04-06 17:05 499712 ----a-w- c:\documents and settings\Morgan\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-31841c87-n\jmc.dll
2006-12-13 03:12 . 2010-06-19 11:31 66648 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2006-12-13 03:12 . 2010-06-19 11:31 54352 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2006-12-13 03:12 . 2010-06-19 11:31 34928 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2006-12-13 03:12 . 2010-06-19 11:31 46696 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2006-12-13 03:12 . 2010-06-19 11:31 172120 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2006-07-30 17:47 . 2006-07-30 17:47 13383 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2006-08-06 04:01 . 2006-07-30 17:47 93848 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2008-03-08 09:05 . 2008-03-08 09:05 2 --shatr- c:\windows\winstart.bat
2007-05-16 23:51 . 2006-01-09 00:04 104 --sh--r- c:\windows\system32\492269DF98.sys
2007-05-16 23:51 . 2006-01-09 00:04 5852 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

------- Sigcheck -------

[7] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . 48FDBBE0E55B15E1886FCF5D8563B19F . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll

[7] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2help.dll
[-] 2008-04-14 . 6388CB57165A1496B75333BB7492CCA9 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
[7] 2004-08-04 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2help.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcccbx]
[BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljhfgf]
[BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
2004-12-02 18:23 102400 ------w- c:\program files\Creative\MediaSource\Detector\CTDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-02-23 16:19 53248 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-02-19 02:41 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-06-15 15:33 141624 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 20:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"EPSON Stylus Photo R285 Series"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICKE.EXE /FU "c:\docume~1\Ian\LOCALS~1\Temp\E_S25E.tmp" /EF "HKCU"
"EPSON Stylus Photo R285 Series (Copy 1)"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICKE.EXE /FU "c:\windows\TEMP\E_S6FB2.tmp" /EF "HKCU"
"Google Update"="c:\documents and settings\Ian\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"igfxhkcmd"=c:\windows\system32\hkcmd.exe
"igfxtray"=c:\windows\system32\igfxtray.exe
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
"igfxpers"=c:\windows\system32\igfxpers.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"TrayServer"=h:\downloads\Software\Magix Movie Editor\TrayServer.exe
"dla"=c:\windows\system32\dla\tfswctrl.exe
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" /r
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
"SSBkgdUpdate"=c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\SmartFTP\\SmartFTP.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\PPMate\\ppmate.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7881:TCP"= 7881:TCP:BitComet 7881 TCP
"7881:UDP"= 7881:UDP:BitComet 7881 UDP
"24072:TCP"= 24072:TCP:BitComet 24072 TCP
"24072:UDP"= 24072:UDP:BitComet 24072 UDP
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\drivers\VCdRom.sys [18/01/2009 12:02 8576]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [20/06/2010 10:44 632792]
R3 CnxTgN;Conexant AccessRunner PCI ADSL WAN Adapter Driver;c:\windows\system32\drivers\CnxTgN.sys [09/01/2006 23:31 108225]
R3 CnxTgP;Conexant AccessRunner PCI ADSL WAN Adapter Filter Driver;c:\windows\system32\drivers\CnxTgP.sys [09/01/2006 23:31 430687]
R3 CnxTgR;Conexant AccessRunner PCI ADSL Interface Device Driver;c:\windows\system32\drivers\CnxTgR.sys [09/01/2006 23:30 107944]
S0 Partizan;Partizan; [x]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [06/01/2010 17:11 135664]
S3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;h:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [06/09/2009 06:06 169312]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [17/05/2010 19:59 23456]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;h:\downloads\Software\Common\Database\bin\fbserver.exe [06/02/2010 22:47 1527900]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\7.tmp --> c:\windows\system32\7.tmp [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [02/08/2005 22:10 32512]
S3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc.sys [10/01/2006 00:16 15576]
.
Contents of the 'Scheduled Tasks' folder

2010-06-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]

2010-06-26 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-29 01:20]

2010-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 16:10]

2010-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 16:10]

2010-06-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1328379056-1009142132-44399063-1006Core.job
- c:\documents and settings\Ian\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-24 15:31]

2010-06-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1328379056-1009142132-44399063-1006UA.job
- c:\documents and settings\Ian\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-24 15:31]
.
.
------- Supplementary Scan -------
.
uLocal Page = \blank.htm
uStart Page = hxxp://www.skybroadband.com/
uInternet Connection Wizard,ShellNext = hxxp://www.dell.co.uk/myway
uInternet Settings,ProxyOverride = <local>;*.local
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {{08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com
IE: {{9239E4EC-C9A6-11D2-A844-00C04F68D538}
FF - ProfilePath - c:\documents and settings\Ian\Application Data\Mozilla\Firefox\Profiles\urrx3jl9.default\
FF - component: c:\program files\DAP\DAPFireFox\components\DAPFireFox.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-26 13:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\7.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2712)
c:\program files\SmartFTP Client\en-US\sfShellTools.dll.mui
c:\program files\Common Files\Ahead\Lib\NeroDigitalExt.dll
c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\SmartFTP\smarthook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Google\Update\1.2.183.29\GoogleCrashHandler.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-06-26 14:00:08 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-26 13:00
ComboFix2.txt 2010-06-21 21:21

Pre-Run: 12,877,627,392 bytes free
Post-Run: 12,948,201,472 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 7FBC717C5F3DB95D94D026DD5AA610C5

I got a "Found New Hardware Wizard" pop up when the computer rebooted - I just ignored it.
I'm also getting a notice that there are Windows Updates available - again, I have ignored this.

Thanks,

Ian

#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,689 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:06:52 AM

Posted 26 June 2010 - 08:14 AM

Turn off Windows automatic updates as it might lead to unexpected results at this stage:
  • Go to start -> Control Panel -> double-click System to open it.
  • Go to the Automatic Updates tab.
  • Select the "Turn off Automatic Updates" box.
  • Click Apply and then OK.
  • Important: Reboot.

Please post the MBAM log from step 1.

#11 ianworrall

ianworrall
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:52 PM

Posted 26 June 2010 - 08:25 AM

My apologies,

Here is the MBAM log:


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4243

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

26/06/2010 13:24:27
mbam-log-2010-06-26 (13-24-27).txt

Scan type: Quick scan
Objects scanned: 177632
Time elapsed: 7 minute(s), 0 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
C:\WINDOWS\Temp\BN4.tmp (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\Drivers\ntndis.sys (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\ipsecndis.sys (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\Temp\BN4.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

Ian

#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,689 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:06:52 AM

Posted 26 June 2010 - 08:31 AM

Thanks for the log.
  1. Close any open browsers.

    Open notepad (start > All Programs > Accessories > Notepad) and copy/paste the text in the code box below into it:

    CODE
    Driver::
    Partizan
    Registry::
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcccbx]
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljhfgf]
    FCopy::
    c:\windows\ServicePackFiles\i386\user32.dll | c:\windows\system32\user32.dll
    c:\windows\ServicePackFiles\i386\ws2help.dll | c:\windows\system32\ws2help.dll


    Save this as CFScript.txt, in the same location as ComboFix.exe




    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you ( "C:\ComboFix.txt"). Please copy and paste the log to your reply.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall


  2. Please run a quick scan of Malwarebytes again and post the log please.


#13 ianworrall

ianworrall
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:52 PM

Posted 26 June 2010 - 09:07 AM

Hello farbar,

Here is the ComboFix log:


ComboFix 10-06-25.04 - Ian 26/06/2010 14:42:50.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1565 [GMT 1:00]
Running from: c:\documents and settings\Ian\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Ian\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\windows\ServicePackFiles\i386\user32.dll --> c:\windows\system32\user32.dll
c:\windows\ServicePackFiles\i386\ws2help.dll --> c:\windows\system32\ws2help.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PARTIZAN
-------\Service_Partizan


((((((((((((((((((((((((( Files Created from 2010-05-26 to 2010-06-26 )))))))))))))))))))))))))))))))
.

