[mulletmania1987]

Spybot Search & Destroy found win32.agent.sd, win32.tdss.rtk, and zlob.downloader.bit. I removed them successfully, yet my computer is still running incredibly sluggish. When I go to Control Panel>Security Center>Virus Protection, it says VirusRescue3.0 is up to date. I have no idea what Virus Rescue is. Also, when i go to My Computer>C: it gives me the following error message: "windows cannot find resycled\boot.com. Make sure you typed the name correctly and try again. To search for a file, click the Start button, then click Search.

Here is my HiJackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:52:07 PM, on 10/19/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\WINDOWS\system32\RunDLL32.EXE
C:\WINDOWS\system32\RunDLL32.EXE
C:\WINDOWS\system32\RunDLL32.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
F2 - REG:system.ini: Shell=Explorer.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] "C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe" -boot
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Windows Registry Repair Pro] "C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe" 4
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKUS\S-1-5-21-1644491937-1614895754-725345543-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Cassie')
O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe
O8 - Extra context menu item: &Search - ?p=ZKxdm176QPUS
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} (System Requirements Lab) - http://intel-drv-cdn.systemrequireme...eqlab_srlx.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.5.0.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/W...gPublisher.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://3dlifeplayer.dl.3dvia.com/pla.../installer.exe
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://l.yimg.com/jh/games/web_games...utLauncher.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B33CE678-3EC8-44D9-BC7D-2A564AC4DD88}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Unknown owner - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe (file missing)
O23 - Service: Trend Micro Proxy Service (tmproxy) - Unknown owner - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe (file missing)
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 8331 bytes


Any help would be greatly appreciated.

[mulletmania1987]

Any ideas?

[sjpritch25]

Welcome to TSG

Download Combofix from this webpage: http://www.bleepingcomputer.com/comb...o-use-combofix

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

[mulletmania1987]

Here is the combofix log:

