1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: C:\winlogon.exe

Discussion in 'Virus & Other Malware Removal' started by yoyoia, Sep 21, 2008.

Thread Status:
Not open for further replies.
Advertisement
  1. yoyoia

    yoyoia Thread Starter

    Joined:
    Sep 21, 2008
    Messages:
    9

    SDFix: Version 1.227
    Run by Administrator on Sun 09/21/2008 at 04:50 PM
    Microsoft Windows XP [Version 5.1.2600]
    Running From: C:\SDFix
    Checking Services :

    Restoring Default Security Values
    Restoring Default Hosts File
    Rebooting

    Checking Files :
    Trojan Files Found:
    C:\WINDOWS\system32\superiorads-uninst.exe - Deleted
    C:\Documents and Settings\All Users\Start Menu\Online Security Guide.url - Deleted
    C:\Documents and Settings\All Users\Start Menu\Security Troubleshooting.url - Deleted
    C:\WINDOWS\system32\dcads-remove.exe - Deleted
    C:\WINDOWS\system32\superiorads-uninst.exe - Deleted


    Removing Temp Files
    ADS Check :


    Final Check :
    catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-21 17:00:34
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes ...
    scanning hidden services & system hive ...
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
    "h0"=dword:00000001
    "ujdew"=hex:b0,6c,a2,93,ae,88,ac,6f,78,1e,7a,ea,04,d3,aa,88,51,d2,4c,a8,ed,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools\"
    "h0"=dword:00000000
    "khjeh"=hex:32,63,ab,87,73,77,59,a4,3d,be,fe,4c,80,d8,26,33,07,84,5d,a6,57,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,84,fc,15,ce,a5,86,fb,5c,64,1d,37,59,38,b1,0f,f7,0a,..
    "khjeh"=hex:36,01,76,27,40,bf,c9,7e,f7,21,20,3e,e0,11,bf,5a,5b,aa,bc,5a,4b,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:e4,0a,b7,0f,21,b1,01,f7,be,fe,92,5f,b3,8d,87,2f,a7,ec,a1,39,08,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
    "h0"=dword:00000001
    "ujdew"=hex:b0,6c,a2,93,ae,88,ac,6f,78,1e,7a,ea,04,d3,aa,88,51,d2,4c,a8,ed,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools\"
    "h0"=dword:00000000
    "khjeh"=hex:32,63,ab,87,73,77,59,a4,3d,be,fe,4c,80,d8,26,33,07,84,5d,a6,57,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,84,fc,15,ce,a5,86,fb,5c,64,1d,37,59,38,b1,0f,f7,0a,..
    "khjeh"=hex:36,01,76,27,40,bf,c9,7e,f7,21,20,3e,e0,11,bf,5a,5b,aa,bc,5a,4b,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:e4,0a,b7,0f,21,b1,01,f7,be,fe,92,5f,b3,8d,87,2f,a7,ec,a1,39,08,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
    "h0"=dword:00000001
    "ujdew"=hex:b0,6c,a2,93,ae,88,ac,6f,78,1e,7a,ea,04,d3,aa,88,51,d2,4c,a8,ed,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools\"
    "h0"=dword:00000000
    "khjeh"=hex:32,63,ab,87,73,77,59,a4,3d,be,fe,4c,80,d8,26,33,07,84,5d,a6,57,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,84,fc,15,ce,a5,86,fb,5c,64,1d,37,59,38,b1,0f,f7,0a,..
    "khjeh"=hex:36,01,76,27,40,bf,c9,7e,f7,21,20,3e,e0,11,bf,5a,5b,aa,bc,5a,4b,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:e4,0a,b7,0f,21,b1,01,f7,be,fe,92,5f,b3,8d,87,2f,a7,ec,a1,39,08,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
    "h0"=dword:00000001
    "ujdew"=hex:b0,6c,a2,93,ae,88,ac,6f,78,1e,7a,ea,04,d3,aa,88,51,d2,4c,a8,ed,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools\"
    "h0"=dword:00000000
