Find your solution!

mulletmania1987 · 19-Oct-2009, 11:53 PM #1

Spybot Search & Destroy found win32.agent.sd, win32.tdss.rtk, and zlob.downloader.bit. I removed them successfully, yet my computer is still running incredibly sluggish. When I go to Control Panel>Security Center>Virus Protection, it says VirusRescue3.0 is up to date. I have no idea what Virus Rescue is. Also, when i go to My Computer>C: it gives me the following error message: "windows cannot find resycled\boot.com. Make sure you typed the name correctly and try again. To search for a file, click the Start button, then click Search.

Here is my HiJackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:52:07 PM, on 10/19/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\WINDOWS\system32\RunDLL32.EXE
C:\WINDOWS\system32\RunDLL32.EXE
C:\WINDOWS\system32\RunDLL32.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
F2 - REG:system.ini: Shell=Explorer.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] "C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe" -boot
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Windows Registry Repair Pro] "C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe" 4
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKUS\S-1-5-21-1644491937-1614895754-725345543-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Cassie')
O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe
O8 - Extra context menu item: &Search - ?p=ZKxdm176QPUS
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} (System Requirements Lab) - http://intel-drv-cdn.systemrequireme...eqlab_srlx.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.5.0.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/W...gPublisher.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://3dlifeplayer.dl.3dvia.com/pla.../installer.exe
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://l.yimg.com/jh/games/web_games...utLauncher.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B33CE678-3EC8-44D9-BC7D-2A564AC4DD88}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Unknown owner - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe (file missing)
O23 - Service: Trend Micro Proxy Service (tmproxy) - Unknown owner - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe (file missing)
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 8331 bytes

Any help would be greatly appreciated.

mulletmania1987 · 22-Oct-2009, 11:26 PM #2

Any ideas?

**sjpritch25** · 25-Oct-2009, 06:35 PM #3

Welcome to TSG

Download Combofix from this webpage: http://www.bleepingcomputer.com/comb...o-use-combofix

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

mulletmania1987 · 06-Nov-2009, 11:53 PM #4

Here is the combofix log:

