Hardware and Software
>
Microsoft Windows
>
Viruses, Spyware and other Nasties
>
Red X on C Drive ( Vundo ?) Help Please
Have something to say? Contribute New Article Reply to this Article Red X on C Drive ( Vundo ?) Help Please
We have been infected with a virus that we cant seem to shift. After trawling through various sites we think we have the Vundo Virus.
We have a big red X in "my computer" where the C: drive is and have had a load of tmf files where present on are computer. The PC is running very slow as a result and we are strugling to get rid of it.
If anyone can help we would most gratefull. We have ran a Hijackthis,Malware and SDFIX and have attached the logs below. can anyone help?
thanks
HijackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:15:01, on 04/04/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\USBDRIVE\shwicon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sha123.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [BMf7d4f0fe] Rundll32.exe "C:\WINDOWS\System32\mujtijws.dll",s
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ShowIcon_Justrams_USB Drives Driver v1.19r020] "C:\Program Files\USBDRIVE\shwicon.exe" -t"Justrams\USB Drives Driver v1.19r020"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunesHelper.exe"
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\musik.exe" /pause
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - http://www.winkflash.co.uk/photo/loaders/SAXFile.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.co.uk/SnapfishUKActivia.cab
O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader_uni.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://upload.mediamax.com/Upload/XUpload.ocx
O20 - Winlogon Notify: xcttgs - xcttgs.dll (file missing)
O23 - Service: Ares Chatroom server (AresChatServer) - Unknown owner - C:\Program Files\Ares\chatServer.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:\program files\mcafee.com\agent\mcdetect.exe (file missing)
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - Unknown owner - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe (file missing)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
--
End of file - 9973 bytes
Malware
Malwarebytes' Anti-Malware 1.10
Database version: 591
Scan type: Full Scan (A:\|C:\|D:\|)
Objects scanned: 105858
Time elapsed: 1 hour(s), 25 minute(s), 42 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{07c7156e-d651-4acc-9ad3-498c916e9651} (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\System Volume Information\_restore{833EE25F-3A47-41DF-B27D-017FE19594C7}\RP1133\A0287708.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{833EE25F-3A47-41DF-B27D-017FE19594C7}\RP1133\A0288037.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Desktop\Help and Support Center.lnk (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Desktop\Help and Support Center.lnk (Rogue.Link) -> Quarantined and deleted successfully.
SDFix
SDFix: Version 1.166
Run by Dee on 04/04/2008 at 19:12
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\DOCUME~1\Dee\Desktop\SDFix\SDFix
Checking Services :
/
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
C:\WINDOWS\mrofinu1188.exe.tmp - Deleted
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-04 19:24:15
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\00003a689a74]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00003a689a74]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00003a689a74]
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
Remaining Files :
File Backups: - C:\DOCUME~1\Dee\Desktop\SDFix\SDFix\backups\backups.zip
Files with Hidden Attributes :
Fri 23 Feb 2007 56 ..SHR --- "C:\WINDOWS\system32\8616203188.sys"
Fri 23 Feb 2007 56 ..SHR --- "C:\WINDOWS\system32\B085F86352.sys"
Mon 30 Jul 2007 15,488 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Wed 10 Nov 2004 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 26 Apr 2006 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv10.bak"
Wed 10 Nov 2004 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv19.bak"
Sat 23 Oct 2004 400 ..SH. --- "C:\Documents and Settings\All Users\DRM\v2ks.bla.bak"
Sat 23 Oct 2004 48 ..SH. --- "C:\Documents and Settings\All Users\DRM\v2ks.sec.bak"
Thu 1 Dec 2005 30,208 ...H. --- "C:\Documents and Settings\Dee\My Documents\~WRL0003.tmp"
Thu 1 Feb 2007 464,896 ...H. --- "C:\Documents and Settings\Dee\My Documents\~WRL2168.tmp"
Mon 9 Aug 2004 51,040 A..HR --- "C:\WINDOWS\system32\drivers\slabbus.sys"
Mon 9 Aug 2004 6,112 A..HR --- "C:\WINDOWS\system32\drivers\slabcm.sys"
Mon 9 Aug 2004 6,112 A..HR --- "C:\WINDOWS\system32\drivers\slabcmnt.sys"
Mon 9 Aug 2004 82,768 A..HR --- "C:\WINDOWS\system32\drivers\slabser.sys"
Mon 9 Aug 2004 5,776 A..HR --- "C:\WINDOWS\system32\drivers\slabwh.sys"
Mon 9 Aug 2004 5,776 A..HR --- "C:\WINDOWS\system32\drivers\slabwhnt.sys"
Mon 6 Feb 2006 114,176 A..H. --- "C:\Documents and Settings\j\My Documents\homework\~WRL0805.tmp"
Mon 6 Feb 2006 114,176 A..H. --- "C:\Documents and Settings\j\My Documents\homework\~WRL1287.tmp"
Tue 31 Jan 2006 37,376 A..H. --- "C:\Documents and Settings\j\My Documents\homework\~WRL1613.tmp"
Mon 6 Feb 2006 47,104 A..H. --- "C:\Documents and Settings\j\My Documents\homework\~WRL3251.tmp"
Thu 19 Aug 2004 1,740 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\ccReg.reg"
Thu 19 Aug 2004 274,904 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\CommonClient.reg"
Thu 19 Aug 2004 158,410 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\IAM.reg"
Wed 10 Nov 2004 4,348 ...H. --- "C:\Documents and Settings\j\My Documents\My Music\License Backup\drmv1key.bak"
Sat 23 Feb 2008 782 A..H. --- "C:\Documents and Settings\j\My Documents\My Music\License Backup\drmv1lic.bak"
Mon 19 Dec 2005 576 A.SH. --- "C:\Documents and Settings\j\My Documents\My Music\License Backup\drmv2key.bak"
Finished!