    "khjeh"=hex:32,63,ab,87,73,77,59,a4,3d,be,fe,4c,80,d8,26,33,07,84,5d,a6,57,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,84,fc,15,ce,a5,86,fb,5c,64,1d,37,59,38,b1,0f,f7,0a,..
    "khjeh"=hex:36,01,76,27,40,bf,c9,7e,f7,21,20,3e,e0,11,bf,5a,5b,aa,bc,5a,4b,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:e4,0a,b7,0f,21,b1,01,f7,be,fe,92,5f,b3,8d,87,2f,a7,ec,a1,39,08,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
    "h0"=dword:00000001
    "ujdew"=hex:b0,6c,a2,93,ae,88,ac,6f,78,1e,7a,ea,04,d3,aa,88,51,d2,4c,a8,ed,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools\"
    "h0"=dword:00000000
    "khjeh"=hex:32,63,ab,87,73,77,59,a4,3d,be,fe,4c,80,d8,26,33,07,84,5d,a6,57,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,84,fc,15,ce,a5,86,fb,5c,64,1d,37,59,38,b1,0f,f7,0a,..
    "khjeh"=hex:36,01,76,27,40,bf,c9,7e,f7,21,20,3e,e0,11,bf,5a,5b,aa,bc,5a,4b,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:e4,0a,b7,0f,21,b1,01,f7,be,fe,92,5f,b3,8d,87,2f,a7,ec,a1,39,08,..
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
    "h0"=dword:00000001
    "ujdew"=hex:b0,6c,a2,93,ae,88,ac,6f,78,1e,7a,ea,04,d3,aa,88,51,d2,4c,a8,ed,..
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools\"
    "h0"=dword:00000000
    "khjeh"=hex:32,63,ab,87,73,77,59,a4,3d,be,fe,4c,80,d8,26,33,07,84,5d,a6,57,..
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,84,fc,15,ce,a5,86,fb,5c,64,1d,37,59,38,b1,0f,f7,0a,..
    "khjeh"=hex:36,01,76,27,40,bf,c9,7e,f7,21,20,3e,e0,11,bf,5a,5b,aa,bc,5a,4b,..
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:e4,0a,b7,0f,21,b1,01,f7,be,fe,92,5f,b3,8d,87,2f,a7,ec,a1,39,08,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
    "h0"=dword:00000001
    "ujdew"=hex:b0,6c,a2,93,ae,88,ac,6f,78,1e,7a,ea,04,d3,aa,88,51,d2,4c,a8,ed,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools\"
    "h0"=dword:00000000
    "khjeh"=hex:32,63,ab,87,73,77,59,a4,3d,be,fe,4c,80,d8,26,33,07,84,5d,a6,57,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,84,fc,15,ce,a5,86,fb,5c,64,1d,37,59,38,b1,0f,f7,0a,..
    "khjeh"=hex:36,01,76,27,40,bf,c9,7e,f7,21,20,3e,e0,11,bf,5a,5b,aa,bc,5a,4b,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:e4,0a,b7,0f,21,b1,01,f7,be,fe,92,5f,b3,8d,87,2f,a7,ec,a1,39,08,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
    "h0"=dword:00000001
    "ujdew"=hex:b0,6c,a2,93,ae,88,ac,6f,78,1e,7a,ea,04,d3,aa,88,51,d2,4c,a8,ed,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools\"
    "h0"=dword:00000000
    "khjeh"=hex:32,63,ab,87,73,77,59,a4,3d,be,fe,4c,80,d8,26,33,07,84,5d,a6,57,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,84,fc,15,ce,a5,86,fb,5c,64,1d,37,59,38,b1,0f,f7,0a,..
    "khjeh"=hex:36,01,76,27,40,bf,c9,7e,f7,21,20,3e,e0,11,bf,5a,5b,aa,bc,5a,4b,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:e4,0a,b7,0f,21,b1,01,f7,be,fe,92,5f,b3,8d,87,2f,a7,ec,a1,39,08,..
    scanning hidden registry entries ...
    scanning hidden files ...
    C:\Documents and Settings\joSH\My Documents\My Completed Downloads\uTORRENT\Adobe Photoshop CS3 + Keygen -Working!\METAI CHECK THAT YOU HAVE THESE INSTALLED B4 U START EH Essential Softwares for Hacking\PowerISO v3.7 With Keygen by FFF torrent by matt14\PowerISO 3.7.JPG:Roxio EMC Stream 76 bytes hidden from API
    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 1

    Remaining Services :