ComboFix 09-11-06.03 - Administrator 11/06/2009 22:35.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.184 [GMT -6:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: VirusRescue 3.0 *On-access scanning enabled* (Updated) {BED2903C-5EE3-4973-9679-828AE087DAE6}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\documents and settings\Administrator\Application Data\Starware316
c:\documents and settings\Administrator\Application Data\Starware316\BrowserSearch\BrowserSearch.xml
c:\documents and settings\Administrator\Application Data\Starware316\BrowserSearch\BrowserSearch.xml.backup
c:\documents and settings\Administrator\Application Data\Starware316\Configurator\Configurator.xml
c:\documents and settings\Administrator\Application Data\Starware316\Configurator\Configurator.xml.backup
c:\documents and settings\Administrator\Application Data\Starware316\ErrorSearch\ErrorSearchOptions.xml
c:\documents and settings\Administrator\Application Data\Starware316\ErrorSearch\ErrorSearchOptions.xml.backup
c:\documents and settings\Administrator\Application Data\Starware316\Free_Credit_Score\Free_Credit_ScoreOptions.xml
c:\documents and settings\Administrator\Application Data\Starware316\Free_Credit_Score\Free_Credit_ScoreOptions.xml.backup
c:\documents and settings\Administrator\Application Data\Starware316\Free_Music\Free_MusicOptions.xml
c:\documents and settings\Administrator\Application Data\Starware316\Free_Music\Free_MusicOptions.xml.backup
c:\documents and settings\Administrator\Application Data\Starware316\Layouts\ToolbarLayout.xml
c:\documents and settings\Administrator\Application Data\Starware316\Layouts\ToolbarLayout.xml.backup
c:\documents and settings\Administrator\Application Data\Starware316\Manager\ManagerOptions.xml
c:\documents and settings\Administrator\Application Data\Starware316\Manager\ManagerOptions.xml.backup
c:\documents and settings\Administrator\Application Data\Starware316\Reference\ReferenceOptions.xml
c:\documents and settings\Administrator\Application Data\Starware316\Reference\ReferenceOptions.xml.backup
c:\documents and settings\Administrator\Application Data\Starware316\RelatedSearch\RelatedSearchOptions.xml
c:\documents and settings\Administrator\Application Data\Starware316\RelatedSearch\RelatedSearchOptions.xml.backup
c:\documents and settings\Administrator\Application Data\Starware316\Ringtones\RingtonesOptions.xml
c:\documents and settings\Administrator\Application Data\Starware316\Ringtones\RingtonesOptions.xml.backup
c:\documents and settings\Administrator\Application Data\Starware316\Screensavers\ScreensaversOptions.xml
c:\documents and settings\Administrator\Application Data\Starware316\Screensavers\ScreensaversOptions.xml.backup
c:\documents and settings\Administrator\Application Data\Starware316\Toolbar\TBProductsOptions.xml
c:\documents and settings\Administrator\Application Data\Starware316\Toolbar\TBProductsOptions.xml.backup
c:\documents and settings\Administrator\Application Data\Starware316\ToolbarLogo\ToolbarLogoOptions.xml
c:\documents and settings\Administrator\Application Data\Starware316\ToolbarLogo\ToolbarLogoOptions.xml.backup
c:\documents and settings\Administrator\Application Data\Starware316\ToolbarSearch\ToolbarSearchOptions.xml
c:\documents and settings\Administrator\Application Data\Starware316\ToolbarSearch\ToolbarSearchOptions.xml.backup
c:\documents and settings\Administrator\Application Data\Starware316\TravelSearch\TravelSearchOptions.xml
c:\documents and settings\Administrator\Application Data\Starware316\TravelSearch\TravelSearchOptions.xml.backup
c:\documents and settings\Administrator\Application Data\Starware316\Weather\AlertArchive.xml
c:\documents and settings\Administrator\Application Data\Starware316\Weather\WeatherOptions.xml
c:\documents and settings\Administrator\Application Data\Starware316\Weather\WeatherOptions.xml.backup
c:\documents and settings\All Users\Application Data\Starware316
c:\documents and settings\All Users\Application Data\Starware316\buttons\775_button_1b_def.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\FindIt.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\FindItHot.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\findithotxp.png
c:\documents and settings\All Users\Application Data\Starware316\buttons\finditxp.png
c:\documents and settings\All Users\Application Data\Starware316\buttons\Free_Credit_Score0.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\Free_Music0.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\logo.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\logoxp.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\Reference.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\ReferenceHot.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\referencehotxp.png
c:\documents and settings\All Users\Application Data\Starware316\buttons\referencexp.png
c:\documents and settings\All Users\Application Data\Starware316\buttons\Ringtones0.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\Screensavers0.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\Weather.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\WeatherHot.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\weatherhotxp.png
c:\documents and settings\All Users\Application Data\Starware316\buttons\weatherxp.png
c:\documents and settings\All Users\Application Data\Starware316\contexts\error.xml
c:\documents and settings\All Users\Application Data\Starware316\contexts\Related.xml
c:\documents and settings\All Users\Application Data\Starware316\contexts\Travel.xml
c:\documents and settings\All Users\Application Data\Starware316\images\walertXP.bmp
c:\documents and settings\All Users\Application Data\Starware316\SimpleUpdate\ProductMessagingConfig.xml
c:\documents and settings\All Users\Application Data\Starware316\SimpleUpdate\ProductMessagingConfig.xml.backup
c:\documents and settings\All Users\Application Data\Starware316\SimpleUpdate\SimpleUpdateConfig.xml
c:\documents and settings\All Users\Application Data\Starware316\SimpleUpdate\SimpleUpdateConfig.xml.backup
c:\documents and settings\All Users\Application Data\Starware316\SimpleUpdate\TimerManagerConfig.xml
c:\documents and settings\All Users\Application Data\Starware316\SimpleUpdate\TimerManagerConfig.xml.backup
c:\program files\Common Files\companion wizard
c:\program files\Common Files\companion wizard\log.txt
c:\program files\Common Files\companion wizard\WapCHK{4CB50401-D16A-410B-B91D-68BC91141254}.dll
c:\program files\Helper
c:\program files\Starware316
c:\program files\Starware316\icons\star_16.ico
c:\program files\Starware316\Starware316Config.xml
c:\program files\Starware316\Starware316Uninstall.exe
C:\resycled
c:\resycled\boot.com
C:\WA6P
c:\wa6p\mxfilerelatedcache.mxc2
c:\windows\bemark2.dat
c:\windows\f49f4daa.dat
c:\windows\fmark2.dat
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\dumphive.exe
c:\windows\system32\ieupdates.exe.tmp
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\stera.log
c:\windows\system32\tmp.reg

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FOPN
-------\Legacy_MYWEBSEARCHSERVICE
-------\Legacy_NWCWORKSTATION
-------\Service_gaopdxserv.sys
-------\Service_NWCWorkstation


((((((((((((((((((((((((( Files Created from 2009-10-07 to 2009-11-07 )))))))))))))))))))))))))))))))
.