try spybot search and destroy
http://www.safer-networking.org/en/index.html
and adaware
http://www.lavasoft.com/
O20 - Winlogon Notify: xcttgs - C:\WINDOWS\SYSTEM32\xcttgs.dll
found this one its a version of Haxdoor.
here is the link for the fix.
http://users.telenet.be/marcvn/tools/haxfix.exe
I've never used this one so I don't know how effective it is
good luck I'll keep look to see if I find more in your file
you should also try ComboFix
here is the link and instruction on how to use it
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
SP1 (6.00.2800.1106)?? Your OS is very old, outdated and very naked on the web - it is a sitting duck without the SP2 security upgrade.
But we must clean you before you upgrade.
Before we go any further please uninstall either Avast or AVG antivirus - they likely will conflict and the result is unpredictable.
Done it? Okay...
[There are traces of Symantec's AV there too but they may be removed later. Oh, there are some bits of MAfee also...!].
Start hijackthis, select Scan Only, place checkmarks against all the entries listed below that still exist, and then press Fix Checked.
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [BMf7d4f0fe] Rundll32.exe "C:\WINDOWS\System32\mujtijws.dll",s
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O20 - Winlogon Notify: xcttgs - xcttgs.dll (file missing)
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:\program files\mcafee.com\agent\mcdetect.exe (file missing)
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - Unknown owner - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe (file missing)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
Good. Now go Start, run, and paste in these lines:
sc delete McDetect.exe
sc delete McTskshd.exe
sc delete mcupdmgr.exe
=Go Start, run, type services.msc -and press Enter. Maximise the window and at foot select Extended tab, scroll to the iPod Service, rclick it, select properties. Write down the exact Service Name. Press Stop if it is highlighted [you may have to set the service to Disable first]. Close Services, now type this line into the run text box and press Enter:
sc delete "exact Service Name" - don't be silly now....
Search for and delete this file:
C:\WINDOWS\System32\mujtijws.dll
Check the properties of these two files - if they are unsigned I suggest you delete them:
C:\WINDOWS\system32\8616203188.sys
C:\WINDOWS\system32\B085F86352.sys
-they have hashed filenames and that is suspicious...
Delete this folder:
C:\Program Files\Google\ -it appears to be all that remains of the toolbar? If you have not done so already, then uninstall it [optional, it aint all bad...]
Go to the Symantec website and dl and run the uninstaller tool for the version of Symantec AV that you had.
Now for that red cross:
I'd like to look at a key in your registry; this will do that, and then delete it.
==Please copy the text between the lines to a notepad [format/wordwrap unchecked] and save as showkey.bat, as type "all files", to your desktop; dclick it to run, then post the file C:\showkey.txt
__________________________________________________________
reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Drive Icons" /s >C:\showkey.txt
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Drive Icons" /f
start C:\showkey.txt
__________________________________________________________
A black command window will flash and then a notepad should pop on your desktop. If it is blank just say so, else post it. Delete showkey.bat.
Open a fresh explorer window [my computer]....
SP1 (6.00.2800.1106)?? Your OS is very old, outdated and very naked on the web - it is a sitting duck without the SP2 security upgrade.
But we must clean you before you upgrade.
Before we go any further please uninstall either Avast or AVG antivirus - they likely will conflict and the result is unpredictable.
Done it? Okay...
[There are traces of Symantec's AV there too but they may be removed later. Oh, there are some bits of MAfee also...!].Start hijackthis, select Scan Only, place checkmarks against all the entries listed below that still exist, and then press Fix Checked.
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [BMf7d4f0fe] Rundll32.exe "C:\WINDOWS\System32\mujtijws.dll",s
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O20 - Winlogon Notify: xcttgs - xcttgs.dll (file missing)
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:\program files\mcafee.com\agent\mcdetect.exe (file missing)
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - Unknown owner - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe (file missing)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)Good. Now go Start, run, and paste in these lines:
sc delete McDetect.exe
sc delete McTskshd.exe
sc delete mcupdmgr.exe
=Go Start, run, type services.msc -and press Enter. Maximise the window and at foot select Extended tab, scroll to the iPod Service, rclick it, select properties. Write down the exact Service Name. Press Stop if it is highlighted [you may have to set the service to Disable first]. Close Services, now type this line into the run text box and press Enter:
sc delete "exact Service Name" - don't be silly now....Search for and delete this file:
C:\WINDOWS\System32\mujtijws.dll
Check the properties of these two files - if they are unsigned I suggest you delete them:
C:\WINDOWS\system32\8616203188.sys
C:\WINDOWS\system32\B085F86352.sys
-they have hashed filenames and that is suspicious...