ComboFix 09-11-06.03 - Administrator 11/06/2009 22:35.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.184 [GMT -6:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: VirusRescue 3.0 *On-access scanning enabled* (Updated) {BED2903C-5EE3-4973-9679-828AE087DAE6}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\documents and settings\Administrator\Application Data\Starware316
c:\documents and settings\Administrator\Application Data\Starware316\BrowserSearch\BrowserSearch.xml
c:\documents and settings\Administrator\Application Data\Starware316\BrowserSearch\BrowserSearch.xml.backup
c:\documents and settings\Administrator\Application Data\Starware316\Configurator\Configurator.xml
c:\documents and settings\Administrator\Application Data\Starware316\Configurator\Configurator.xml.backup
c:\documents and settings\Administrator\Application Data\Starware316\ErrorSearch\ErrorSearchOptions.xml
c:\documents and settings\Administrator\Application Data\Starware316\ErrorSearch\ErrorSearchOptions.xml.backup
c:\documents and settings\Administrator\Application Data\Starware316\Free_Credit_Score\Free_Credit_ScoreOptions.xml
c:\documents and settings\Administrator\Application Data\Starware316\Free_Credit_Score\Free_Credit_ScoreOptions.xml.backup
c:\documents and settings\Administrator\Application Data\Starware316\Free_Music\Free_MusicOptions.xml
c:\documents and settings\Administrator\Application Data\Starware316\Free_Music\Free_MusicOptions.xml.backup
c:\documents and settings\Administrator\Application Data\Starware316\Layouts\ToolbarLayout.xml
c:\documents and settings\Administrator\Application Data\Starware316\Layouts\ToolbarLayout.xml.backup
c:\documents and settings\Administrator\Application Data\Starware316\Manager\ManagerOptions.xml
c:\documents and settings\Administrator\Application Data\Starware316\Manager\ManagerOptions.xml.backup
c:\documents and settings\Administrator\Application Data\Starware316\Reference\ReferenceOptions.xml
c:\documents and settings\Administrator\Application Data\Starware316\Reference\ReferenceOptions.xml.backup
c:\documents and settings\Administrator\Application Data\Starware316\RelatedSearch\RelatedSearchOptions.xml
c:\documents and settings\Administrator\Application Data\Starware316\RelatedSearch\RelatedSearchOptions.xml.backup
c:\documents and settings\Administrator\Application Data\Starware316\Ringtones\RingtonesOptions.xml
c:\documents and settings\Administrator\Application Data\Starware316\Ringtones\RingtonesOptions.xml.backup
c:\documents and settings\Administrator\Application Data\Starware316\Screensavers\ScreensaversOptions.xml
c:\documents and settings\Administrator\Application Data\Starware316\Screensavers\ScreensaversOptions.xml.backup
c:\documents and settings\Administrator\Application Data\Starware316\Toolbar\TBProductsOptions.xml
c:\documents and settings\Administrator\Application Data\Starware316\Toolbar\TBProductsOptions.xml.backup
c:\documents and settings\Administrator\Application Data\Starware316\ToolbarLogo\ToolbarLogoOptions.xml
c:\documents and settings\Administrator\Application Data\Starware316\ToolbarLogo\ToolbarLogoOptions.xml.backup
c:\documents and settings\Administrator\Application Data\Starware316\ToolbarSearch\ToolbarSearchOptions.xml
c:\documents and settings\Administrator\Application Data\Starware316\ToolbarSearch\ToolbarSearchOptions.xml.backup
c:\documents and settings\Administrator\Application Data\Starware316\TravelSearch\TravelSearchOptions.xml
c:\documents and settings\Administrator\Application Data\Starware316\TravelSearch\TravelSearchOptions.xml.backup
c:\documents and settings\Administrator\Application Data\Starware316\Weather\AlertArchive.xml
c:\documents and settings\Administrator\Application Data\Starware316\Weather\WeatherOptions.xml
c:\documents and settings\Administrator\Application Data\Starware316\Weather\WeatherOptions.xml.backup
c:\documents and settings\All Users\Application Data\Starware316
c:\documents and settings\All Users\Application Data\Starware316\buttons\775_button_1b_def.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\FindIt.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\FindItHot.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\findithotxp.png
c:\documents and settings\All Users\Application Data\Starware316\buttons\finditxp.png
c:\documents and settings\All Users\Application Data\Starware316\buttons\Free_Credit_Score0.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\Free_Music0.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\logo.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\logoxp.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\Reference.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\ReferenceHot.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\referencehotxp.png
c:\documents and settings\All Users\Application Data\Starware316\buttons\referencexp.png
c:\documents and settings\All Users\Application Data\Starware316\buttons\Ringtones0.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\Screensavers0.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\Weather.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\WeatherHot.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\weatherhotxp.png
c:\documents and settings\All Users\Application Data\Starware316\buttons\weatherxp.png
c:\documents and settings\All Users\Application Data\Starware316\contexts\error.xml
c:\documents and settings\All Users\Application Data\Starware316\contexts\Related.xml
c:\documents and settings\All Users\Application Data\Starware316\contexts\Travel.xml
c:\documents and settings\All Users\Application Data\Starware316\images\walertXP.bmp
c:\documents and settings\All Users\Application Data\Starware316\SimpleUpdate\ProductMessagingConfig.xml
c:\documents and settings\All Users\Application Data\Starware316\SimpleUpdate\ProductMessagingConfig.xml.backup
c:\documents and settings\All Users\Application Data\Starware316\SimpleUpdate\SimpleUpdateConfig.xml
c:\documents and settings\All Users\Application Data\Starware316\SimpleUpdate\SimpleUpdateConfig.xml.backup
c:\documents and settings\All Users\Application Data\Starware316\SimpleUpdate\TimerManagerConfig.xml
c:\documents and settings\All Users\Application Data\Starware316\SimpleUpdate\TimerManagerConfig.xml.backup
c:\program files\Common Files\companion wizard
c:\program files\Common Files\companion wizard\log.txt
c:\program files\Common Files\companion wizard\WapCHK{4CB50401-D16A-410B-B91D-68BC91141254}.dll
c:\program files\Helper
c:\program files\Starware316
c:\program files\Starware316\icons\star_16.ico
c:\program files\Starware316\Starware316Config.xml
c:\program files\Starware316\Starware316Uninstall.exe
C:\resycled
c:\resycled\boot.com
C:\WA6P
c:\wa6p\mxfilerelatedcache.mxc2
c:\windows\bemark2.dat
c:\windows\f49f4daa.dat
c:\windows\fmark2.dat
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\dumphive.exe
c:\windows\system32\ieupdates.exe.tmp
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\stera.log
c:\windows\system32\tmp.reg

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FOPN
-------\Legacy_MYWEBSEARCHSERVICE
-------\Legacy_NWCWORKSTATION
-------\Service_gaopdxserv.sys
-------\Service_NWCWorkstation

((((((((((((((((((((((((( Files Created from 2009-10-07 to 2009-11-07 )))))))))))))))))))))))))))))))
.