2009-10-23 18:13 . 2009-10-23 18:13 -------- d-----w- c:\documents and settings\Administrator\Application Data\Amazon
2009-10-23 18:10 . 2009-10-23 18:10 -------- d-----w- c:\program files\Amazon
2009-10-15 14:35 . 2009-10-15 14:35 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\PCHealth
2009-10-10 02:41 . 2009-10-10 02:41 -------- d-----w- c:\program files\SystemRequirementsLab
2009-10-08 20:24 . 2009-10-08 20:24 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-10-08 20:24 . 2009-10-08 20:24 -------- d-----w- c:\documents and settings\Administrator\Application Data\No Company Name
2009-10-08 12:30 . 2009-10-08 12:31 -------- d-----w- c:\documents and settings\All Users\Application Data\SmartSound Software Inc
2009-10-08 12:30 . 2009-10-08 12:30 -------- d-----w- c:\program files\SmartSound Software
2009-10-08 12:29 . 2009-10-08 12:29 38208 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\http://www.macromedia.com\bin\airapp...pinstaller.exe
2009-10-08 12:28 . 2009-10-08 12:28 -------- d-----w- c:\program files\Common Files\Macrovision Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-28 23:42 . 2009-01-07 06:04 1 ----a-w- c:\documents and settings\Administrator\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-10-08 20:26 . 2006-10-02 22:43 34352 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-08 12:33 . 2006-10-01 22:59 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-08 12:28 . 2007-06-27 17:04 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-08 12:08 . 2009-10-08 01:32 -------- d-----w- c:\documents and settings\Administrator\Application Data\Download Manager
2009-09-29 21:38 . 2009-09-29 21:38 -------- d-----w- c:\program files\GoldWave
2009-09-29 21:12 . 2009-09-29 21:11 -------- d-----w- c:\program files\u-he
2009-09-29 21:12 . 2009-09-29 21:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Celemony Software GmbH
2009-09-29 21:11 . 2009-09-29 21:11 -------- d-----w- c:\program files\Common Files\Digidesign
2009-09-29 21:11 . 2009-09-29 21:11 -------- d-----w- c:\program files\Celemony
2009-09-28 03:29 . 2009-09-28 03:29 -------- d-----w- c:\program files\Microsoft
2009-09-28 03:29 . 2009-09-28 03:29 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-09-28 03:29 . 2008-07-01 01:45 -------- d-----w- c:\program files\Windows Live
2009-09-27 04:44 . 2009-09-27 04:42 -------- d-----w- c:\program files\SpywareBlaster
2009-09-27 04:42 . 2009-09-27 04:42 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-23 16:05 . 2006-10-20 00:29 -------- d-----w- c:\program files\Yahoo!
2009-09-23 16:05 . 2008-12-27 12:44 -------- d--h--r- c:\documents and settings\Administrator\Application Data\yahoo!
2009-09-23 16:05 . 2007-07-01 22:53 -------- d--h--r- c:\documents and settings\All Users\Application Data\yahoo!
2009-09-22 15:57 . 2009-09-22 15:57 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-22 15:56 . 2009-09-22 15:56 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-09-21 04:50 . 2009-09-21 04:50 -------- d-----w- c:\program files\MSBuild
2009-09-21 04:49 . 2009-09-21 04:49 -------- d-----w- c:\program files\Reference Assemblies
2009-09-21 03:13 . 2008-06-15 15:25 -------- d-----w- c:\program files\Alwil Software
2009-09-21 00:38 . 2009-05-31 23:29 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-21 00:16 . 2009-09-21 00:16 20747 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-09-21 00:16 . 2009-09-21 00:16 -------- d-----w- c:\program files\Linksys Wireless-G PCI Wireless Network Monitor
2009-09-11 14:18 . 2004-08-10 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-06 10:48 . 2009-09-06 10:48 1586528 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Elements Organizer\8.0\Flash Galleries\Dynamic\flashplayer\windows\SAFlashPlayer.exe
2009-09-06 10:48 . 2009-09-06 10:48 83296 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Elements Organizer\8.0\Slideshow Templates\yahoomap\resources\AuthSWF.exe
2009-09-04 21:03 . 2004-08-10 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36 . 2004-08-10 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2004-08-10 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36 . 2004-08-10 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-08-26 08:00 . 2004-08-10 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2007-06-05 03:22 . 2007-06-05 03:23 774144 ----a-w- c:\program files\RngInterstitial.dll
2007-05-09 21:06 . 2007-05-09 21:06 16 ---ha-w- c:\program files\Common Files\mxfilerelatedcache.mxc2
2007-05-09 21:06 . 2007-05-09 21:06 16 ---ha-w- c:\program files\mxfilerelatedcache.mxc2
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"PC Pitstop Optimize Scheduler"="c:\program files\PCPitstop\Optimize\PCPOptimize.exe" [2006-10-27 1696768]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Dell AIO Printer A940"="c:\program files\Dell AIO Printer A940\dlbabmgr.exe" [2003-02-17 86102]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-22 149280]
"combofix"="c:\combofix\CF2901.exe" [2009-11-07 389120]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="Explorer.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0stera