Delete this folder:
C:\Program Files\Google\ -it appears to be all that remains of the toolbar? If you have not done so already, then uninstall it [optional, it aint all bad...]
Go to the Symantec website and dl and run the uninstaller tool for the version of Symantec AV that you had.
Now for that red cross:
I'd like to look at a key in your registry; this will do that, and then delete it.
==Please copy the text between the lines to a notepad [format/wordwrap unchecked] and save as showkey.bat, as type "all files", to your desktop; dclick it to run, then post the file C:\showkey.txt
__________________________________________________________
reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Drive Icons" /s >C:\showkey.txt
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Drive Icons" /f
start C:\showkey.txt
__________________________________________________________A black command window will flash and then a notepad should pop on your desktop. If it is blank just say so, else post it. Delete showkey.bat.
Open a fresh explorer window [my computer]....
hi
I followed the instructions up to this point where I entered the specified text into the notepad and saved it on the desktop, i then ran the program and the notepad was blank?? the red x is still present on the c drive
Dee, I am still fishing for a solution to this one.... it seems to be the result of a vundo infection. That batch file was to check one possible source of the problem, turns out not to be it, so the notepad was blank [you just did not have that key]. Sometimes you have to be a guineapig, malwares get improved to stay in the game.
==Download this file to your desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- to run it dclick combofix.exe and follow the prompts to start it. When finished, it will produce a log, C:\Combofix.txt - post that log in your next reply.
A word of caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs reboot to restore the desktop.
Post a fresh hijackthis scan alos, please, Dee.
Dee, could you also do this please:
==Please copy the text in the box to a notepad [format/wordwrap unchecked] and save as showkey.bat, as type "all files", to your desktop; dclick it to run, then post the file C:\showkey.txt
reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Drive Icons" /s >C:\showkey.txt
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Drive Icons" /f
start C:\showkey.txt
If that notepad is not empty then the red cross problem may be solved [you may have to restart...].
HI Gerbil please find the logs you requested below. I appreciate all the advice you have given as I am new to this - perhaps you can tell me when it`s time to cut to the chase and say lets wipe the computer and reload Xp, although this is daunting we seem to have had problems for some time - maybe because of the inadequate operating system as you have already indicated. Any advice would be helpful
Many Thanks
Dee
ComboFix 08-04-09.9 - Dee 2008-04-10 16:31:18.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.79 [GMT 1:00]
Running from: C:\Documents and Settings\Dee\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-03-10 to 2008-04-10 )))))))))))))))))))))))))))))))
.
2008-04-08 13:52 . 2008-04-08 13:52 d---s---- C:\Documents and Settings\LocalService\UserData
2008-04-04 19:36 . 2008-04-04 19:36 d-------- C:\Documents and Settings\Dee\Application Data\Malwarebytes
2008-04-04 19:35 . 2008-04-04 21:20 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-04 19:35 . 2008-04-04 19:35 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-04 19:08 . 2008-04-04 19:08 d-------- C:\WINDOWS\ERUNT
2008-04-04 14:18 . 2008-04-04 14:18 d-------- C:\Documents and Settings\Dee\Application Data\Uniblue
2008-04-04 13:15 . 2008-04-04 13:15 d-------- C:\VundoFix Backups
2008-04-04 13:13 . 2008-04-04 13:13 d-------- C:\Program Files\Trend Micro
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-10 15:44 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-09 19:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-09 18:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-04-07 11:06 --------- d-----w C:\Program Files\Spyware Doctor
2008-04-04 11:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-04 10:22 --------- d-----w C:\Program Files\DivX
2008-04-04 10:21 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-02 14:17 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-02 12:33 --------- d-----w C:\Documents and Settings\j\Application Data\ppStream
2008-03-02 12:11 --------- d-----w C:\Program Files\Alwil Software
2008-03-01 17:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-03-01 16:12 24,576 ----a-w C:\WINDOWS\system32\VundoFixSVC.exe
2008-02-24 16:45 --------- d-----w C:\Documents and Settings\Dee\Application Data\TVU networks
2008-02-24 16:37 --------- d-----w C:\Documents and Settings\Dee\Application Data\McAfee
2008-02-21 22:43 --------- d-----w C:\Documents and Settings\j\Application Data\PC Tools
2008-02-21 22:24 --------- d-----w C:\Documents and Settings\j\Application Data\LimeWire
2008-02-21 22:24 --------- d-----w C:\Documents and Settings\j\Application Data\FrostWire
2008-02-21 10:56 147,456 ----a-w C:\WINDOWS\system32\vbzip10.dll
2008-02-21 10:54 93,760 ----a-w C:\WINDOWS\system32\iswsahqf.dll
2008-02-16 15:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\TVU networks
2008-02-13 16:59 --------- d-----w C:\Program Files\Picasa2
2008-02-13 16:58 --------- d-----w C:\Program Files\Lavasoft
2006-08-04 22:23 836 ----a-w C:\Documents and Settings\Dee\Application Data\ViewerApp.dat
2007-02-23 19:45 56 --sh--r C:\WINDOWS\system32\8616203188.sys
2007-02-23 19:45 56 --sh--r C:\WINDOWS\system32\B085F86352.sys
2007-07-30 10:51 15,488 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( snapshot@2008-04-04_12.57.54.92 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-04 05:07:32 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-04-04 18:09:11 4,259,840 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat
+ 2008-04-04 18:09:11 155,648 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-04-04 05:07:32 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-04-04 18:08:59 4,259,840 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat
+ 2008-04-04 18:08:59 155,648 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2008-04-10 15:38:42 53,248 ----a-w C:\WINDOWS\PSEXESVC.EXE
- 2008-04-04 11:41:00 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-04-10 15:38:03 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-04-04 11:41:00 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-04-10 15:38:03 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-04-04 11:41:00 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-10 15:38:03 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-10 15:39:00 40,960 ----a-w C:\WINDOWS\Temp\rtdrvmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2002-08-29 08:41 13312]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [ ]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [ ]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 15:43 57344]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-02-13 18:13 579072]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-04-22 21:33 180269]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 16:57 282624]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2007-12-10 15:53 1103752]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [ ]
"SoundMan"="SOUNDMAN.EXE" []
"ShowIcon_Justrams_USB Drives Driver v1.19r020"="C:\Program Files\USBDRIVE\shwicon.exe" [2003-02-19 18:47 73728]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"iTunesHelper"="D:\iTunesHelper.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-08-29 08:41 13312]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [ ]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-28 11:30 219136]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2002-11-20 19:50 51200 C:\WINDOWS\system32\narrator.exe]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\xcttgs.sys]
@="Driver"
S0 hgjihjde;hgjihjde;C:\WINDOWS\System32\drivers\hgjihjde.sys []
S3 FA312;NETGEAR FA330/FA312/FA311 Fast Ethernet Adapter Driver;C:\WINDOWS\System32\DRIVERS\FA312nd5.sys [2001-08-17 12:12]
S3 jatmlano;jatmlano;C:\DOCUME~1\Dee\LOCALS~1\Temp\jatmlano.sys []
S3 PAC207;SoC [email]PC-Camer@;C:\WINDOWS\System32\DRIVERS\pfc027.sys[/email] []
S3 se44bus;Sony Ericsson Device 068 driver (WDM);C:\WINDOWS\System32\DRIVERS\se44bus.sys [2006-07-25 12:52]
S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys []
.
Contents of the 'Scheduled Tasks' folder
"2008-04-04 14:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-10 16:39:58
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\Ati2evxx.dll
-> C:\WINDOWS\system32\tsd32.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\PAStiSvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
.
**************************************************************************
.
Completion time: 2008-04-10 16:56:34 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-10 15:55:56
ComboFix2.txt 2008-04-04 12:01:35
Pre-Run: 11,098,509,312 bytes free
Post-Run: 11,129,974,784 bytes free
.
2007-06-18 18:07:41 --- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:07:27, on 10/04/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\USBDRIVE\shwicon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sha123.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ShowIcon_Justrams_USB Drives Driver v1.19r020] "C:\Program Files\USBDRIVE\shwicon.exe" -t"Justrams\USB Drives Driver v1.19r020"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunesHelper.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - http://www.winkflash.co.uk/photo/loaders/SAXFile.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.co.uk/SnapfishUKActivia.cab
O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader_uni.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://upload.mediamax.com/Upload/XUpload.ocx
O23 - Service: Ares Chatroom server (AresChatServer) - Unknown owner - C:\Program Files\Ares\chatServer.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
--
End of file - 8212 bytes
Reinstall?? No need to go to that trouble. You have a few problems in there, though. Let's work on them.
=Check the properties of these two files - if they are unsigned I suggest you delete them:
C:\WINDOWS\system32\8616203188.sys
C:\WINDOWS\system32\B085F86352.sys
-they have hashed filenames and that is suspicious... **what did you find for them??
=Delete these files:
C:\WINDOWS\system32\iswsahqf.dll
C:\WINDOWS\System32\drivers\hgjihjde.sys
C:\DOCUME~1\Dee\LOCALS~1\Temp\jatmlano.sys
=Delete this folder:
C:\Documents and Settings\Dee\Application Data\McAfee
=If you did not find that these two files have legit owners then rename them:
C:\WINDOWS\system32\8616203188.sys > C:\WINDOWS\system32\8616203188.sys.old
C:\WINDOWS\system32\B085F86352.sys > C:\WINDOWS\system32\B085F86352.sys.old
==Please copy the text in the box to a notepad [format/wordwrap unchecked] and save as fixkey.reg, as type "all files", to your desktop; dclick it to run... agree; if it opens in notepad instead rclick the icon [file], choose Open with, Registry editor....
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\xcttgs.sys]
==GET AVG antispyware 7.5 here.. http://free.grisoft.com/doc/5390/lng/us/tpl/v5#avg-anti-spyware-free
-Install it and UPDATE it.
Start AVG a-s 7.5;
-under Scanner/ Settings please change the default action from Recommended Actions to QUARANTINE, and run the complete system scan.
-press Apply all Actions and Save the log file. Post the log file.
Hi i have been able to delete:
C:\WINDOWS\system32\iswsahqf.dll
C:\Documents and ettings\Dee\Application Data\McAfee
But can not find any of the .sys files
8616203188.sys
B085F86352.sys
hgjihjde.sys
jatmlano.sys
Non of these files are there? Ive enabled "view hidden files/folders" and still can not find any of these .sys files either by looking manually or searching for them??