2009-10-23 18:13 . 2009-10-23 18:13 -------- d-----w- c:\documents and settings\Administrator\Application Data\Amazon
2009-10-23 18:10 . 2009-10-23 18:10 -------- d-----w- c:\program files\Amazon
2009-10-15 14:35 . 2009-10-15 14:35 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\PCHealth
2009-10-10 02:41 . 2009-10-10 02:41 -------- d-----w- c:\program files\SystemRequirementsLab
2009-10-08 20:24 . 2009-10-08 20:24 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-10-08 20:24 . 2009-10-08 20:24 -------- d-----w- c:\documents and settings\Administrator\Application Data\No Company Name
2009-10-08 12:30 . 2009-10-08 12:31 -------- d-----w- c:\documents and settings\All Users\Application Data\SmartSound Software Inc
2009-10-08 12:30 . 2009-10-08 12:30 -------- d-----w- c:\program files\SmartSound Software
2009-10-08 12:29 . 2009-10-08 12:29 38208 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\http://www.macromedia.com\bin\airapp...pinstaller.exe
2009-10-08 12:28 . 2009-10-08 12:28 -------- d-----w- c:\program files\Common Files\Macrovision Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-28 23:42 . 2009-01-07 06:04 1 ----a-w- c:\documents and settings\Administrator\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-10-08 20:26 . 2006-10-02 22:43 34352 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-08 12:33 . 2006-10-01 22:59 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-08 12:28 . 2007-06-27 17:04 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-08 12:08 . 2009-10-08 01:32 -------- d-----w- c:\documents and settings\Administrator\Application Data\Download Manager
2009-09-29 21:38 . 2009-09-29 21:38 -------- d-----w- c:\program files\GoldWave
2009-09-29 21:12 . 2009-09-29 21:11 -------- d-----w- c:\program files\u-he
2009-09-29 21:12 . 2009-09-29 21:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Celemony Software GmbH
2009-09-29 21:11 . 2009-09-29 21:11 -------- d-----w- c:\program files\Common Files\Digidesign
2009-09-29 21:11 . 2009-09-29 21:11 -------- d-----w- c:\program files\Celemony
2009-09-28 03:29 . 2009-09-28 03:29 -------- d-----w- c:\program files\Microsoft
2009-09-28 03:29 . 2009-09-28 03:29 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-09-28 03:29 . 2008-07-01 01:45 -------- d-----w- c:\program files\Windows Live
2009-09-27 04:44 . 2009-09-27 04:42 -------- d-----w- c:\program files\SpywareBlaster
2009-09-27 04:42 . 2009-09-27 04:42 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-23 16:05 . 2006-10-20 00:29 -------- d-----w- c:\program files\Yahoo!
2009-09-23 16:05 . 2008-12-27 12:44 -------- d--h--r- c:\documents and settings\Administrator\Application Data\yahoo!
2009-09-23 16:05 . 2007-07-01 22:53 -------- d--h--r- c:\documents and settings\All Users\Application Data\yahoo!
2009-09-22 15:57 . 2009-09-22 15:57 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-22 15:56 . 2009-09-22 15:56 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-09-21 04:50 . 2009-09-21 04:50 -------- d-----w- c:\program files\MSBuild
2009-09-21 04:49 . 2009-09-21 04:49 -------- d-----w- c:\program files\Reference Assemblies
2009-09-21 03:13 . 2008-06-15 15:25 -------- d-----w- c:\program files\Alwil Software
2009-09-21 00:38 . 2009-05-31 23:29 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-21 00:16 . 2009-09-21 00:16 20747 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-09-21 00:16 . 2009-09-21 00:16 -------- d-----w- c:\program files\Linksys Wireless-G PCI Wireless Network Monitor
2009-09-11 14:18 . 2004-08-10 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-06 10:48 . 2009-09-06 10:48 1586528 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Elements Organizer\8.0\Flash Galleries\Dynamic\flashplayer\windows\SAFlashPlayer.exe
2009-09-06 10:48 . 2009-09-06 10:48 83296 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Elements Organizer\8.0\Slideshow Templates\yahoomap\resources\AuthSWF.exe
2009-09-04 21:03 . 2004-08-10 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36 . 2004-08-10 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2004-08-10 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36 . 2004-08-10 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-08-26 08:00 . 2004-08-10 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2007-06-05 03:22 . 2007-06-05 03:23 774144 ----a-w- c:\program files\RngInterstitial.dll
2007-05-09 21:06 . 2007-05-09 21:06 16 ---ha-w- c:\program files\Common Files\mxfilerelatedcache.mxc2
2007-05-09 21:06 . 2007-05-09 21:06 16 ---ha-w- c:\program files\mxfilerelatedcache.mxc2
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"PC Pitstop Optimize Scheduler"="c:\program files\PCPitstop\Optimize\PCPOptimize.exe" [2006-10-27 1696768]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Dell AIO Printer A940"="c:\program files\Dell AIO Printer A940\dlbabmgr.exe" [2003-02-17 86102]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-22 149280]
"combofix"="c:\combofix\CF2901.exe" [2009-11-07 389120]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="Explorer.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0stera