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\My Games\\SmallBall Baseball\\smallball.exe"=
"%windir%\\system32\\winav.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Adobe\\Elements Organizer 8.0\\AdobePhotoshopElementsMediaServer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 ACEDRV08;ACEDRV08;c:\windows\system32\drivers\ACEDRV08.sys [5/8/2007 8:50 PM 108768]
S2 Tmfilter;Tmfilter;c:\windows\system32\drivers\TmXPFlt.sys --> c:\windows\system32\drivers\TmXPFlt.sys [?]
S2 Tmntsrv;Trend NT Realtime Service;"c:\program files\Trend Micro\Antivirus\Tmntsrv.exe" --> c:\program files\Trend Micro\Antivirus\Tmntsrv.exe [?]
S2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\Tmpreflt.sys --> c:\windows\system32\drivers\Tmpreflt.sys [?]
S2 tmproxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Antivirus\tmproxy.exe --> c:\program files\Trend Micro\Antivirus\tmproxy.exe [?]
S3 Linksys3P;Wireless-G PCI Adapter with SRX400 Driver;c:\windows\system32\drivers\TMIMO31P.sys [10/1/2006 5:11 PM 780800]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\DRIVERS\wg111v2.sys --> c:\windows\system32\DRIVERS\wg111v2.sys [?]
S3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [5/8/2007 8:44 PM 544768]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - GTNDIS5
*NewlyCreated* - MBR
*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.yahoo.com
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.msn.com
uInternet Connection Wizard,ShellNext = iexplore
IE: &Search - ?p=ZKxdm176QPUS
TCP: {B33CE678-3EC8-44D9-BC7D-2A564AC4DD88} = 208.67.220.220,208.67.222.222
DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} - hxxp://intel-drv-cdn.systemrequirementslab.com/multi/bin/sysreqlab_srlx.cab
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Windows Registry Repair Pro - c:\program files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe
HKCU-Run-Search Protection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-06 22:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\dllhost.exe
c:\windows\eHome\ehmsas.exe
c:\program files\Dell AIO Printer A940\dlbabmon.exe
.
**************************************************************************
.
Completion time: 2009-11-07 22:49 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-07 04:49

Pre-Run: 57,516,347,392 bytes free
Post-Run: 59,044,704,256 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - BD60CEAC545B19D6C283E275F86A90EF

[mulletmania1987]

Here is the HiJackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:54:34 PM, on 11/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] "C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe" -boot
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe
O8 - Extra context menu item: &Search - ?p=ZKxdm176QPUS
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} (System Requirements Lab) - http://intel-drv-cdn.systemrequireme...eqlab_srlx.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.5.0.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/W...gPublisher.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://3dlifeplayer.dl.3dvia.com/pla.../installer.exe
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://l.yimg.com/jh/games/web_games...utLauncher.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B33CE678-3EC8-44D9-BC7D-2A564AC4DD88}: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Unknown owner - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe (file missing)
O23 - Service: Trend Micro Proxy Service (tmproxy) - Unknown owner - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe (file missing)
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 7624 bytes

[sjpritch25]

how is everything running?