The Reg file ran ok
And here are the results from the AVG Scan.
Thanks!!!
C:\Documents and Settings\Dee\Cookies\dee@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\j\Cookies\j@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\Dee\Cookies\dee@stat.onestat[2].txt -> TrackingCookie.Onestat : No action taken.
C:\Documents and Settings\j\Cookies\j@ads.pointroll[2].txt -> TrackingCookie.Pointroll : No action taken.
C:\Documents and Settings\Dee\Cookies\dee@questionmarket[2].txt -> TrackingCookie.Questionmarket : No action taken.
C:\Documents and Settings\j\Cookies\j@questionmarket[1].txt -> TrackingCookie.Questionmarket : No action taken.
C:\Documents and Settings\Dee\Cookies\dee@revsci[2].txt -> TrackingCookie.Revsci : No action taken.
C:\Documents and Settings\Dee\Cookies\dee@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\Dee\Cookies\dee@serving-sys[2].txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\j\Cookies\j@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\j\Cookies\j@serving-sys[1].txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\Dee\Cookies\dee@statcounter[2].txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.109:C:\Documents and Settings\j\Application Data\Mozilla\Firefox\Profiles\brn2w5t5.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.110:C:\Documents and Settings\j\Application Data\Mozilla\Firefox\Profiles\brn2w5t5.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.111:C:\Documents and Settings\j\Application Data\Mozilla\Firefox\Profiles\brn2w5t5.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\j\Cookies\j@anad.tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\j\Cookies\j@anat.tacoda[2].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Dee\Cookies\dee@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : No action taken.
C:\Documents and Settings\j\Cookies\j@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : No action taken.
C:\Documents and Settings\Dee\Cookies\dee@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\j\Cookies\j@m.webtrends[1].txt -> TrackingCookie.Webtrends : No action taken.
C:\Documents and Settings\Dee\Cookies\dee@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\LocalService\Cookies\system@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.
==Please copy the text in the box to a notepad [format/wordwrap unchecked] and save as CFScript.txt to where you saved Combofix -that is, to a folder or your desktop.
Killall::
File::
C:\WINDOWS\system32\8616203188.sys
C:\WINDOWS\system32\B085F86352.sys
C:\WINDOWS\system32\iswsahqf.dll
C:\WINDOWS\System32\drivers\hgjihjde.sys
C:\DOCUME~1\Dee\LOCALS~1\Temp\jatmlano.sys
Good. Now drag CFScript.txt onto Combofix [drag the icon if on your desktop, or the filename if in a folder]. Combofix will start, let it run, if your firewall prompts then allow all; post the log.
Hi Gerbil
As you requested please find the combo fix log below
Thanks for your help
Dee
ComboFix 08-04-09.9 - Dee 2008-04-12 8:41:16.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.71 [GMT 1:00]
Running from: C:\Documents and Settings\Dee\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Dee\Desktop\CFScript.txt 12.txt
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\DOCUME~1\Dee\LOCALS~1\Temp\jatmlano.sys
C:\WINDOWS\system32\8616203188.sys
C:\WINDOWS\system32\B085F86352.sys
C:\WINDOWS\System32\drivers\hgjihjde.sys
C:\WINDOWS\system32\iswsahqf.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\8616203188.sys
C:\WINDOWS\system32\B085F86352.sys
.
((((((((((((((((((((((((( Files Created from 2008-03-12 to 2008-04-12 )))))))))))))))))))))))))))))))
.
2008-04-11 14:19 . 2008-04-11 14:19 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-11 14:19 . 2008-04-11 14:19 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-11 08:28 . 2008-04-11 08:28 d-------- C:\Documents and Settings\Dee\Application Data\Grisoft
2008-04-11 08:28 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-08 13:52 . 2008-04-08 13:52 d---s---- C:\Documents and Settings\LocalService\UserData
2008-04-04 19:36 . 2008-04-04 19:36 d-------- C:\Documents and Settings\Dee\Application Data\Malwarebytes
2008-04-04 19:35 . 2008-04-04 21:20 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-04 19:35 . 2008-04-04 19:35 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-04 19:08 . 2008-04-04 19:08 d-------- C:\WINDOWS\ERUNT
2008-04-04 14:18 . 2008-04-04 14:18 d-------- C:\Documents and Settings\Dee\Application Data\Uniblue
2008-04-04 13:15 . 2008-04-04 13:15 d-------- C:\VundoFix Backups
2008-04-04 13:13 . 2008-04-04 13:13 d-------- C:\Program Files\Trend Micro
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-12 08:22 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-11 07:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-11 07:06 --------- d-----w C:\Program Files\Spyware Doctor
2008-04-11 06:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-04-09 19:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-04 11:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-04 10:22 --------- d-----w C:\Program Files\DivX