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\My Games\\SmallBall Baseball\\smallball.exe"=
"%windir%\\system32\\winav.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Adobe\\Elements Organizer 8.0\\AdobePhotoshopElementsMediaServer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 ACEDRV08;ACEDRV08;c:\windows\system32\drivers\ACEDRV08.sys [5/8/2007 8:50 PM 108768]
S2 Tmfilter;Tmfilter;c:\windows\system32\drivers\TmXPFlt.sys --> c:\windows\system32\drivers\TmXPFlt.sys [?]
S2 Tmntsrv;Trend NT Realtime Service;"c:\program files\Trend Micro\Antivirus\Tmntsrv.exe" --> c:\program files\Trend Micro\Antivirus\Tmntsrv.exe [?]
S2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\Tmpreflt.sys --> c:\windows\system32\drivers\Tmpreflt.sys [?]
S2 tmproxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Antivirus\tmproxy.exe --> c:\program files\Trend Micro\Antivirus\tmproxy.exe [?]
S3 Linksys3P;Wireless-G PCI Adapter with SRX400 Driver;c:\windows\system32\drivers\TMIMO31P.sys [10/1/2006 5:11 PM 780800]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\DRIVERS\wg111v2.sys --> c:\windows\system32\DRIVERS\wg111v2.sys [?]
S3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [5/8/2007 8:44 PM 544768]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - GTNDIS5
*NewlyCreated* - MBR
*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.yahoo.com
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.msn.com
uInternet Connection Wizard,ShellNext = iexplore
IE: &Search - ?p=ZKxdm176QPUS
TCP: {B33CE678-3EC8-44D9-BC7D-2A564AC4DD88} = 208.67.220.220,208.67.222.222
DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} - hxxp://intel-drv-cdn.systemrequirementslab.com/multi/bin/sysreqlab_srlx.cab
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Windows Registry Repair Pro - c:\program files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe
HKCU-Run-Search Protection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-06 22:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\dllhost.exe
c:\windows\eHome\ehmsas.exe
c:\program files\Dell AIO Printer A940\dlbabmon.exe
.
**************************************************************************
.
Completion time: 2009-11-07 22:49 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-07 04:49

Pre-Run: 57,516,347,392 bytes free
Post-Run: 59,044,704,256 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - BD60CEAC545B19D6C283E275F86A90EF

mulletmania1987 · 06-Nov-2009, 11:55 PM #5

Here is the HiJackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:54:34 PM, on 11/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] "C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe" -boot
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe
O8 - Extra context menu item: &Search - ?p=ZKxdm176QPUS
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} (System Requirements Lab) - http://intel-drv-cdn.systemrequireme...eqlab_srlx.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.5.0.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/W...gPublisher.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://3dlifeplayer.dl.3dvia.com/pla.../installer.exe
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://l.yimg.com/jh/games/web_games...utLauncher.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B33CE678-3EC8-44D9-BC7D-2A564AC4DD88}: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Unknown owner - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe (file missing)
O23 - Service: Trend Micro Proxy Service (tmproxy) - Unknown owner - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe (file missing)
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 7624 bytes

**sjpritch25** · 07-Nov-2009, 10:39 AM #6

how is everything running?

mulletmania1987 · 07-Nov-2009, 09:21 PM #7

So far, so good. However, Windows still thinks I have a program called Virus Rescue 3.0. I have no idea what this is.