2010-06-26 11:59 . 2010-06-26 11:59 -------- d-----w- c:\program files\Bonjour
2010-06-26 11:30 . 2010-06-26 11:30 -------- d-----w- c:\documents and settings\Ian\Application Data\Malwarebytes
2010-06-26 11:30 . 2010-06-26 11:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-26 11:30 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-26 11:29 . 2010-06-26 11:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-26 11:29 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-24 15:25 . 2010-06-24 15:25 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2010-06-20 07:25 . 2010-06-20 07:25 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-19 22:34 . 2001-08-17 11:50 103296 ----a-w- c:\windows\system32\dllcache\mtxvideo.sys
2010-06-19 22:33 . 2001-08-17 11:12 164586 ----a-w- c:\windows\system32\dllcache\mdgndis5.sys
2010-06-19 22:32 . 2001-08-17 21:36 37376 ----a-w- c:\windows\system32\dllcache\kousd.dll
2010-06-19 22:31 . 2001-08-17 12:47 13056 ----a-w- c:\windows\system32\dllcache\inport.sys
2010-06-19 22:30 . 2001-08-17 11:49 58592 ----a-w- c:\windows\system32\dllcache\i740nt5.sys
2010-06-19 22:29 . 2001-08-17 21:36 68608 ----a-w- c:\windows\system32\dllcache\hpgt53tk.dll
2010-06-19 22:28 . 2001-08-17 21:36 92160 ----a-w- c:\windows\system32\dllcache\fuusd.dll
2010-06-19 22:27 . 2001-08-17 12:28 594238 ----a-w- c:\windows\system32\dllcache\es56hpi.sys
2010-06-19 22:26 . 2001-08-17 11:20 334208 ----a-w- c:\windows\system32\dllcache\ds1wdm.sys
2010-06-19 22:25 . 2001-08-17 21:36 86016 ----a-w- c:\windows\system32\dllcache\dc240usd.dll
2010-06-19 22:24 . 2001-08-17 11:13 49182 ----a-w- c:\windows\system32\dllcache\cem56n5.sys
2010-06-19 22:23 . 2001-08-17 21:36 102400 ----a-w- c:\windows\system32\dllcache\binlsvc.dll
2010-06-19 22:22 . 2001-08-17 13:56 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll
2010-06-19 20:44 . 2010-06-19 20:44 -------- d-----w- c:\program files\Trend Micro
2010-06-19 20:36 . 2010-06-20 09:38 -------- d-----w- c:\program files\CCleaner
2010-06-19 15:16 . 2010-06-19 15:16 -------- d-----w- c:\documents and settings\Ian\Local Settings\Application Data\Threat Expert
2010-06-19 11:26 . 2010-06-19 11:26 -------- d-----w- C:\Rbackup
2010-06-19 11:19 . 2010-06-19 11:19 -------- d-----w- c:\documents and settings\Ian\Application Data\AVG8
2010-06-18 09:05 . 2010-06-18 09:05 -------- d-----w- c:\windows\system32\config\systemprofile\Tracing
2010-06-18 05:42 . 2010-06-18 05:47 -------- d-----w- c:\documents and settings\Ian\Local Settings\Application Data\Tific
2010-06-18 05:33 . 2010-06-18 05:33 -------- d-----w- c:\documents and settings\Ian\Application Data\Tific
2010-06-17 17:21 . 2010-06-17 17:21 -------- d-----w- c:\program files\Windows Sidebar
2010-06-17 17:21 . 2010-06-20 08:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-06-17 17:21 . 2010-06-20 08:49 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-06-17 05:45 . 2008-02-01 11:55 42376 ----a-w- c:\windows\system32\drivers\ikfilesec.sys
2010-06-17 05:45 . 2007-12-10 13:53 29576 ----a-w- c:\windows\system32\drivers\kcom.sys
2010-06-17 05:45 . 2007-12-10 13:53 81288 ----a-w- c:\windows\system32\drivers\iksyssec.sys
2010-06-17 05:45 . 2007-12-10 13:53 66952 ----a-w- c:\windows\system32\drivers\iksysflt.sys
2010-06-16 22:29 . 2010-06-16 22:29 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-06-16 22:02 . 2010-06-20 09:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-06-16 22:02 . 2010-06-16 22:02 -------- d-----w- c:\program files\Alwil Software
2010-06-16 20:28 . 2010-06-16 20:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\GlarySoft
2010-06-16 19:24 . 2010-06-16 19:24 -------- d-----w- c:\documents and settings\Administrator\Application Data\IObit
2010-06-16 19:22 . 2010-06-16 19:22 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-06-16 05:58 . 2010-06-16 05:58 210816 ----a-w- c:\windows\system32\dllcache\ndis.sys
2010-06-16 05:57 . 2010-06-16 05:57 -------- d-----w- c:\documents and settings\Ian\Local Settings\Application Data\fvvexk
2010-06-12 08:40 . 2010-06-12 08:40 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
2010-06-12 00:48 . 2010-06-12 00:48 -------- d-----w- c:\program files\SmartFTP Client
2010-06-12 00:47 . 2010-06-12 00:47 -------- d-----w- c:\program files\SmartFTP Client 4.0 Setup Files
2010-06-11 21:47 . 2010-06-11 23:43 -------- d-----w- C:\LeoTheBorderterrier
2010-06-11 21:33 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-09 05:31 . 2010-06-09 05:31 -------- d-----w- c:\program files\Market Samurai