    Authorized Application Key Export:
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
    "C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
    "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
    "C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"="C:\\Program Files\\AVG\\AVG8\\avgnsx.exe:*:Enabled:avgnsx.exe"
    "C:\\Program Files\\Free Download Manager\\fdm.exe"="C:\\Program Files\\Free Download Manager\\fdm.exe:*:Enabled:Free Download Manager"
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    Remaining Files :

    File Backups: - C:\SDFix\backups\backups.zip
    Files with Hidden Attributes :
    Wed 23 Aug 2006 210 A.SHR --- "C:\BOOT.BAK"
    Mon 24 Dec 2007 647,666 A..H. --- "C:\Downloads\WMQloudSetup.exe"
    Tue 11 Sep 2007 52,770,576 A..H. --- "C:\Downloads\Software\dotnetfx3(1).exe"
    Thu 15 Nov 2007 5,088,488 A..H. --- "C:\Downloads\Software\vtp7.zip"
    Tue 22 Apr 2008 6,104,632 A..H. --- "C:\Program Files\Picasa2\setup.exe"
    Sat 15 Sep 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
    Thu 13 Sep 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
    Fri 14 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\3470d8afe674adae2ee1cba944cf0413\BIT2.tmp"
    Wed 19 Mar 2008 11,969,534 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b0762000dc383d688a1853253b57c370\BIT2.tmp"
    Thu 13 Sep 2007 9,318,184 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\eb43ef5bd14e6f52f7ee8f7fa8c29424\BIT1.tmp"
    Sat 24 Nov 2007 9,843,864 A..H. --- "C:\Documents and Settings\joSH\My Documents\My Completed Downloads\Softwares\CT4Skype_ap.exe"
    Thu 15 Nov 2007 67,196,968 A..H. --- "C:\Documents and Settings\joSH\My Documents\My Completed Downloads\Softwares\directx_nov2007_redist.exe"
    Wed 12 Sep 2007 52,770,576 A..H. --- "C:\Documents and Settings\joSH\My Documents\My Completed Downloads\Softwares\dotnetfx3.exe"
    Sun 23 Sep 2007 1,000,792 A..H. --- "C:\Documents and Settings\joSH\My Documents\My Completed Downloads\Softwares\Norton_Removal_Tool(1).exe"
    Wed 12 Sep 2007 25,752,376 A..H. --- "C:\Documents and Settings\joSH\My Documents\My Completed Downloads\Softwares\wmp11-windowsxp-x86-enu.exe"
    Mon 12 Nov 2007 713,728 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL0087.tmp"
    Mon 12 Nov 2007 732,160 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL0133.tmp"
    Mon 19 Nov 2007 2,275,840 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL0291.tmp"
    Mon 19 Nov 2007 2,275,840 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL0297.tmp"
    Sun 11 Nov 2007 25,600 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL0361.tmp"
    Mon 12 Nov 2007 712,704 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL0364.tmp"
    Mon 12 Nov 2007 732,160 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL0383.tmp"
    Mon 12 Nov 2007 719,360 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL0447.tmp"
    Mon 12 Nov 2007 720,896 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL0450.tmp"
    Mon 19 Nov 2007 2,274,816 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL0474.tmp"
    Mon 12 Nov 2007 715,776 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL0615.tmp"
    Mon 12 Nov 2007 30,720 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL0687.tmp"
    Sun 11 Nov 2007 24,064 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL0714.tmp"
    Mon 12 Nov 2007 718,848 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL0776.tmp"
    Mon 19 Nov 2007 2,249,728 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL0868.tmp"
    Mon 12 Nov 2007 28,672 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL0892.tmp"
    Mon 12 Nov 2007 733,184 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL0895.tmp"
    Sun 11 Nov 2007 24,576 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL0977.tmp"
    Mon 12 Nov 2007 731,648 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL1014.tmp"
    Sun 11 Nov 2007 25,088 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL1066.tmp"
    Mon 12 Nov 2007 719,872 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL1078.tmp"
    Mon 12 Nov 2007 733,184 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL1168.tmp"
    Mon 12 Nov 2007 712,704 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL1217.tmp"
    Sun 11 Nov 2007 24,576 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL1232.tmp"
    Mon 12 Nov 2007 716,288 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL1279.tmp"
    Sun 11 Nov 2007 24,576 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL1340.tmp"
    Mon 12 Nov 2007 720,896 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL1497.tmp"
    Mon 12 Nov 2007 30,720 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL1527.tmp"
    Mon 12 Nov 2007 718,848 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL1563.tmp"
    Mon 12 Nov 2007 732,672 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL1702.tmp"
    Mon 12 Nov 2007 713,216 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL1791.tmp"
    Mon 12 Nov 2007 720,896 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL1846.tmp"
    Mon 12 Nov 2007 719,872 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL1852.tmp"
    Mon 12 Nov 2007 717,312 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL1854.tmp"