**sjpritch25** · 07-Nov-2009, 09:53 PM #8

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

mulletmania1987 · 11:37 PM

Apparently the logfile is too big to post. I am splitting it up in to two posts.

Malwarebytes' Anti-Malware 1.41
Database version: 3120
Windows 5.1.2600 Service Pack 3

11/7/2009 10:19:27 PM
mbam-log-2009-11-07 (22-19-27).txt

Scan type: Quick Scan
Objects scanned: 111775
Time elapsed: 6 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 42
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 19
Files Infected: 275

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\videoegg.activexloader (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{168dc258-1455-4e61-8590-9dac2f27b675} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1a8642f1-dc80-4edc-a39d-0fb62a58b455} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3f91eb90-ef62-44ee-a685-fac29af111cd} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5c29c7e4-5321-4cad-be2e-877666bed5df} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{83dfb6ee-ab18-41b5-86d4-b544a141d67e} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{88d6cf0e-cf70-4c24-bf6e-e4e414bc649c} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8f6a82a2-d7b1-443e-bb9f-f7dc887dd618} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9856e2d8-ffb2-4fe5-8cad-d5ad6a35a804} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a3d06987-c35e-49e4-8fe2-ac67b9fbfb4c} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a58c497b-3ee2-45e7-9594-daca6be2a0d0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ad0a3058-fd49-4f98-a514-fd055201835e} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ad5915ea-b61a-4dba-b5c8-ef4b2df0a3c7} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{af2e 62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bb187c0d-6f53-4f3e-9590-98fd3a7364a2} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c5041fd9-4819-4dc4-b20e-c950b5b03d2a} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c504 1fd9-4819-4dc4-b20e-c950b5b03d2a} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d17726cc-d4dd-4c4a-9671-471d56e413b5} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{db8cce99-59c6-4552-8bfc-058feb38d6ce} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{dc3a04ee-cdd7-4407-915c-a5502f97eecd} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e1a63484-a022-4d42-830a-fbd411514440} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e282c728-189d-419e-8ee2-1601f4b39ba5} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\videoegg.activexloader.1 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e596 df5f-4239-4d40-8367-ebadf0165917} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApprove d\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\video egg (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MozillaPlugins\@videoegg.com/publisher,version=1.5 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Weat her Services (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videoegg.com/publisher,version=1.5 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls\wxfw.dll (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Administrator\Application Data\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Loader (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Loader\4665 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\messages (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4665 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Updater (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Updater\4665 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Start Menu\Programs\totalvid (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Loader\4665\npvideoegg-loader.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\WINDOWS\Downloaded Program Files\VideoEggPublisher.exe (Malware.Tool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Uninstall.exe (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\report.log (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\aol_watermark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\audio_combo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\audio_source.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\bebo_tv_watermark .png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\bebo_tv_watermark _1.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\big_gray_logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\big_logo_cropped. png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\blank_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\button_browse_dow n.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\button_browse_ove r.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\button_browse_up. png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\camcorders_title. png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\camcorder_btn_hig hlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\camcorder_slide copy.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\camcorder_slide.p ng (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\corners_bottom_le ft.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\corners_bottom_le ft_curve.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\corners_bottom_ri ght.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\corners_top_right .png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done_capture_down .png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done_capture_over .png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dropshadow_bottom _left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dropshadow_horiz. png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dropshadow_vertic al.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dropzone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dv_fast_forward.p ng (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dv_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dv_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dv_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dv_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\email_instruction s.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\email_sent.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\email_sent_down.p ng (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\email_sent_over.p ng (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\eraser.CUR (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\eraser_cursor.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\file_btn_highligh ted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\file_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\help.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_camcorders.p ng (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_ff.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_webcams.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\loading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\loading_movie.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\locating.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\logo_bottom.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\logo_middle.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\logo_top.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\mobile_btn_highli ghted copy.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\mobile_btn_highli ghted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\mobile_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\mobile_slide_disa bled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\movie_placeholder .png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\ok.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\ok_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\ok_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_fast_forwa rd.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_fast_forwa rd_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_rewind_dis abled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_rewind_to_ start.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\playhead.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\powered_by.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\progress.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\refresh_list_down .png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\refresh_list_over .png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\refresh_list_up.p ng (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\skin.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\skin.zip (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_capture_dis abled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_capture_dow n.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_capture_ove r.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_over_highli ght.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\stop_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\stop_capture_disa bled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\stop_capture_down .png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\stop_capture_over .png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\stop_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\tab_slide_deselec ted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\tape_control.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\upload.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading_fill.pn g (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading_high.pn g (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading_medium. png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading_thumbna il.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\upload_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\upload_from.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