[mulletmania1987]

So far, so good. However, Windows still thinks I have a program called Virus Rescue 3.0. I have no idea what this is.

[sjpritch25]

Please download Malwarebytes' Anti-Malware from Here.



Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note:



If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

[mulletmania1987]

Apparently the logfile is too big to post. I am splitting it up in to two posts.

Malwarebytes' Anti-Malware 1.41
Database version: 3120
Windows 5.1.2600 Service Pack 3

11/7/2009 10:19:27 PM
mbam-log-2009-11-07 (22-19-27).txt

Scan type: Quick Scan
Objects scanned: 111775
Time elapsed: 6 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 42
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 19
Files Infected: 275

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\videoegg.activexloader (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{168dc258-1455-4e61-8590-9dac2f27b675} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1a8642f1-dc80-4edc-a39d-0fb62a58b455} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3f91eb90-ef62-44ee-a685-fac29af111cd} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5c29c7e4-5321-4cad-be2e-877666bed5df} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{83dfb6ee-ab18-41b5-86d4-b544a141d67e} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{88d6cf0e-cf70-4c24-bf6e-e4e414bc649c} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8f6a82a2-d7b1-443e-bb9f-f7dc887dd618} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9856e2d8-ffb2-4fe5-8cad-d5ad6a35a804} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a3d06987-c35e-49e4-8fe2-ac67b9fbfb4c} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a58c497b-3ee2-45e7-9594-daca6be2a0d0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ad0a3058-fd49-4f98-a514-fd055201835e} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ad5915ea-b61a-4dba-b5c8-ef4b2df0a3c7} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{af2e 62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bb187c0d-6f53-4f3e-9590-98fd3a7364a2} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c5041fd9-4819-4dc4-b20e-c950b5b03d2a} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c504 1fd9-4819-4dc4-b20e-c950b5b03d2a} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d17726cc-d4dd-4c4a-9671-471d56e413b5} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{db8cce99-59c6-4552-8bfc-058feb38d6ce} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{dc3a04ee-cdd7-4407-915c-a5502f97eecd} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e1a63484-a022-4d42-830a-fbd411514440} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e282c728-189d-419e-8ee2-1601f4b39ba5} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\videoegg.activexloader.1 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e596 df5f-4239-4d40-8367-ebadf0165917} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApprove d\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\video egg (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MozillaPlugins\@videoegg.com/publisher,version=1.5 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Weat her Services (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videoegg.com/publisher,version=1.5 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls\wxfw.dll (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Administrator\Application Data\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Loader (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Loader\4665 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\messages (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4665 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Updater (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Updater\4665 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Start Menu\Programs\totalvid (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Loader\4665\npvideoegg-loader.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\WINDOWS\Downloaded Program Files\VideoEggPublisher.exe (Malware.Tool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Uninstall.exe (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\report.log (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\aol_watermark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\audio_combo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\audio_source.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\bebo_tv_watermark .png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\bebo_tv_watermark _1.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\big_gray_logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\big_logo_cropped. png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\blank_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\button_browse_dow n.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\button_browse_ove r.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\button_browse_up. png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\camcorders_title. png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\camcorder_btn_hig hlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\camcorder_slide copy.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\camcorder_slide.p ng (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\corners_bottom_le ft.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\corners_bottom_le ft_curve.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\corners_bottom_ri ght.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\corners_top_right .png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done_capture_down .png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done_capture_over .png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dropshadow_bottom _left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dropshadow_horiz. png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dropshadow_vertic al.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dropzone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dv_fast_forward.p ng (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dv_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dv_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dv_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dv_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\email_instruction s.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\email_sent.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\email_sent_down.p ng (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\email_sent_over.p ng (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\eraser.CUR (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\eraser_cursor.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\file_btn_highligh ted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\file_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\help.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_camcorders.p ng (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_ff.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_webcams.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\loading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\loading_movie.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\locating.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\logo_bottom.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\logo_middle.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\logo_top.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\mobile_btn_highli ghted copy.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\mobile_btn_highli ghted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\mobile_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\mobile_slide_disa bled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\movie_placeholder .png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\ok.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\ok_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\ok_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_fast_forwa rd.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_fast_forwa rd_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_rewind_dis abled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_rewind_to_ start.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\playhead.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\powered_by.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\progress.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\refresh_list_down .png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\refresh_list_over .png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\refresh_list_up.p ng (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\skin.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\skin.zip (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_capture_dis abled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_capture_dow n.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_capture_ove r.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_over_highli ght.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\stop_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\stop_capture_disa bled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\stop_capture_down .png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\stop_capture_over .png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\stop_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\tab_slide_deselec ted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\tape_control.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\upload.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading_fill.pn g (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading_high.pn g (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading_medium. png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading_thumbna il.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\upload_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\upload_from.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