    Mon 12 Nov 2007 719,872 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL1950.tmp"
    Mon 19 Nov 2007 2,274,816 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL1951.tmp"
    Mon 12 Nov 2007 732,672 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL1979.tmp"
    Mon 19 Nov 2007 1,588,224 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL1992.tmp"
    Mon 12 Nov 2007 716,288 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL2140.tmp"
    Sun 11 Nov 2007 24,576 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL2228.tmp"
    Mon 12 Nov 2007 720,896 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL2341.tmp"
    Sun 11 Nov 2007 26,624 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL2385.tmp"
    Mon 12 Nov 2007 29,184 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL2467.tmp"
    Mon 12 Nov 2007 720,896 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL2486.tmp"
    Mon 12 Nov 2007 720,896 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL2494.tmp"
    Mon 12 Nov 2007 27,648 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL2583.tmp"
    Mon 12 Nov 2007 29,184 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL2739.tmp"
    Mon 12 Nov 2007 30,720 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL2798.tmp"
    Mon 12 Nov 2007 733,184 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL2845.tmp"
    Mon 12 Nov 2007 732,160 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL2848.tmp"
    Mon 12 Nov 2007 718,336 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL2854.tmp"
    Mon 12 Nov 2007 713,728 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL2982.tmp"
    Mon 19 Nov 2007 2,249,728 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL3021.tmp"
    Mon 12 Nov 2007 732,672 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL3037.tmp"
    Mon 12 Nov 2007 29,184 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL3088.tmp"
    Mon 12 Nov 2007 716,288 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL3128.tmp"
    Mon 12 Nov 2007 716,288 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL3147.tmp"
    Mon 12 Nov 2007 720,384 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL3221.tmp"
    Mon 12 Nov 2007 732,672 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL3227.tmp"
    Mon 12 Nov 2007 712,704 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL3448.tmp"
    Sun 11 Nov 2007 24,064 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL3477.tmp"
    Mon 12 Nov 2007 716,288 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL3483.tmp"
    Mon 12 Nov 2007 715,776 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL3499.tmp"
    Mon 19 Nov 2007 2,275,840 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL3510.tmp"
    Sun 11 Nov 2007 25,600 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL3570.tmp"
    Mon 12 Nov 2007 26,624 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL3608.tmp"
    Mon 19 Nov 2007 2,274,816 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL3928.tmp"
    Mon 12 Nov 2007 732,672 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL4062.tmp"
    Tue 24 Apr 2007 167,936 A.SH. --- "C:\Documents and Settings\joSH\My Documents\My Pictures\UNI PHOTOS\ms305 fieldtrip\SIVE94.tmp"
    Sun 4 Nov 2007 30,208 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 306\Essay\~WRL0467.tmp"
    Sun 4 Nov 2007 31,232 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 306\Essay\~WRL0636.tmp"
    Sun 4 Nov 2007 30,720 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 306\Essay\~WRL0768.tmp"
    Sun 4 Nov 2007 30,720 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 306\Essay\~WRL0834.tmp"
    Sun 4 Nov 2007 47,104 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 306\Essay\~WRL1333.tmp"
    Sun 4 Nov 2007 30,208 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 306\Essay\~WRL1345.tmp"
    Sun 4 Nov 2007 30,720 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 306\Essay\~WRL1447.tmp"
    Sun 4 Nov 2007 47,104 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 306\Essay\~WRL1756.tmp"
    Sun 4 Nov 2007 38,912 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 306\Essay\~WRL1780.tmp"
    Sun 4 Nov 2007 31,744 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 306\Essay\~WRL2317.tmp"
    Sun 4 Nov 2007 31,232 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 306\Essay\~WRL3272.tmp"
    Sun 4 Nov 2007 42,496 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 306\Essay\~WRL3317.tmp"
    Sun 4 Nov 2007 31,232 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 306\Essay\~WRL3537.tmp"
    Sun 4 Nov 2007 30,720 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 306\Essay\~WRL3565.tmp"
    Sun 4 Nov 2007 30,720 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 306\Essay\~WRL3729.tmp"
    Sun 4 Nov 2007 31,232 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 306\Essay\~WRL4007.tmp"
    Thu 9 Aug 2007 42,496 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\Data\~WRL2197.tmp"
    Sun 11 Nov 2007 24,064 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\Project\~WRL0693.tmp"
    Sun 29 Jun 2008 1,664 A.SH. --- "C:\Documents and Settings\joSH\Application Data\Roxio\Dragon\3.x\DiscInfoCache\COMBO_IDE5232CO_KJ44_000_DICV018_DRGVA000047.TMP"
    Finished!
     