mulletmania1987 · 07-Nov-2009, 11:39 PM **#10**

C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\upload_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_orange.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_red.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\waiting_for_email .png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\webcams_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\webcam_btn_highli ghted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\webcam_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Loader\loader.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\publisher.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\avcodec.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\crashRpt.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\FLVEncoder.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\lame_enc.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\LevelMeter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\libpng.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\npvideoegg-publisher.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\VideoEgg_FLVWriter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\zlib.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\aol_watermark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\audio_combo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\audio_source.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\big_gray_logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\big_logo_cropped.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\blank_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_down.p ng (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_over.p ng (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorders_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorder_btn_highli ghted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorder_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_left. png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_left_ curve.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_right .png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_top_right.pn g (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture_down.pn g (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture_over.pn g (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_bottom_le ft.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_horiz.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_vertical. png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropzone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_instructions.p ng (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\eraser.CUR (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\eraser_cursor.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\file_btn_highlighted .png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\file_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\help.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorders.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder_dark. png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder_light .png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_ff.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_file_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_file_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_phone_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_phone_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcams.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam_light.pn g (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\loading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\loading_movie.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\locating.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_bottom.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_middle.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_top.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_btn_highlight ed.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_slide_disable d.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\movie_placeholder.pn g (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fast_forward. png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fast_forward_ disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind_disabl ed.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind_to_sta rt.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\playhead.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\powered_by.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\progress.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_down.pn g (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_over.pn g (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\restart.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\restart_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_disabl ed.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_down.p ng (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_over.p ng (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_over_highlight .png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_disable d.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_down.pn g (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_over.pn g (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\tab_slide_deselected .png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\tape_control.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_camcorder_highl ight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_file.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_file_highlight. png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_phone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_phone_highlight .png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_webcam_highligh t.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_medium.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_thumbnail. png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_from.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_gray.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_green.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_orange.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_red.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\waiting_for_email.pn g (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcams_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcam_btn_highlight ed.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcam_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\messages\messages.en-US.bundle (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Updater\updater.exe (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Updater\updater.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Updater\VideoEggBroker.exe (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Updater\VideoEggBroker.exe.old (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Updater\4665\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Updater\4665\updater.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\results.txt (Malware.Trace) -> Quarantined and deleted successfully.

mulletmania1987 · 07-Nov-2009, 11:41 PM **#11**

C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\videoegg-large.ico (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\videoegg-small.ico (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\videoegg.ico (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_gray.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_green.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

I guess it took three posts. My apologies for that. I am still seeing Virus Rescue 3.0 in Control Panel>Security Center

**sjpritch25** · 08-Nov-2009, 04:04 PM **#12**

Please reboot your machine

open Malwarebytes, update to the latest def's and run another quick scan. Post your results.

Are you still getting the popups?

mulletmania1987 · 08-Nov-2009, 07:46 PM **#13**

Malwarebytes' Anti-Malware 1.41
Database version: 3130
Windows 5.1.2600 Service Pack 3

11/8/2009 6:44:01 PM
mbam-log-2009-11-08 (18-44-01).txt

Scan type: Quick Scan
Objects scanned: 109314
Time elapsed: 4 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I am getting no popups. As far as I can tell, everything seems to be running fine. It's that Virus Rescue thing that has my curiosity peaked.

**sjpritch25** · 08-Nov-2009, 08:42 PM **#14**

Do you still see it in Add/Remove programs?

mulletmania1987 · 08-Nov-2009, 10:08 PM **#15**

I actually never saw it there. It only shows up in Windows Security Center. It says Virus Rescue 3.0 is up to date.

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)