[mulletmania1987]

C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\upload_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_orange.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_red.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\waiting_for_email .png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\webcams_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\webcam_btn_highli ghted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\webcam_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Loader\loader.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\publisher.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\avcodec.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\crashRpt.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\FLVEncoder.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\lame_enc.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\LevelMeter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\libpng.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\npvideoegg-publisher.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\VideoEgg_FLVWriter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\zlib.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\aol_watermark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\audio_combo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\audio_source.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\big_gray_logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\big_logo_cropped.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\blank_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_down.p ng (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_over.p ng (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorders_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorder_btn_highli ghted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorder_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_left. png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_left_ curve.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_right .png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_top_right.pn g (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture_down.pn g (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture_over.pn g (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_bottom_le ft.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_horiz.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_vertical. png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropzone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_instructions.p ng (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\eraser.CUR (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\eraser_cursor.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\file_btn_highlighted .png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\file_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\help.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorders.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder_dark. png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder_light .png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_ff.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_file_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_file_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_phone_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_phone_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcams.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam_light.pn g (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\loading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\loading_movie.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\locating.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_bottom.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_middle.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_top.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_btn_highlight ed.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_slide_disable d.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\movie_placeholder.pn g (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fast_forward. png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fast_forward_ disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind_disabl ed.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind_to_sta rt.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\playhead.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\powered_by.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\progress.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_down.pn g (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_over.pn g (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\restart.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\restart_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_disabl ed.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_down.p ng (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_over.p ng (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_over_highlight .png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_disable d.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_down.pn g (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_over.pn g (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\tab_slide_deselected .png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\tape_control.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_camcorder_highl ight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_file.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_file_highlight. png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_phone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_phone_highlight .png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_webcam_highligh t.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_medium.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_thumbnail. png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_from.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_gray.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_green.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_orange.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_red.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\waiting_for_email.pn g (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcams_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcam_btn_highlight ed.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcam_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\messages\messages.en-US.bundle (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Updater\updater.exe (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Updater\updater.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Updater\VideoEggBroker.exe (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Updater\VideoEggBroker.exe.old (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Updater\4665\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Updater\4665\updater.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\results.txt (Malware.Trace) -> Quarantined and deleted successfully.

[mulletmania1987]

C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\videoegg-large.ico (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\videoegg-small.ico (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\videoegg.ico (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_gray.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_green.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

I guess it took three posts. My apologies for that. I am still seeing Virus Rescue 3.0 in Control Panel>Security Center

[sjpritch25]

Please reboot your machine

open Malwarebytes, update to the latest def's and run another quick scan. Post your results.

Are you still getting the popups?

[mulletmania1987]

Malwarebytes' Anti-Malware 1.41
Database version: 3130
Windows 5.1.2600 Service Pack 3

11/8/2009 6:44:01 PM
mbam-log-2009-11-08 (18-44-01).txt

Scan type: Quick Scan
Objects scanned: 109314
Time elapsed: 4 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I am getting no popups. As far as I can tell, everything seems to be running fine. It's that Virus Rescue thing that has my curiosity peaked.

[sjpritch25]

Do you still see it in Add/Remove programs?

[mulletmania1987]

I actually never saw it there. It only shows up in Windows Security Center. It says Virus Rescue 3.0 is up to date.