  2. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    37,042
    Hiya and welcome to Tech Support Guy :)

    Are you still having this program? If so, lets take a look at a HijackThis Log:

    Click here to download HJTInstall.exe
    • Save HJTInstall.exe to your desktop.
    • Doubleclick on the HJTInstall.exe icon on your desktop.
    • By default it will install to C:\Program Files\Trend Micro\HijackThis .
    • Click on Install.
    • It will create a HijackThis icon on the desktop.
    • Once installed, it will launch Hijackthis.
    • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and Paste the log in your next reply.
    • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

    Regards

    eddie
     
  3. yoyoia

    yoyoia Thread Starter

    Joined:
    Sep 21, 2008
    Messages:
    9
    ComboFix 08-10-17.01 - joSH 2008-10-18 22:43:53.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.161 [GMT 12:00]
    Running from: C:\Documents and Settings\joSH\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\joSH\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    * new restore point
    Other Deletions
    C:\Documents and Settings\joSH\Application Data\.#
    C:\Documents and Settings\joSH\Application Data\.#\[email protected]@1023710.###
    C:\Documents and Settings\joSH\Application Data\.#\[email protected]@1023720.###
    C:\Documents and Settings\joSH\Application Data\.#\[email protected]@1023740.###
    C:\Documents and Settings\joSH\Application Data\.#\[email protected]@1023710.###
    C:\Documents and Settings\joSH\Application Data\.#\[email protected]@1023720.###
    C:\Documents and Settings\joSH\Application Data\.#\[email protected]@1023740.###
    C:\Documents and Settings\joSH\Application Data\.#\[email protected]@1023710.###
    C:\Documents and Settings\joSH\Application Data\.#\[email protected]@1023720.###
    C:\Documents and Settings\joSH\Application Data\.#\[email protected]@1023740.###
    C:\Documents and Settings\joSH\Application Data\.#\[email protected]@1023710.###
    C:\Documents and Settings\joSH\Application Data\.#\[email protected]@1023720.###
    C:\Documents and Settings\joSH\Application Data\.#\[email protected]@1023740.###
    C:\Documents and Settings\joSH\Application Data\.#\[email protected]@1023710.###
    C:\Documents and Settings\joSH\Application Data\.#\[email protected]@1023720.###
    C:\Documents and Settings\joSH\Application Data\.#\[email protected]@1023740.###
    C:\Documents and Settings\joSH\Application Data\.#\[email protected]@1023710.###
    C:\Documents and Settings\joSH\Application Data\.#\[email protected]@1023720.###
    C:\Documents and Settings\joSH\Application Data\.#\[email protected]@1023740.###
    C:\Documents and Settings\joSH\Application Data\.#\[email protected]@1023710.###
    C:\Documents and Settings\joSH\Application Data\.#\[email protected]@1023720.###
    C:\Documents and Settings\joSH\Application Data\.#\[email protected]@1023740.###
    C:\Documents and Settings\joSH\Application Data\.#\[email protected]@1023710.###
    C:\Documents and Settings\joSH\Application Data\.#\[email protected]@1023720.###
    C:\Documents and Settings\joSH\Application Data\.#\[email protected]@1023740.###
    C:\Documents and Settings\joSH\Application Data\.#\[email protected]@1023710.###
    C:\Documents and Settings\joSH\Application Data\.#\[email protected]@1023720.###
    C:\Documents and Settings\joSH\Application Data\.#\[email protected]@1023740.###