2008-04-04 10:21 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-02 14:17 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-02 12:33 --------- d-----w C:\Documents and Settings\j\Application Data\ppStream
2008-03-02 12:11 --------- d-----w C:\Program Files\Alwil Software
2008-03-01 17:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-02-24 16:45 --------- d-----w C:\Documents and Settings\Dee\Application Data\TVU networks
2008-02-21 22:43 --------- d-----w C:\Documents and Settings\j\Application Data\PC Tools
2008-02-21 22:24 --------- d-----w C:\Documents and Settings\j\Application Data\LimeWire
2008-02-21 22:24 --------- d-----w C:\Documents and Settings\j\Application Data\FrostWire
2008-02-16 15:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\TVU networks
2008-02-13 16:59 --------- d-----w C:\Program Files\Picasa2
2008-02-13 16:58 --------- d-----w C:\Program Files\Lavasoft
2006-08-04 22:23 836 ----a-w C:\Documents and Settings\Dee\Application Data\ViewerApp.dat
2007-07-30 10:51 15,488 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( snapshot@2008-04-04_12.57.54.92 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-04 05:07:32 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-04-04 18:09:11 4,259,840 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat
+ 2008-04-04 18:09:11 155,648 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-04-04 05:07:32 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-04-04 18:08:59 4,259,840 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat
+ 2008-04-04 18:08:59 155,648 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2008-04-12 08:21:21 53,248 ----a-w C:\WINDOWS\PSEXESVC.EXE
- 2008-04-04 11:41:00 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-04-12 07:47:53 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-04-04 11:41:00 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-04-12 07:47:53 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-04-04 11:41:00 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-12 07:47:53 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2002-08-29 08:41 13312]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [ ]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [ ]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 15:43 57344]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-02-13 18:13 579072]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-04-22 21:33 180269]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 16:57 282624]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2007-12-10 15:53 1103752]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [ ]
"SoundMan"="SOUNDMAN.EXE" []
"ShowIcon_Justrams_USB Drives Driver v1.19r020"="C:\Program Files\USBDRIVE\shwicon.exe" [2003-02-19 18:47 73728]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"iTunesHelper"="D:\iTunesHelper.exe" [ ]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-08-29 08:41 13312]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [ ]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-28 11:30 219136]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2002-11-20 19:50 51200 C:\WINDOWS\system32\narrator.exe]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli
.
Contents of the 'Scheduled Tasks' folder
"2008-04-04 14:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-12 09:21:39
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\Ati2evxx.dll
-> C:\WINDOWS\system32\tsd32.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\PAStiSvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avginet.exe
.
**************************************************************************
.
Completion time: 2008-04-12 9:37:00 - machine was rebooted [Dee]
ComboFix-quarantined-files.txt 2008-04-12 08:36:10
ComboFix2.txt 2008-04-10 15:56:47
ComboFix3.txt 2008-04-04 12:01:35
Pre-Run: 11,022,360,576 bytes free
Post-Run: 11,118,088,192 bytes free
.
2007-06-18 18:07:41 --- E O F ---
Ok, that run found and deleted two of those files, the others are not present now. Your sys looks clean now. And still the red cross?
For a final check could you do this please:
==Get CCleaner from http://www.ccleaner.com/ - and install it in a new folder. You should keep this one for general use. I set the installation checkboxes only to open from the recycle bin. It's neater that way.
Now run CCleaner from the recycle bin rclick menu using its default settings [if you set up CCleaner as i suggested, rclicking the bin icon should give you the Open CCleaner option...].
If you have FireFox open the Applications tab and ensure at least that Cookies and Cache are checked.
Select the Cleaner icon, press Run Cleaner. Repeat in other user's accounts.
[For future quick temp file cleaning select the options you wish to use via the Windows and Applications tabs ..]
==Please use IE to do an online scan at panda:- http://www.pandasoftware.com/products/activescan?
-select a link to the scan... free online virus scan...., enter a valid? email and follow through, choosing My Computer for a full system scan.
Post the log it produces here.