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-26 12:04 . 2010-05-21 19:01 -------- d-----w- c:\program files\iTunes
2010-06-26 12:03 . 2010-05-21 14:20 -------- d-----w- c:\program files\Common Files\Apple
2010-06-26 11:55 . 2010-06-26 11:55 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-25 04:41 . 2008-11-29 13:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-06-22 22:16 . 2010-06-20 07:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-22 22:09 . 2010-05-19 15:50 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-21 19:24 . 2010-06-21 19:19 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2010-06-21 19:19 . 2010-06-21 19:19 -------- d-----w- c:\program files\Security Task Manager
2010-06-21 18:21 . 2010-06-21 18:21 -------- d-----w- c:\program files\Sophos
2010-06-20 09:47 . 2010-06-20 09:47 -------- d-----w- c:\documents and settings\Administrator\Application Data\Registry Mechanic
2010-06-20 09:44 . 2010-06-20 09:44 -------- d-----w- c:\program files\Common Files\PC Tools
2010-06-20 09:08 . 2010-05-21 07:22 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-06-20 08:51 . 2006-01-09 23:52 -------- d-----w- c:\program files\Norton AntiVirus
2010-06-20 08:49 . 2006-01-09 23:48 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-06-20 08:49 . 2006-01-09 23:53 -------- d-----w- c:\program files\Symantec
2010-06-20 07:27 . 2007-06-11 21:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-06-19 11:45 . 2010-06-19 11:32 112 ----a-w- c:\documents and settings\All Users\Application Data\8STl0L.dat
2010-06-19 11:26 . 2010-05-09 06:26 -------- d-----w- c:\program files\Perfect Uninstaller
2010-06-19 11:17 . 2008-07-27 11:38 -------- d-----w- c:\program files\Flock
2010-06-19 11:17 . 2008-07-27 11:38 -------- d-----w- c:\documents and settings\Ian\Application Data\Flock
2010-06-17 21:36 . 2007-05-17 05:48 -------- d-----w- c:\program files\DivX
2010-06-17 08:17 . 2007-08-25 16:25 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-17 04:59 . 2006-01-09 23:48 -------- d-----w- c:\program files\Conference
2010-06-16 06:04 . 2007-07-10 21:01 -------- d-----w- c:\documents and settings\Ian\Application Data\UseNeXT
2010-06-15 23:27 . 2006-01-09 23:53 -------- d-----w- c:\program files\TechSmith
2010-06-12 08:40 . 2009-09-19 11:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Nuance
2010-06-12 08:40 . 2009-09-19 11:08 -------- d-----w- c:\program files\Nuance
2010-06-12 00:48 . 2006-01-20 19:37 -------- d-----w- c:\documents and settings\Ian\Application Data\SmartFTP
2010-05-30 12:02 . 2010-05-30 11:58 664 ----a-w- c:\documents and settings\Morgan\Local Settings\Application Data\d3d9caps.tmp
2010-05-26 06:52 . 2008-05-29 15:42 -------- d-----w- c:\documents and settings\All Users\Application Data\EPSON
2010-05-25 08:50 . 2009-09-19 11:46 3755 ----a-w- c:\documents and settings\Ian\Application Data\SAS7_000.DAT
2010-05-21 21:18 . 2008-08-03 12:39 88624 ---ha-w- c:\windows\system32\mlfcache.dat
2010-05-21 19:01 . 2010-05-21 19:01 -------- d-----w- c:\program files\iPod
2010-05-21 19:01 . 2006-02-28 08:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-05-21 18:25 . 2006-09-19 22:28 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-05-21 14:24 . 2006-02-28 08:04 -------- d-----w- c:\documents and settings\Ian\Application Data\Apple Computer
2010-05-21 14:24 . 2010-05-21 14:22 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-21 14:22 . 2006-02-28 08:03 -------- d-----w- c:\program files\QuickTime
2010-05-21 14:21 . 2006-12-26 18:58 -------- d-----w- c:\program files\Apple Software Update
2010-05-21 14:04 . 2010-05-21 14:04 -------- d-----w- c:\program files\VS Revo Group
2010-05-21 08:37 . 2008-04-04 22:16 -------- d-----w- c:\documents and settings\Morgan\Application Data\Apple Computer
2010-05-21 08:37 . 2007-06-28 17:54 -------- d-----w- c:\documents and settings\Sarah\Application Data\Apple Computer
2010-05-21 08:37 . 2007-05-14 17:50 -------- d-----w- c:\documents and settings\Matthew\Application Data\Apple Computer
2010-05-21 07:22 . 2010-05-21 07:21 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2010-05-21 07:21 . 2010-05-21 07:21 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-05-21 06:48 . 2006-01-08 17:37 130696 ----a-w- c:\documents and settings\Ian\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-21 02:29 . 2006-01-14 14:50 -------- d-----w- c:\program files\Google
2010-05-21 02:10 . 2010-05-21 02:10 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-05-21 02:01 . 2010-05-21 02:01 -------- d-----w- c:\program files\MSXML 4.0
2010-05-20 20:34 . 2010-05-20 20:34 503808 ----a-w- c:\documents and settings\Sarah\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-439023ac-n\msvcp71.dll
2010-05-20 20:34 . 2010-05-20 20:34 499712 ----a-w- c:\documents and settings\Sarah\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-439023ac-n\jmc.dll
2010-05-20 20:34 . 2010-05-20 20:34 348160 ----a-w- c:\documents and settings\Sarah\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-439023ac-n\msvcr71.dll
2010-05-20 20:34 . 2010-05-20 20:34 61440 ----a-w- c:\documents and settings\Sarah\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5ec2a986-n\decora-sse.dll
2010-05-20 20:34 . 2010-05-20 20:34 12800 ----a-w- c:\documents and settings\Sarah\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5ec2a986-n\decora-d3d.dll
2010-05-20 19:29 . 2009-09-19 07:14 -------- d-----w- c:\documents and settings\Ian\Application Data\GlarySoft
2010-05-20 16:27 . 2009-01-19 20:59 -------- d-----w- c:\documents and settings\Ian\Application Data\IObit
2010-05-19 16:51 . 2006-02-14 23:32 -------- d-----w- c:\program files\Search Automator
2010-05-19 16:49 . 2007-02-20 20:22 -------- d-----w- c:\program files\SEO Elite 4
2010-05-19 16:45 . 2006-01-09 23:52 -------- d-----w- c:\program files\RoboDemo
2010-05-19 16:12 . 2006-01-24 20:15 -------- d-----w- c:\program files\XSite Pro
2010-05-19 16:03 . 2006-09-13 18:59 -------- d-----w- c:\program files\Microsoft Money 2005
2010-05-19 15:50 . 2006-01-08 20:06 -------- d-----w- c:\program files\Macromedia
2010-05-19 15:49 . 2008-05-20 19:44 -------- d-----w- c:\program files\Monarch Report Explorer
2010-05-18 15:35 . 2010-05-18 15:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 15:35 . 2010-05-18 15:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-17 19:24 . 2010-05-17 19:10 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverCure
2010-05-17 19:11 . 2010-05-17 19:10 -------- d-----w- c:\documents and settings\Ian\Application Data\DriverCure
2010-05-17 19:10 . 2010-05-17 19:10 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2010-05-17 18:59 . 2010-05-17 18:59 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2010-05-17 18:11 . 2010-05-17 18:11 -------- d-----w- c:\program files\Domain Samurai
2010-05-17 09:41 . 2007-05-19 06:39 -------- d-----w- c:\documents and settings\Ian\Application Data\DivX
2010-05-17 09:31 . 2010-05-17 09:31 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-05-17 09:31 . 2010-05-17 09:24 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-05-17 09:28 . 2010-05-17 09:28 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-05-17 09:28 . 2010-05-17 09:28 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-05-17 09:28 . 2009-06-18 16:30 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-05-17 09:24 . 2010-05-17 09:24 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-05-17 09:24 . 2010-05-17 09:30 754984 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-05-17 09:24 . 2010-05-17 09:30 1180952 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-05-16 20:09 . 2007-07-10 21:01 -------- d-----w- c:\program files\UseNeXT