    C:\Documents and Settings\joSH\Application Data\.#\[email protected]@1023710.###
    C:\Documents and Settings\joSH\Application Data\.#\[email protected]@1023720.###
    C:\Documents and Settings\joSH\Application Data\.#\[email protected]@1023740.###
    C:\Documents and Settings\joSH\Favorites\Download programs.url
    C:\Documents and Settings\joSH\Favorites\Translator.url
    C:\Documents and Settings\joSH\Favorites\Videos.url
    C:\Program Files\MicroAntivirus
    C:\Program Files\MicroAntivirus\microAV.ooo
    C:\Program Files\MicroAntivirus\microAV0.dat
    C:\Program Files\MicroAntivirus\microAV1.dat
    C:\Program Files\Mozilla Firefox\components\nsBrowserOpt.dll
    C:\WINDOWS\assys.dll
    C:\WINDOWS\cookies.ini
    C:\WINDOWS\ffnsys.dll
    C:\WINDOWS\gstcore.dll
    C:\WINDOWS\IE4 Error Log.txt
    C:\WINDOWS\mfnsys.dll
    C:\WINDOWS\rsczsys.dll
    C:\WINDOWS\snsys.dll
    C:\WINDOWS\system32\dcads-remove.exe
    C:\WINDOWS\system32\drivers\avgrkx86.sys
    C:\WINDOWS\system32\egsqotdp.ini
    C:\WINDOWS\system32\fOpqrqss.ini
    C:\WINDOWS\system32\fOpqrqss.ini2
    C:\WINDOWS\system32\jtlybeve.ini
    C:\WINDOWS\system32\pkgnltox.ini
    C:\WINDOWS\system32\ywkpuoio.ini
    C:\WINDOWS\uawin.dll
    .
    Drivers/Services
    -------\Legacy_AVGRKX86
    -------\Service_AvgRkx86
    Files Created from 2008-09-18 to 2008-10-18
    2008-10-18 12:21 . 2008-10-18 12:31 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
    2008-10-18 12:21 . 2008-10-18 12:30 <DIR> d-------- C:\Documents and Settings\joSH\Application Data\AVGTOOLBAR
    2008-10-18 12:21 . 2008-10-18 12:21 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
    2008-10-18 12:21 . 2008-10-18 12:21 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
    2008-10-18 12:21 . 2008-10-18 12:21 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
    2008-10-18 12:18 . 2008-10-18 12:18 45,568 --a------ C:\WINDOWS\system32\avgfwdx.dll
    2008-10-18 12:18 . 2008-10-18 12:18 23,296 --a------ C:\WINDOWS\system32\drivers\avgfwdx.sys
    2008-10-18 12:10 . 2008-10-18 12:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8
    2008-10-18 11:30 . 2008-10-18 11:30 <DIR> d-------- C:\Documents and Settings\joSH\Application Data\aAvgApi
    2008-10-17 00:19 . 2008-08-14 22:11 2,189,184 --------- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
    2008-10-17 00:19 . 2008-08-14 22:09 2,145,280 --------- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
    2008-10-17 00:19 . 2008-08-14 21:33 2,066,048 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
    2008-10-17 00:19 . 2008-08-14 21:33 2,023,936 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
    2008-10-16 21:58 . 2008-09-16 00:12 1,846,400 --------- C:\WINDOWS\system32\dllcache\win32k.sys
    2008-10-16 21:24 . 2008-10-18 20:19 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-10-16 21:24 . 2008-10-16 21:24 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-10-16 20:14 . 2008-09-08 22:41 333,824 --------- C:\WINDOWS\system32\dllcache\srv.sys
    2008-10-16 19:33 . 2008-10-16 19:33 <DIR> d-------- C:\Program Files\Mininova
    2008-10-16 19:33 . 2008-10-16 19:33 <DIR> d-------- C:\Program Files\Conduit
    2008-10-14 21:52 . 2008-10-18 11:40 7,680 --ahs---- C:\WINDOWS\Thumbs.db
    2008-10-10 20:30 . 2008-10-10 20:30 102,194 --a------ C:\WINDOWS\system32\cont_dcads-remove.exe
    2008-10-06 23:59 . 2008-10-06 23:59 363,520 --a------ C:\WINDOWS\system32\nsm69.dll
    2008-10-05 18:50 . 2008-10-05 18:50 <DIR> d-------- C:\Documents and Settings\joSH\Application Data\AdobeAUM