Hi Gerbil
Ran the tasks you asked and folowling this the computer was slower than usual starting up and even slower trying to access the internet. Red cross still present and here is a log for the panda
;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-04-13 10:12:26
PROTECTIONS: 1
MALWARE: 37
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
AVG Anti-Virus 7.1.410 7.1.410 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00040415 adware/wintools Adware No 0 Yes No hkey_local_machine\software\classes\protocols\name-space handler\res
00040415 adware/wintools Adware No 0 Yes No hkey_classes_root\protocols\name-space handler\res
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Chris\Cookies\chris@doubleclick[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\j\Cookies\j@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Chris\Cookies\chris@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\j\Cookies\j@atdmt[2].txt
00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Dee\Desktop\SDFix.zip[SDFix/apps/Process.exe]
00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Dee\Desktop\SDFix\SDFix\apps\Process.exe
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\j\Cookies\j@tradedoubler[1].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Chris\Cookies\chris@tradedoubler[2].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Chris\Cookies\chris@247realmedia[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Chris\Cookies\chris@fastclick[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Chris\Cookies\chris@mediaplex[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\j\Cookies\j@mediaplex[1].txt
00145881 Cookie/NewMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Chris\Cookies\chris@anm.co[1].txt
00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\Documents and Settings\Chris\Cookies\chris@revenue[2].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Chris\Cookies\chris@com[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Chris\Cookies\chris@statcounter[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Chris\Cookies\chris@ad.yieldmanager[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\LocalService\Cookies\system@ad.yieldmanager[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Chris\Cookies\chris@apmebf[1].txt
00168069 Cookie/Bilbo.counted TrackingCookie No 0 Yes No C:\Documents and Settings\Chris\Cookies\chris@bilbo.counted[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\j\Cookies\j@serving-sys[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Chris\Cookies\chris@serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\j\Cookies\j@bs.serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Chris\Cookies\chris@bs.serving-sys[2].txt
00168095 Cookie/888 TrackingCookie No 0 Yes No C:\Documents and Settings\Chris\Cookies\chris@888[2].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\j\Cookies\j@adtech[1].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Chris\Cookies\chris@adtech[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\j\Cookies\j@advertising[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Chris\Cookies\chris@advertising[1].txt
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\j\Cookies\j@adrevolver[3].txt
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Chris\Cookies\chris@adrevolver[3].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Chris\Cookies\chris@statse.webtrendslive[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\j\Cookies\j@ads.pointroll[2].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\j\Cookies\j@questionmarket[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Chris\Cookies\chris@questionmarket[2].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\j\Cookies\j@adrevolver[2].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Chris\Cookies\chris@adrevolver[2].txt
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\Chris\Cookies\chris@searchportal.information[1].txt
00207936 Cookie/Adviva TrackingCookie No 0 Yes No C:\Documents and Settings\j\Cookies\j@adviva[1].txt
00207936 Cookie/Adviva TrackingCookie No 0 Yes No C:\Documents and Settings\Chris\Cookies\chris@adviva[2].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Chris\Cookies\chris@atwola[1].txt
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{833EE25F-3A47-41DF-B27D-017FE19594C7}\RP1162\A0325215.EXE
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{833EE25F-3A47-41DF-B27D-017FE19594C7}\RP1162\A0325207.sys
02894143 Bck/Agent.HTK Virus/Trojan No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\Fonts\a.zip.vir[Setup.exe]
02902395 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\vloijwlh.dll.vir
02902412 Trj/Downloader.SSM Virus/Trojan No 0 Yes No C:\Documents and Settings\Dee\Desktop\SDFix\SDFix\backups\backups.zip[backups/mrofinu1188.exe.tmp]
02902684 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\ixkfrpab.dll.vir
02904332 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\qblwisvm.dll.vir
02904333 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\hpyfyeyi.dll.vir
02904333 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\lypukbas.dll.vir
02906063 Bck/VB.ABN Virus/Trojan No 0 Yes No D:\jmusic\jmusic\SopCast v2.0.4.zip[Setup.exe]
02906063 Bck/VB.ABN Virus/Trojan No 0 Yes No D:\jmusic\jmusic\Sopcast Online TV - Vista capable.zip[Setup.exe]
;===================================================================================================================================================================================
SUSPECTS
Sent Location X
3J
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description X
3J
;===================================================================================================================================================================================
;===================================================================================================================================================================================
Thanks
Dee
Discounting the cookie detections and pests in quarantine, Dee, [delete C:\Qoobox and SDFix...] we are left with these:
00040415 adware/wintools Adware No 0 Yes No hkey_local_machine\software\classes\protocols\name-space handler\res
00040415 adware/wintools Adware No 0 Yes No hkey_classes_root\protocols\name-space handler\res
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{833EE25F-3A47-41DF-B27D-017FE19594C7}\RP1162\A0325215.EXE
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{833EE25F-3A47-41DF-B27D-017FE19594C7}\RP1162\A0325207.sys
02906063 Bck/VB.ABN Virus/Trojan No 0 Yes No D:\jmusic\jmusic\SopCast v2.0.4.zip[Setup.exe]
02906063 Bck/VB.ABN Virus/Trojan No 0 Yes No D:\jmusic\jmusic\Sopcast Online TV - Vista capable.zip[Setup.exe]
So. Delete:
D:\jmusic\jmusic\SopCast v2.0.4.zip[Setup.exe]
D:\jmusic\jmusic\Sopcast Online TV - Vista capable.zip[Setup.exe]
==Please download Malwarebytes' Anti-Malware
from: http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html
or: http://www.besttechie.net/tools/mbam-setup.exe
=Dclick that file to install the application and ensure that it is set to update and start, else start it via the icon.
Select "Perform Full Scan", then click Scan; the application will guide you through the remaining steps.
Make sure that everything is checked, and click Remove Selected.
Post the Notepad log [it is also saved under Logs tab in MBAM].
Do not use System Restore if at all avoidable because there is a pest in there and we don't want it let out again. When your sys is safer we will clean your restore points.
HI Gerbil
Please find the log as requested- One other problem has occured there seems to be no sound from the speakers- will investigate further and report back. Thanks for your help
Dee
Malwarebytes' Anti-Malware 1.11
Database version: 623
Scan type: Full Scan (A:\|C:\|D:\|)
Objects scanned: 79822
Time elapsed: 44 minute(s), 54 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 19
Files Infected: 297
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videoegg.com/Publisher,version=0.2.0 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videoegg.com/Updater,version=0.2.0 (Adware.VideoEgg) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Documents and Settings\All Users\Application Data\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Updater (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\messages (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Updater\2364 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Updater (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\messages (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Updater\2364 (Adware.VideoEgg) -> Quarantined and deleted successfully.