2010-05-10 18:25 . 2010-05-10 18:25 -------- d-----w- c:\documents and settings\Morgan\Application Data\Canon
2010-05-10 18:19 . 2006-11-26 16:25 130312 ----a-w- c:\documents and settings\Morgan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-09 07:17 . 2007-05-18 20:44 -------- d-----w- c:\program files\BitComet
2010-05-09 06:34 . 2006-01-09 23:47 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-09 06:21 . 2010-05-09 06:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Innovative Solutions
2010-05-09 05:42 . 2009-01-17 14:33 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-05-09 05:42 . 2008-05-31 12:58 -------- d-----w- c:\documents and settings\Ian\Application Data\bang
2010-05-09 05:42 . 2007-05-17 23:41 -------- d-----w- c:\documents and settings\Ian\Application Data\Vso
2010-05-09 05:42 . 2008-06-23 20:54 -------- d-----w- c:\program files\eTrends
2010-05-09 05:42 . 2007-07-24 09:11 -------- d-----w- c:\program files\EasyDVDVideoCopy
2010-05-09 05:42 . 2006-07-12 14:25 -------- d-----w- c:\program files\HP
2010-05-08 20:38 . 2006-07-08 15:15 -------- d-----w- c:\program files\Keyword Elite
2010-05-08 20:35 . 2010-02-25 07:15 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-05-03 18:35 . 2010-05-03 18:35 -------- d-----w- c:\program files\Ashampoo
2010-05-03 18:31 . 2010-05-03 18:31 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2010-05-02 20:33 . 2010-05-02 20:33 -------- d-----w- c:\documents and settings\Ian\Application Data\Canon
2010-05-02 19:35 . 2010-05-02 19:32 -------- d-----w- c:\program files\Canon
2010-05-02 19:30 . 2010-05-02 19:30 -------- d-----w- c:\program files\Common Files\Canon
2010-05-02 05:22 . 2004-08-10 12:51 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-30 20:15 . 2006-07-20 21:19 130312 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2006-12-13 03:12 . 2010-06-19 11:31 66648 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2006-12-13 03:12 . 2010-06-19 11:31 54352 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2006-12-13 03:12 . 2010-06-19 11:31 34928 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2006-12-13 03:12 . 2010-06-19 11:31 46696 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2006-12-13 03:12 . 2010-06-19 11:31 172120 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2006-07-30 17:47 . 2006-07-30 17:47 13383 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2006-08-06 04:01 . 2006-07-30 17:47 93848 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2008-03-08 09:05 . 2008-03-08 09:05 2 --shatr- c:\windows\winstart.bat
2007-05-16 23:51 . 2006-01-09 00:04 104 --sh--r- c:\windows\system32\492269DF98.sys
2007-05-16 23:51 . 2006-01-09 00:04 5852 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-06-21_21.15.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-26 13:51 . 2010-06-26 13:51 16384 c:\windows\Temp\Perflib_Perfdata_774.dat
+ 2010-06-26 12:00 . 2010-04-19 19:47 41984 c:\windows\system32\DRVSTORE\usbaapl_3822718F9E2E86C3752D30561ECA5A855A4A3F7D\usbaapl.sys
+ 2010-06-26 12:00 . 2010-04-19 19:29 18432 c:\windows\system32\DRVSTORE\netaapl_3A00C5601D92D37DDCB0AE45518D6B42BE1588E6\netaapl.sys
+ 2004-08-10 12:51 . 2008-04-14 00:12 19968 c:\windows\system32\dllcache\ws2help.dll
+ 2004-08-10 12:51 . 2004-08-04 05:00 182912 c:\windows\system32\drivers\ndis.sys
+ 2004-08-10 12:51 . 2008-04-14 00:12 578560 c:\windows\system32\dllcache\user32.dll
+ 2010-06-26 11:58 . 2010-06-26 11:58 807424 c:\windows\Installer\db65e.msi
+ 2010-06-26 12:05 . 2010-06-26 12:05 372736 c:\windows\Installer\{7AB3A249-FB81-416B-917A-A2A10E74C503}\iTunesIco.exe
+ 2010-06-26 12:00 . 2010-04-19 19:47 3062048 c:\windows\system32\DRVSTORE\usbaapl_3822718F9E2E86C3752D30561ECA5A855A4A3F7D\usbaaplrc.dll
+ 2010-06-26 12:00 . 2010-04-19 19:29 1461992 c:\windows\system32\DRVSTORE\netaapl_3A00C5601D92D37DDCB0AE45518D6B42BE1588E6\wdfcoinstaller01009.dll
+ 2010-06-26 12:05 . 2010-06-26 12:05 4820480 c:\windows\Installer\dbea6.msi
+ 2010-06-26 12:00 . 2010-06-26 12:00 3089408 c:\windows\Installer\db6d7.msi
+ 2010-06-26 11:59 . 2010-06-26 11:59 1984000 c:\windows\Installer\db699.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
2004-12-02 18:23 102400 ------w- c:\program files\Creative\MediaSource\Detector\CTDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-02-23 16:19 53248 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-02-19 02:41 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-06-15 15:33 141624 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 20:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"EPSON Stylus Photo R285 Series"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICKE.EXE /FU "c:\docume~1\Ian\LOCALS~1\Temp\E_S25E.tmp" /EF "HKCU"
"EPSON Stylus Photo R285 Series (Copy 1)"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICKE.EXE /FU "c:\windows\TEMP\E_S6FB2.tmp" /EF "HKCU"
"Google Update"="c:\documents and settings\Ian\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"igfxhkcmd"=c:\windows\system32\hkcmd.exe
"igfxtray"=c:\windows\system32\igfxtray.exe
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
"igfxpers"=c:\windows\system32\igfxpers.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"TrayServer"=h:\downloads\Software\Magix Movie Editor\TrayServer.exe
"dla"=c:\windows\system32\dla\tfswctrl.exe
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" /r
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
"SSBkgdUpdate"=c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\SmartFTP\\SmartFTP.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\PPMate\\ppmate.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7881:TCP"= 7881:TCP:BitComet 7881 TCP
"7881:UDP"= 7881:UDP:BitComet 7881 UDP
"24072:TCP"= 24072:TCP:BitComet 24072 TCP
"24072:UDP"= 24072:UDP:BitComet 24072 UDP
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\drivers\VCdRom.sys [18/01/2009 12:02 8576]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [20/06/2010 10:44 632792]
R3 CnxTgN;Conexant AccessRunner PCI ADSL WAN Adapter Driver;c:\windows\system32\drivers\CnxTgN.sys [09/01/2006 23:31 108225]
R3 CnxTgP;Conexant AccessRunner PCI ADSL WAN Adapter Filter Driver;c:\windows\system32\drivers\CnxTgP.sys [09/01/2006 23:31 430687]
R3 CnxTgR;Conexant AccessRunner PCI ADSL Interface Device Driver;c:\windows\system32\drivers\CnxTgR.sys [09/01/2006 23:30 107944]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [06/01/2010 17:11 135664]
S3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;h:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [06/09/2009 06:06 169312]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [17/05/2010 19:59 23456]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;h:\downloads\Software\Common\Database\bin\fbserver.exe [06/02/2010 22:47 1527900]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\7.tmp --> c:\windows\system32\7.tmp [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [02/08/2005 22:10 32512]
S3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc.sys [10/01/2006 00:16 15576]
.
Contents of the 'Scheduled Tasks' folder