    2008-10-05 18:46 . 2006-11-30 14:58 90,800 -ra------ C:\WINDOWS\system32\drivers\se44unic.sys
    2008-10-05 18:46 . 2006-11-30 14:58 88,624 -ra------ C:\WINDOWS\system32\drivers\se44mgmt.sys
    2008-10-05 18:46 . 2006-11-30 14:58 18,704 -ra------ C:\WINDOWS\system32\drivers\se44nd5.sys
    2008-10-05 18:46 . 2006-11-30 14:58 4,128 -ra------ C:\WINDOWS\system32\drivers\se44cr.sys
    2008-10-05 18:30 . 2006-11-30 14:58 86,432 -ra------ C:\WINDOWS\system32\drivers\se44obex.sys
    2008-10-04 18:12 . 2006-11-30 14:58 97,088 -ra------ C:\WINDOWS\system32\drivers\se44mdm.sys
    2008-10-04 18:12 . 2006-11-30 14:58 9,360 -ra------ C:\WINDOWS\system32\drivers\se44mdfl.sys
    2008-10-04 18:12 . 2006-11-30 14:58 6,240 -ra------ C:\WINDOWS\system32\drivers\se44cmnt.sys
    2008-10-04 18:12 . 2006-11-30 14:58 6,240 -ra------ C:\WINDOWS\system32\drivers\se44cm.sys
    2008-10-04 14:45 . 2006-11-30 14:58 61,536 -ra------ C:\WINDOWS\system32\drivers\se44bus.sys
    2008-10-04 14:45 . 2006-11-30 14:58 5,872 -ra------ C:\WINDOWS\system32\drivers\se44whnt.sys
    2008-10-04 14:45 . 2006-11-30 14:58 5,872 -ra------ C:\WINDOWS\system32\drivers\se44wh.sys
    2008-10-04 14:40 . 2008-10-04 14:40 <DIR> d-------- C:\Documents and Settings\joSH\Application Data\Sony Ericsson
    2008-10-04 14:33 . 2008-10-04 14:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
    2008-10-04 14:32 . 2008-10-04 14:32 <DIR> d-------- C:\Program Files\Sony Ericsson
    2008-10-04 14:32 . 2008-10-04 14:33 <DIR> d-------- C:\Program Files\Common Files\Sony Ericsson Shared
    2008-10-04 14:32 . 2008-10-04 14:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Teleca
    2008-10-04 14:29 . 2008-10-04 14:29 <DIR> d-------- C:\Program Files\Disc2Phone
    2008-09-22 06:43 . 2008-09-22 06:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Uniblue
    2008-09-21 20:02 . 2008-08-25 15:44 20,232 --a------ C:\WINDOWS\system32\AntiSpyNative64.exe
    2008-09-21 20:02 . 2008-08-25 15:44 16,648 --a------ C:\WINDOWS\system32\AntiSpyNative32.exe
    2008-09-21 18:19 . 2008-09-21 19:04 <DIR> d-------- C:\Program Files\Uniblue
    2008-09-21 17:35 . 2008-09-21 19:12 <DIR> d-------- C:\Documents and Settings\joSH\Application Data\Uniblue
    2008-09-21 17:32 . 2008-09-21 18:56 <DIR> d--h-c--- C:\Documents and Settings\All Users\Application Data\~0
    2008-09-21 16:48 . 2008-09-21 16:48 578,560 --a------ C:\WINDOWS\system32\dllcache\user32.dll
    2008-09-21 16:43 . 2008-09-21 16:44 <DIR> d-------- C:\WINDOWS\ERUNT
    2008-09-21 16:37 . 2008-09-21 17:06 <DIR> d----c--- C:\SDFix
    2008-09-21 02:54 . 2008-09-21 02:54 <DIR> d-------- C:\Program Files\AVG
    2008-09-19 20:29 . 2008-09-19 20:29 <DIR> d-------- C:\Program Files\YouTube Downloader 3000
    2008-09-18 21:18 . 2008-09-18 21:18 <DIR> d-------- C:\WINDOWS\system32\scripting
    2008-09-18 21:18 . 2008-09-18 21:18 <DIR> d-------- C:\WINDOWS\system32\en
    2008-09-18 21:18 . 2008-09-18 21:18 <DIR> d-------- C:\WINDOWS\system32\bits
    2008-09-18 21:18 . 2008-09-18 21:18 <DIR> d-------- C:\WINDOWS\l2schemas
    2008-09-18 21:13 . 2008-09-18 21:19 <DIR> d-------- C:\WINDOWS\ServicePackFiles
    2008-09-18 21:02 . 2008-09-18 21:02 <DIR> d-------- C:\WINDOWS\EHome
    .
    Find3M Report
    2008-10-18 10:27 --------- d-----w C:\Documents and Settings\joSH\Application Data\Free Download Manager
    2008-10-17 22:54 --------- d-----w C:\Documents and Settings\joSH\Application Data\uTorrent
    2008-10-13 08:22 --------- d-----w C:\Documents and Settings\joSH\Application Data\Skype