Files Infected:
C:\Documents and Settings\All Users\Application Data\VideoEgg\user.dat (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\publisher.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\avcodec.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\crashRpt.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\dataCollection.tmp (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\FLVEncoder.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\lame_enc.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\LevelMeter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\libpng.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\npvideoegg-publisher.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\remoteblacklist (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\report.log (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\VideoEgg_FLVWriter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\zlib.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\aol_watermark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\audio_combo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\audio_source.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\big_gray_logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\big_logo_cropped.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\blank_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\button_browse_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\button_browse_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\button_browse_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\camcorders_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\camcorder_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\camcorder_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\corners_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\corners_bottom_left_curve.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\corners_bottom_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\corners_top_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\done.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\done_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\done_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\done_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\done_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\done_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\dropshadow_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\dropshadow_horiz.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\dropshadow_vertical.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\dropzone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\dv_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\dv_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\dv_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\dv_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\dv_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\email_instructions.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\email_sent.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\email_sent_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\email_sent_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\eraser.CUR (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\eraser_cursor.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\file_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\file_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\help.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\icon_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\icon_camcorders.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\icon_camcorder_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\icon_camcorder_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\icon_ff.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\icon_file_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\icon_file_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\icon_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\icon_phone_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\icon_phone_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\icon_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\icon_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\icon_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\icon_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\icon_webcams.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\icon_webcam_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\icon_webcam_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\loading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\loading_movie.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\locating.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\logo_bottom.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\logo_middle.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\logo_top.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\mobile_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\mobile_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\mobile_slide_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\movie_placeholder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\ok.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\ok_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\ok_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\player_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\player_fast_forward_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\player_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\player_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\player_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\player_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\player_rewind_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\player_rewind_to_start.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\playhead.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\powered_by.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\progress.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\refresh_list_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\refresh_list_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\refresh_list_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\restart.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\restart_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\start_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\start_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\start_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\start_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\start_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\start_over_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\start_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\stop_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\stop_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\stop_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\stop_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\stop_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\tab_slide_deselected.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\tape_control.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\text_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\text_camcorder_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\text_file.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\text_file_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\text_phone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\text_phone_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\text_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\text_webcam_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\upload.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\uploading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\uploading_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\uploading_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\uploading_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\uploading_medium.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\uploading_thumbnail.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\upload_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\upload_from.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\upload_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\volume_gray.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\volume_green.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\volume_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\volume_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\volume_orange.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\volume_red.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\volume_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\waiting_for_email.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\webcams_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\webcam_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\webcam_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\messages\messages.en-US.bundle (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Updater\updater.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Updater\2364\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Updater\2364\updater.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\publisher.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\avcodec.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\crashRpt.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\FLVEncoder.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\lame_enc.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\LevelMeter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\libpng.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\npvideoegg-publisher.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\report.log (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\VideoEgg_FLVWriter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\zlib.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\aol_watermark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\audio_combo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\audio_source.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\big_gray_logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\big_logo_cropped.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\blank_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\button_browse_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\button_browse_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\button_browse_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\camcorders_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\camcorder_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\camcorder_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\corners_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\corners_bottom_left_curve.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\corners_bottom_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\corners_top_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\done.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\done_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\done_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\done_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\done_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\done_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\dropshadow_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\dropshadow_horiz.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\dropshadow_vertical.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\dropzone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\dv_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\dv_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\dv_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\dv_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\dv_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\email_instructions.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\email_sent.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\email_sent_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\email_sent_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\eraser.CUR (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\eraser_cursor.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\file_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\file_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\help.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\icon_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\icon_camcorders.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\icon_camcorder_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\icon_camcorder_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\icon_ff.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\icon_file_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\icon_file_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\icon_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\icon_phone_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\icon_phone_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\icon_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\icon_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\icon_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\icon_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\icon_webcams.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\icon_webcam_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\icon_webcam_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\loading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\loading_movie.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\locating.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\logo_bottom.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\logo_middle.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\logo_top.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\mobile_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\mobile_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\mobile_slide_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\movie_placeholder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\ok.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\ok_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\ok_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\player_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\player_fast_forward_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\player_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\player_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\player_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\player_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\player_rewind_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\player_rewind_to_start.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\playhead.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\powered_by.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\progress.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\refresh_list_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\refresh_list_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\refresh_list_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\restart.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\restart_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\start_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\start_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\start_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\start_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\start_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\start_over_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\start_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\stop_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\stop_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\stop_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\stop_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\stop_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\tab_slide_deselected.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\tape_control.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\text_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\text_camcorder_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\text_file.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\text_file_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\text_phone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\text_phone_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\text_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\text_webcam_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\upload.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\uploading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\uploading_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\uploading_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\uploading_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\uploading_medium.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\uploading_thumbnail.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\upload_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\upload_from.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\upload_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\volume_gray.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\volume_green.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\volume_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\volume_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\volume_orange.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\volume_red.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\volume_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\waiting_for_email.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\webcams_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\webcam_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\webcam_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\messages\messages.en-US.bundle (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Updater\updater.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Updater\2364\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Updater\2364\updater.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
This article has been dead for over three months
You
© 2012 DaniWeb® LLC