2010-06-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]

2010-06-26 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-29 01:20]

2010-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 16:10]

2010-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 16:10]

2010-06-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1328379056-1009142132-44399063-1006Core.job
- c:\documents and settings\Ian\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-24 15:31]

2010-06-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1328379056-1009142132-44399063-1006UA.job
- c:\documents and settings\Ian\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-24 15:31]
.
.
------- Supplementary Scan -------
.
uLocal Page = \blank.htm
uStart Page = hxxp://www.skybroadband.com/
uInternet Connection Wizard,ShellNext = hxxp://www.dell.co.uk/myway
uInternet Settings,ProxyOverride = <local>;*.local
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {{08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com
IE: {{9239E4EC-C9A6-11D2-A844-00C04F68D538}
FF - ProfilePath - c:\documents and settings\Ian\Application Data\Mozilla\Firefox\Profiles\urrx3jl9.default\
FF - component: c:\program files\DAP\DAPFireFox\components\DAPFireFox.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-26 14:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\7.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(800)
c:\program files\SmartFTP Client\en-US\sfShellTools.dll.mui
c:\windows\system32\WPDShServiceObj.dll
c:\program files\SmartFTP\smarthook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Google\Update\1.2.183.29\GoogleCrashHandler.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-06-26 14:57:57 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-26 13:57
ComboFix2.txt 2010-06-26 13:00
ComboFix3.txt 2010-06-21 21:21

Pre-Run: 12,952,956,928 bytes free
Post-Run: 12,922,658,816 bytes free

- - End Of File - - 7506E0BAC4CC2A49208AB81A90BC4503

and here is the MBAM log:


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4243

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

26/06/2010 15:05:07
mbam-log-2010-06-26 (15-05-07).txt

Scan type: Quick scan
Objects scanned: 176991
Time elapsed: 6 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Thanks,

Ian

#14 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,689 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:06:52 AM

Posted 26 June 2010 - 09:24 AM

Well done Ian. thumbup2.gif

You are missing one important program on that computer: An antivirus.
This is somewhat suicidal in today's digital world.
You need to install an antivirus program as soon as you can. I recommend this good free antivirus:

Avira
  • Download the installer from softpedia.com link as it has a secure download mirror. Install and update it.
  • In the left pane click Status. In the right pane click Scan system now.
  • After the scan finished let it remove what it finds and then Click Report.
  • You can get the last report also by clicking on Reports on the left pane.
  • In the right window under Action double-click on the last Scan listed (you see also the corresponding Dat/Time).
  • A window opens, click on Report file.
  • Copy and paste the content of the report to your reply.


#15 ianworrall

ianworrall
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:52 PM

Posted 26 June 2010 - 02:28 PM

Hello farbar,

Sorry for the dealy in response but as you'll see from the report the antivirus scan took over four and a half hours!

Here's the copy of the report:




Avira AntiVir Personal
Report file date: 26 June 2010 15:44

Scanning for 2270810 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : JUST-EXCEL

Version information:
BUILD.DAT : 10.0.0.567 32097 Bytes 4/19/2010 15:07:00
AVSCAN.EXE : 10.0.3.0 433832 Bytes 4/1/2010 12:37:38
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 12:57:04
LUKE.DLL : 10.0.2.3 104296 Bytes 3/7/2010 18:33:04
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/10/2010 23:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 09:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 19:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 17:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 16:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 11:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 14:38:50
VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 14:38:55
VBASE007.VDF : 7.10.7.219 2048 Bytes 6/2/2010 14:38:55
VBASE008.VDF : 7.10.7.220 2048 Bytes 6/2/2010 14:38:55
VBASE009.VDF : 7.10.7.221 2048 Bytes 6/2/2010 14:38:55
VBASE010.VDF : 7.10.7.222 2048 Bytes 6/2/2010 14:38:55
VBASE011.VDF : 7.10.7.223 2048 Bytes 6/2/2010 14:38:56
VBASE012.VDF : 7.10.7.224 2048 Bytes 6/2/2010 14:38:56
VBASE013.VDF : 7.10.8.37 270336 Bytes 6/10/2010 14:38:57
VBASE014.VDF : 7.10.8.69 138752 Bytes 6/14/2010 14:38:57
VBASE015.VDF : 7.10.8.102 130560 Bytes 6/16/2010 14:38:57
VBASE016.VDF : 7.10.8.135 152064 Bytes 6/21/2010 14:38:58
VBASE017.VDF : 7.10.8.163 432128 Bytes 6/23/2010 14:38:59
VBASE018.VDF : 7.10.8.164 2048 Bytes 6/23/2010 14:38:59
VBASE019.VDF : 7.10.8.165 2048 Bytes 6/23/2010 14:38:59
VBASE020.VDF : 7.10.8.166 2048 Bytes 6/23/2010 14:38:59
VBASE021.VDF : 7.10.8.167 2048 Bytes 6/23/2010 14:38:59
VBASE022.VDF : 7.10.8.168 2048 Bytes 6/23/2010 14:38:59
VBASE023.VDF : 7.10.8.169 2048 Bytes 6/23/2010 14:38:59
VBASE024.VDF : 7.10.8.170 2048 Bytes 6/23/2010 14:38:59
VBASE025.VDF : 7.10.8.171 2048 Bytes 6/23/2010 14:38:59
VBASE026.VDF : 7.10.8.172 2048 Bytes 6/23/2010 14:38:59
VBASE027.VDF : 7.10.8.173 2048 Bytes 6/23/2010 14:39:00
VBASE028.VDF : 7.10.8.174 2048 Bytes 6/23/2010 14:39:00
VBASE029.VDF : 7.10.8.175 2048 Bytes 6/23/2010 14:39:00
VBASE030.VDF : 7.10.8.176 2048 Bytes 6/23/2010 14:39:00
VBASE031.VDF : 7.10.8.190 129024 Bytes 6/25/2010 14:39:00
Engineversion : 8.2.4.2
AEVDF.DLL : 8.1.2.0 106868 Bytes 6/26/2010 14:39:08
AESCRIPT.DLL : 8.1.3.33 1356155 Bytes 6/26/2010 14:39:08
AESCN.DLL : 8.1.6.1 127347 Bytes 6/26/2010 14:39:07
AESBX.DLL : 8.1.3.1 254324 Bytes 6/26/2010 14:39:09
AERDL.DLL : 8.1.4.6 541043 Bytes 6/26/2010 14:39:07
AEPACK.DLL : 8.2.2.5 430453 Bytes 6/26/2010 14:39:06
AEOFFICE.DLL : 8.1.1.0 201081 Bytes 6/26/2010 14:39:06
AEHEUR.DLL : 8.1.1.38 2724214 Bytes 6/26/2010 14:39:05
AEHELP.DLL : 8.1.11.6 242038 Bytes 6/26/2010 14:39:02
AEGEN.DLL : 8.1.3.12 377204 Bytes 6/26/2010 14:39:02
AEEMU.DLL : 8.1.2.0 393588 Bytes 6/26/2010 14:39:02
AECORE.DLL : 8.1.15.3 192886 Bytes 6/26/2010 14:39:01
AEBB.DLL : 8.1.1.0 53618 Bytes 6/26/2010 14:39:01
AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 12:03:38
AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 12:03:35
AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 16:47:40
AVREG.DLL : 10.0.3.0 53096 Bytes 4/1/2010 12:35:46
AVSCPLR.DLL : 10.0.3.0 83816 Bytes 4/1/2010 12:39:51
AVARKT.DLL : 10.0.0.14 227176 Bytes 4/1/2010 12:22:13
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 09:53:30
SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 12:57:58
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 15:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 14:41:00
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 13:10:20
RCTEXT.DLL : 10.0.53.0 97128 Bytes 4/9/2010 14:14:29

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, H:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: 26 June 2010 15:44

Starting search for hidden objects.
c:\windows\explorer.exe
c:\WINDOWS\explorer.exe
[NOTE] The process is not visible.
c:\program files\common files\apple\apple application support\distnoted.exe
c:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
[NOTE] The process is not visible.

The scan of running processes will be started
Scan process 'dllhost.exe' - '51' Module(s) have been scanned
Scan process 'dllhost.exe' - '45' Module(s) have been scanned
Scan process 'vssvc.exe' - '48' Module(s) have been scanned
Scan process 'avscan.exe' - '67' Module(s) have been scanned
Scan process 'avcenter.exe' - '63' Module(s) have been scanned
Scan process 'NOTEPAD.EXE' - '27' Module(s) have been scanned
Scan process 'avgnt.exe' - '46' Module(s) have been scanned
Scan process 'sched.exe' - '44' Module(s) have been scanned
Scan process 'avshadow.exe' - '26' Module(s) have been scanned
Scan process 'avguard.exe' - '56' Module(s) have been scanned
Scan process 'ctfmon.exe' - '25' Module(s) have been scanned
Scan process 'chrome.exe' - '40' Module(s) have been scanned
Scan process 'chrome.exe' - '40' Module(s) have been scanned
Scan process 'distnoted.exe' - '28' Module(s) have been scanned
Scan process 'AppleMobileDeviceHelper.exe' - '48' Module(s) have been scanned
Scan process 'iTunes.exe' - '142' Module(s) have been scanned
Scan process 'chrome.exe' - '40' Module(s) have been scanned
Scan process 'chrome.exe' - '83' Module(s) have been scanned
Scan process 'mbam.exe' - '54' Module(s) have been scanned
Scan process 'explorer.exe' - '108' Module(s) have been scanned
Scan process 'iPodService.exe' - '30' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '69' Module(s) have been scanned
Scan process 'rundll32.exe' - '37' Module(s) have been scanned
Scan process 'wscntfy.exe' - '18' Module(s) have been scanned
Scan process 'alg.exe' - '33' Module(s) have been scanned
Scan process 'CALMAIN.exe' - '27' Module(s) have been scanned
Scan process 'svchost.exe' - '41' Module(s) have been scanned
Scan process 'HPZipm12.exe' - '18' Module(s) have been scanned
Scan process 'GoogleCrashHandler.exe' - '24' Module(s) have been scanned
Scan process 'StartManSvc.exe' - '24' Module(s) have been scanned
Scan process 'MDM.EXE' - '21' Module(s) have been scanned
Scan process 'jqs.exe' - '33' Module(s) have been scanned
Scan process 'CTsvcCDA.exe' - '9' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '33' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '33' Module(s) have been scanned
Scan process 'spoolsv.exe' - '71' Module(s) have been scanned
Scan process 'svchost.exe' - '35' Module(s) have been scanned
Scan process 'svchost.exe' - '32' Module(s) have been scanned
Scan process 'svchost.exe' - '161' Module(s) have been scanned
Scan process 'svchost.exe' - '39' Module(s) have been scanned
Scan process 'svchost.exe' - '51' Module(s) have been scanned
Scan process 'lsass.exe' - '58' Module(s) have been scanned
Scan process 'services.exe' - '33' Module(s) have been scanned
Scan process 'winlogon.exe' - '76' Module(s) have been scanned
Scan process 'csrss.exe' - '12' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'H:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '1919' files ).


Starting the file scan:

Begin scan in 'C:\' <Wozza>
C:\Documents and Settings\Ian\Local Settings\Application Data\fvvexk\hmblewu.exe
[DETECTION] Contains recognition pattern of the WORM/VBNA.B.228 worm
C:\Downloads\sdsetup.exe
[DETECTION] Contains recognition pattern of the DR/Keylogger.DQ.6 dropper
C:\Downloads\Keyword Elite\KE_setup1215.exe
[0] Archive type: NSIS
[DETECTION] Contains recognition pattern of the HTML/Silly.Gen HTML script virus
--> [ProgramFilesDir]/Keyword Elite/data0.pack
[1] Archive type: ZIP
--> generator.txt
[DETECTION] Contains recognition pattern of the HTML/Silly.Gen HTML script virus
C:\Downloads\Keyword Elite\KE_setup13170.exe
[0] Archive type: NSIS
[DETECTION] Contains recognition pattern of the HTML/Silly.Gen HTML script virus
--> ProgramFilesDir/data0.pack
[1] Archive type: ZIP
--> generator.txt
[DETECTION] Contains recognition pattern of the HTML/Silly.Gen HTML script virus
C:\Program Files\Norton AntiVirus\Quarantine\2F8356DE.zip
[0] Archive type: HIDDEN
[DETECTION] Contains recognition pattern of the WORM/Netsky.HB worm
--> FIL\\\?\C:\Program Files\Norton AntiVirus\Quarantine\2F8356DE.zip
[DETECTION] Contains recognition pattern of the WORM/Netsky.HB worm
C:\Program Files\VideoEgg\updater.exe
[DETECTION] Is the TR/Dldr.Agent.ZDO.49 Trojan
C:\Qoobox\Quarantine\C\file.exe.vir
[0] Archive type: NSIS
[DETECTION] Is the TR/Dropper.Gen Trojan
--> [PluginsDir]/ic9.exe
[DETECTION] Is the TR/PCK.Tdss.Z.6107 Trojan
--> [PluginsDir]/EuroP.exe
[DETECTION] Is the TR/CodecPack.ldk Trojan
--> [PluginsDir]/E4U.exe
[DETECTION] Is the TR/Dldr.Ursnif.F Trojan
--> [PluginsDir]/Gi.exe
[DETECTION] Is the TR/Crypt.CFI.Gen Trojan
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\UQNtQ1CD.exe.vir
[DETECTION] Is the TR/Dldr.Stration.Gen Trojan
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\UQNtQ1CD.exe_.vir
[DETECTION] Is the TR/Dldr.Stration.Gen Trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Ian\Application Data\347.exe.vir
[DETECTION] Is the TR/Alureon.CO.67 Trojan
C:\Qoobox\Quarantine\C\WINDOWS\Vwabea.exe.vir
[DETECTION] Is the TR/PCK.Katusha.N.168 Trojan
C:\Qoobox\Quarantine\C\WINDOWS\Fonts\53fgl5M.com.vir
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\ernel32.dll.vir
[DETECTION] Is the TR/Alureon.CO.67 Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\msxsltsso.dll.vir
[DETECTION] Is the TR/Agent.42496.BD Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\regedit.exe.vir
[DETECTION] Is the TR/VBKrypt.aum Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\user32.dll.vir
[DETECTION] Is the TR/Patched.GQ.10 Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\imapi.sys.vir
[DETECTION] Is the TR/Patched.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\ndis.sys.vir
[DETECTION] Contains recognition pattern of the RKIT/Protector.BC root kit
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\tnnzjor.sys.vir
[DETECTION] Is the TR/Rootkit.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\_tnnzjor_.sys.zip
[0] Archive type: ZIP
[DETECTION] Is the TR/Rootkit.Gen Trojan
--> tnnzjor.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\A0008240.dll
[DETECTION] Is the TR/Alureon.CO.67 Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\A0009240.dll
[DETECTION] Is the TR/Agent.42496.BD Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\A0009498.dll
[DETECTION] Is the TR/Alureon.CO.67 Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\A0009529.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\A0009579.dll
[DETECTION] Is the TR/Alureon.CO.67 Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\A0009586.dll
[DETECTION] Is the TR/Alureon.CO.67 Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\A0009643.dll
[DETECTION] Is the TR/Alureon.CO.67 Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\A0009861.dll
[DETECTION] Is the TR/Alureon.CO.67 Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\A0012416.dll
[DETECTION] Is the TR/Alureon.CO.67 Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\A0012885.dll
[DETECTION] Is the TR/Alureon.CO.67 Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\A0013053.dll
[DETECTION] Is the TR/Alureon.CO.67 Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP5\A0013694.dll
[DETECTION] Is the TR/Alureon.CO.67 Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP5\A0014694.dll
[DETECTION] Is the TR/Alureon.CO.67 Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0015694.dll
[DETECTION] Is the TR/Alureon.CO.67 Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0015794.dll
[DETECTION] Is the TR/Alureon.CO.67 Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0015812.sys
[DETECTION] Is the TR/Patched.Gen Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0015905.exe
[DETECTION] Is the TR/Dldr.Stration.Gen Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0015906.exe
[DETECTION] Is the TR/Alureon.CO.67 Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0015912.exe
[0] Archive type: NSIS
[DETECTION] Is the TR/Dropper.Gen Trojan
--> [PluginsDir]/ic9.exe
[DETECTION] Is the TR/PCK.Tdss.Z.6107 Trojan
--> [PluginsDir]/EuroP.exe
[DETECTION] Is the TR/CodecPack.ldk Trojan
--> [PluginsDir]/E4U.exe
[DETECTION] Is the TR/Dldr.Ursnif.F Trojan
--> [PluginsDir]/Gi.exe
[DETECTION] Is the TR/Crypt.CFI.Gen Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0015915.com
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0015941.dll
[DETECTION] Is the TR/Agent.42496.BD Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0015948.exe
[DETECTION] Is the TR/VBKrypt.aum Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0015964.exe
[DETECTION] Is the TR/PCK.Katusha.N.168 Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0015970.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0016141.dll
[DETECTION] Is the TR/Agent.131072.W Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016302.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016303.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016304.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016305.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016306.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016307.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016308.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016309.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016310.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016311.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016312.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016313.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016314.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016315.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016316.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016317.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016318.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016319.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016320.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016321.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016322.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016323.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016324.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016325.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016326.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016332.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016333.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016334.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016335.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016336.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016337.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016338.ax
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016339.dll
[DETECTION] Is the TR/Drop.Softomat.AN Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016340.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016341.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016342.ax
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016343.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016348.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016349.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016350.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016351.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016352.ax
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016353.dll
[DETECTION] Is the TR/Drop.Softomat.AN Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016354.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016355.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016356.ax
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016357.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016359.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016360.dll
[DETECTION] Is the TR/Drop.Softomat.AN Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016361.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016362.dll
[DETECTION] Is the TR/Drop.Softomat.AN Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016363.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016367.sys
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016696.sys
[DETECTION] Contains recognition pattern of the RKIT/Protector.BC root kit
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016867.dll
[DETECTION] Is the TR/Patched.GQ.10 Trojan
C:\WINDOWS\system32\axaccessctrl1.ocx
[0] Archive type: RSRC
[DETECTION] Is the TR/Agent.crt.1 Trojan
--> Object
[DETECTION] Is the TR/Agent.crt.1 Trojan
--> Object
[DETECTION] Is the TR/Agent.afi.30 Trojan
C:\WINDOWS\system32\dllcache\ndis.sys
[DETECTION] Contains recognition pattern of the RKIT/Protector.BC root kit
Begin scan in 'H:\' <FreeAgent Drive>
H:\Downloads\ADBEPHSPCS4_LS1.7z
[WARNING] Insufficient memory. The file was not scanned.
H:\Downloads\Software\ADBEPHSPCS4_LS1.7z
[WARNING] Insufficient memory. The file was not scanned.
H:\Downloads\Software\Camtasia\keygen.exe
[DETECTION] Is the TR/Agent.180736.E Trojan
H:\Downloads\Software\Camtasia\ztcs6011.zip
[0] Archive type: ZIP
[DETECTION] Is the TR/Agent.180736.E Trojan
--> zwt.part01.rar
[1] Archive type: RAR
--> keygen.exe
[DETECTION] Is the TR/Agent.180736.E Trojan
H:\Downloads\Software\Camtasia\zwt.part01.rar
[0] Archive type: RAR
[DETECTION] Is the TR/Agent.180736.E Trojan
--> keygen.exe
[DETECTION] Is the TR/Agent.180736.E Trojan
H:\Downloads\Software\Dreamweaver\New Folder\ADBEDRWVCS4_LS1.7z
[WARNING] Insufficient memory. The file was not scanned.
H:\Downloads\Software\SnagIt\keygen.exe
[DETECTION] Is the TR/Agent.147456.BQ Trojan
H:\Downloads\Software\SnagIt\ztsi9101.zip
[0] Archive type: ZIP
[DETECTION] Is the TR/Agent.147456.BQ Trojan
--> zwt.part1.rar
[1] Archive type: RAR
--> keygen.exe
[DETECTION] Is the TR/Agent.147456.BQ Trojan
H:\Downloads\Software\SnagIt\zwt.part1.rar
[0] Archive type: RAR
[DETECTION] Is the TR/Agent.147456.BQ Trojan
--> keygen.exe
[DETECTION] Is the TR/Agent.147456.BQ Trojan
H:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\A0008229.exe
[DETECTION] Contains recognition pattern of the DR/Dldr.Agent.ciqh.100 dropper
--> [PluginsDir]/BPFull.exe
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper

Beginning disinfection:
H:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\A0008229.exe
[DETECTION] Contains recognition pattern of the DR/Dldr.Agent.ciqh.100 dropper
[NOTE] The file was moved to the quarantine directory under the name '4633f0fe.qua'.
H:\Downloads\Software\SnagIt\zwt.part1.rar
[DETECTION] Is the TR/Agent.147456.BQ Trojan
[NOTE] The file was moved to the quarantine directory under the name '5e68df81.qua'.
H:\Downloads\Software\SnagIt\ztsi9101.zip
[DETECTION] Is the TR/Agent.147456.BQ Trojan
[NOTE] The file was moved to the quarantine directory under the name '0c348576.qua'.
H:\Downloads\Software\SnagIt\keygen.exe
[DETECTION] Is the TR/Agent.147456.BQ Trojan
[NOTE] The file was moved to the quarantine directory under the name '6a05ca85.qua'.
H:\Downloads\Software\Camtasia\zwt.part01.rar
[DETECTION] Is the TR/Agent.180736.E Trojan
[NOTE] The file was moved to the quarantine directory under the name '2f84e797.qua'.
H:\Downloads\Software\Camtasia\ztcs6011.zip
[DETECTION] Is the TR/Agent.180736.E Trojan
[NOTE] The file was moved to the quarantine directory under the name '508cd5f5.qua'.
H:\Downloads\Software\Camtasia\keygen.exe
[DETECTION] Is the TR/Agent.180736.E Trojan
[NOTE] The file was moved to the quarantine directory under the name '1c22f9ae.qua'.
C:\WINDOWS\system32\dllcache\ndis.sys
[DETECTION] Contains recognition pattern of the RKIT/Protector.BC root kit
[NOTE] The file was moved to the quarantine directory under the name '602ab9ff.qua'.
C:\WINDOWS\system32\axaccessctrl1.ocx
[DETECTION] Is the TR/Agent.afi.30 Trojan
[NOTE] The file was moved to the quarantine directory under the name '4d7896a6.qua'.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016867.dll
[DETECTION] Is the TR/Patched.GQ.10 Trojan
[NOTE] The file was moved to the quarantine directory under the name '54c1ade5.qua'.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016696.sys
[DETECTION] Contains recognition pattern of the RKIT/Protector.BC root kit
[NOTE] The file was moved to the quarantine directory under the name '389d81d5.qua'.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016367.sys
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '4924b840.qua'.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016363.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '473e8887.qua'.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016362.dll
[DETECTION] Is the TR/Drop.Softomat.AN Trojan
[NOTE] The file was moved to the quarantine directory under the name '0217f1c5.qua'.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016361.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '0b1cf56e.qua'.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016360.dll
[DETECTION] Is the TR/Drop.Softomat.AN Trojan
[NOTE] The file was moved to the quarantine directory under the name '535dec07.qua'.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016359.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '7fa995cb.qua'.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016357.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '4157f511.qua'.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016356.ax
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '2259de62.qua'.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016355.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '04919e7f.qua'.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016354.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '3605e5da.qua'.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016353.dll
[DETECTION] Is the TR/Drop.Softomat.AN Trojan
[NOTE] The file was moved to the quarantine directory under the name '3c40cea4.qua'.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016352.ax
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '0313aae1.qua'.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016351.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '7d3fa6c6.qua'.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016350.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '2847a20d.qua'.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016349.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '25d1d325.qua'.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016348.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '398cc72c.qua'.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016343.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '085f8ae1.qua'.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016342.ax
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '64099ed7.qua'.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016341.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '2d93bbd1.qua'.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016340.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '7606b31f.qua'.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016339.dll
[DETECTION] Is the TR/Drop.Softomat.AN Trojan
[NOTE] The file was moved to the quarantine directory under the name '10b4bff6.qua'.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016338.ax
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '473acd5e.qua'.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016337.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '654a9a2a.qua'.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016336.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '0d5ae0bc.qua'.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016335.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '2d2ce439.qua'.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016334.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '7808a28d.qua'.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016333.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '19288332.qua'.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016332.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '7c84c1b9.qua'.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016326.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '1953b518.qua'.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016325.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '0ab7898b.qua'.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016324.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '180ef536.qua'.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016323.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '0f5e9684.qua'.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016322.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '557ca414.qua'.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016321.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '7071de00.qua'.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016320.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '042ac673.qua'.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016319.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '262894ff.qua'.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016318.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '53bbece6.qua'.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016317.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '78ecb0e6.qua'.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016316.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '1f8bf859.qua'.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016315.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '54fbc14f.qua'.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016314.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '5405cb1e.qua'.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016313.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '1eaa9e0e.qua'.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016312.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '7083b1c6.qua'.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016311.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '3da3efb6.qua'.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016310.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '5587c88d.qua'.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016309.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '2f36f245.qua'.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016308.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '5e64ae00.qua'.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016307.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '2e838410.qua'.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016306.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '55f3f845.qua'.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016305.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '1ba88b2f.qua'.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016304.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '65d3f009.qua'.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016303.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '1149d87a.qua'.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016302.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '1a7d8413.qua'.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0016141.dll
[DETECTION] Is the TR/Agent.131072.W Trojan
[NOTE] The file was moved to the quarantine directory under the name '49a597d1.qua'.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0015970.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '2cccbcbb.qua'.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0015964.exe
[DETECTION] Is the TR/PCK.Katusha.N.168 Trojan
[NOTE] The file was moved to the quarantine directory under the name '0437ec19.qua'.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0015948.exe
[DETECTION] Is the TR/VBKrypt.aum Trojan
[NOTE] The file was moved to the quarantine directory under the name '7094b5a3.qua'.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0015941.dll
[DETECTION] Is the TR/Agent.42496.BD Trojan
[NOTE] The file was moved to the quarantine directory under the name '3f99cd2a.qua'.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0015915.com
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '004d948f.qua'.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0015912.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '7a7b9739.qua'.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0015906.exe
[DETECTION] Is the TR/Alureon.CO.67 Trojan
[NOTE] The file was moved to the quarantine directory under the name '2a739049.qua'.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0015905.exe
[DETECTION] Is the TR/Dldr.Stration.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '7c7b9a0b.qua'.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0015812.sys
[DETECTION] Is the TR/Patched.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '3bcb9ed8.qua'.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0015794.dll
[DETECTION] Is the TR/Alureon.CO.67 Trojan
[NOTE] The file was moved to the quarantine directory under the name '1887f05a.qua'.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0015694.dll
[DETECTION] Is the TR/Alureon.CO.67 Trojan
[NOTE] The file was moved to the quarantine directory under the name '5f0cd9b4.qua'.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP5\A0014694.dll
[DETECTION] Is the TR/Alureon.CO.67 Trojan
[NOTE] The file was moved to the quarantine directory under the name '2d688a20.qua'.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP5\A0013694.dll
[DETECTION] Is the TR/Alureon.CO.67 Trojan
[NOTE] The file was moved to the quarantine directory under the name '0607c936.qua'.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\A0013053.dll
[DETECTION] Is the TR/Alureon.CO.67 Trojan
[NOTE] The file was moved to the quarantine directory under the name '459ec789.qua'.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\A0012885.dll
[DETECTION] Is the TR/Alureon.CO.67 Trojan
[NOTE] The file was moved to the quarantine directory under the name '0f50beb1.qua'.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\A0012416.dll
[DETECTION] Is the TR/Alureon.CO.67 Trojan
[NOTE] The file was moved to the quarantine directory under the name '0218a011.qua'.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\A0009861.dll
[DETECTION] Is the TR/Alureon.CO.67 Trojan
[NOTE] The file was moved to the quarantine directory under the name '2df2e8fe.qua'.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\A0009643.dll
[DETECTION] Is the TR/Alureon.CO.67 Trojan
[NOTE] The file was moved to the quarantine directory under the name '1236a194.qua'.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\A0009586.dll
[DETECTION] Is the TR/Alureon.CO.67 Trojan
[NOTE] The file was moved to the quarantine directory under the name '2dd1b70e.qua'.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\A0009579.dll
[DETECTION] Is the TR/Alureon.CO.67 Trojan
[NOTE] The file was moved to the quarantine directory under the name '4808e7d9.qua'.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\A0009529.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '6e29c0b3.qua'.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\A0009498.dll
[DETECTION] Is the TR/Alureon.CO.67 Trojan
[NOTE] The file was moved to the quarantine directory under the name '628493cb.qua'.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\A0009240.dll
[DETECTION] Is the TR/Agent.42496.BD Trojan
[NOTE] The file was moved to the quarantine directory under the name '57eee512.qua'.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\A0008240.dll
[DETECTION] Is the TR/Alureon.CO.67 Trojan
[NOTE] The file was moved to the quarantine directory under the name '2ccee258.qua'.
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\_tnnzjor_.sys.zip
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '0a0ce7a7.qua'.
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\tnnzjor.sys.vir
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '6681aa7b.qua'.
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\ndis.sys.vir
[DETECTION] Contains recognition pattern of the RKIT/Protector.BC root kit
[NOTE] The file was moved to the quarantine directory under the name '46f6bfdc.qua'.
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\imapi.sys.vir
[DETECTION] Is the TR/Patched.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '21f9d527.qua'.
C:\Qoobox\Quarantine\C\WINDOWS\system32\user32.dll.vir
[DETECTION] Is the TR/Patched.GQ.10 Trojan
[NOTE] The file was moved to the quarantine directory under the name '5c33b6cf.qua'.
C:\Qoobox\Quarantine\C\WINDOWS\system32\regedit.exe.vir
[DETECTION] Is the TR/VBKrypt.aum Trojan
[NOTE] The file was moved to the quarantine directory under the name '000eb9ce.qua'.
C:\Qoobox\Quarantine\C\WINDOWS\system32\msxsltsso.dll.vir
[DETECTION] Is the TR/Agent.42496.BD Trojan
[NOTE] The file was moved to the quarantine directory under the name '4842822e.qua'.
C:\Qoobox\Quarantine\C\WINDOWS\system32\ernel32.dll.vir
[DETECTION] Is the TR/Alureon.CO.67 Trojan
[NOTE] The file was moved to the quarantine directory under the name '2690efd1.qua'.
C:\Qoobox\Quarantine\C\WINDOWS\Fonts\53fgl5M.com.vir
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '034fb1b6.qua'.
C:\Qoobox\Quarantine\C\WINDOWS\Vwabea.exe.vir
[DETECTION] Is the TR/PCK.Katusha.N.168 Trojan
[NOTE] The file was moved to the quarantine directory under the name '712da1d6.qua'.
C:\Qoobox\Quarantine\C\Documents and Settings\Ian\Application Data\347.exe.vir
[DETECTION] Is the TR/Alureon.CO.67 Trojan
[NOTE] The file was moved to the quarantine directory under the name '1f0c9de6.qua'.
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\UQNtQ1CD.exe_.vir
[DETECTION] Is the TR/Dldr.Stration.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '71dda5e1.qua'.
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\UQNtQ1CD.exe.vir
[DETECTION] Is the TR/Dldr.Stration.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '0fcffc0a.qua'.
C:\Qoobox\Quarantine\C\file.exe.vir
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '16a6ac98.qua'.
C:\Program Files\VideoEgg\updater.exe
[DETECTION] Is the TR/Dldr.Agent.ZDO.49 Trojan
[NOTE] The file was moved to the quarantine directory under the name '0641c344.qua'.
C:\Program Files\Norton AntiVirus\Quarantine\2F8356DE.zip
[DETECTION] Contains recognition pattern of the WORM/Netsky.HB worm
[NOTE] The file was moved to the quarantine directory under the name '1f1cce61.qua'.
C:\Downloads\Keyword Elite\KE_setup13170.exe
[DETECTION] Contains recognition pattern of the HTML/Silly.Gen HTML script virus
[NOTE] The file was moved to the quarantine directory under the name '5e99933d.qua'.
C:\Downloads\Keyword Elite\KE_setup1215.exe
[DETECTION] Contains recognition pattern of the HTML/Silly.Gen HTML script virus
[NOTE] The file was moved to the quarantine directory under the name '501dc75b.qua'.
C:\Downloads\sdsetup.exe
[DETECTION] Contains recognition pattern of the DR/Keylogger.DQ.6 dropper
[NOTE] The file was moved to the quarantine directory under the name '7c58c7a5.qua'.
C:\Documents and Settings\Ian\Local Settings\Application Data\fvvexk\hmblewu.exe
[DETECTION] Contains recognition pattern of the WORM/VBNA.B.228 worm
[NOTE] The file was moved to the quarantine directory under the name '4abfe808.qua'.


End of the scan: 26 June 2010 20:26
Used time: 4:34:33 Hour(s)

The scan has been done completely.

25900 Scanned directories
1420393 Files were scanned
119 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
109 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
1420274 Files not concerned
19040 Archives were scanned
3 Warnings
109 Notes
969806 Objects were scanned with rootkit scan
2 Hidden objects were found


Ian




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users