    2008-10-13 04:05 --------- d-----w C:\Documents and Settings\joSH\Application Data\skypePM
    2008-10-05 09:38 --------- d-----w C:\Documents and Settings\joSH\Application Data\AdobeUM
    2008-10-05 09:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-10-04 02:33 --------- d-----w C:\Program Files\Common Files\Teleca Shared
    2008-10-02 08:11 --------- d-----w C:\Program Files\JetAudio
    2008-09-28 10:30 --------- d-----w C:\Program Files\WinClamAVShield
    2008-09-28 10:28 --------- d-----w C:\Documents and Settings\joSH\Application Data\Spyware Terminator
    2008-09-28 08:19 --------- d-----w C:\Program Files\Messenger Plus! Live
    2008-09-27 22:08 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-09-24 09:37 --------- d-----w C:\Program Files\LimeWire
    2008-09-21 06:58 --------- d-----w C:\Program Files\Spyware Terminator
    2008-09-20 22:29 --------- d-----w C:\Program Files\DivX
    2008-09-20 16:14 --------- d-----w C:\Program Files\Hide IP Platinum
    2008-09-20 15:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
    2008-09-20 15:28 --------- d--h--r C:\Documents and Settings\joSH\Application Data\yahoo!
    2008-09-20 13:07 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-09-20 13:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
    2008-09-20 11:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spyware Terminator
    2008-09-20 08:52 --------- d-----w C:\Program Files\Opera
    2008-09-14 08:14 --------- d-----w C:\Program Files\Microsoft Silverlight
    2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
    2008-09-08 04:34 --------- d-----w C:\Program Files\ATI Technologies
    2008-07-18 18:34 586,240 ----a-w C:\WINDOWS\WLXPGSS.SCR
    2007-11-16 09:20 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
    2007-09-13 23:13 524,300 ----a-w C:\Documents and Settings\joSH\Application Data\position.bin
    .
    Reg Loading Points
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{f592709f-ff4a-4862-b659-4afabda56312}"= "C:\Program Files\Mininova\tbMini.dll" [2008-09-15 1784856]

    [HKEY_CLASSES_ROOT\clsid\{f592709f-ff4a-4862-b659-4afabda56312}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10a72bfd-414f-89a1-b332-d7da581be5e8}]
    2008-10-06 23:59 363520 --a------ C:\WINDOWS\system32\nsm69.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f592709f-ff4a-4862-b659-4afabda56312}]
    2008-09-15 06:47 1784856 --a------ C:\Program Files\Mininova\tbMini.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
    2008-07-28 22:46 160496 --a------ C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{f592709f-ff4a-4862-b659-4afabda56312}"= "C:\Program Files\Mininova\tbMini.dll" [2008-09-15 1784856]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{F592709F-FF4A-4862-B659-4AFABDA56312}"= "C:\Program Files\Mininova\tbMini.dll" [2008-09-15 1784856]

    [HKEY_CLASSES_ROOT\clsid\{f592709f-ff4a-4862-b659-4afabda56312}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
    "OM2_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-05-28 95800]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-23 68856]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
    "Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2007-08-16 1877272]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "<NO NAME>"="C:\Program Files\Internet Explorer\iexplore.exe" [2008-08-23 635848]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
    "ZSSnp211"="C:\WINDOWS\ZSSnp211.exe" [2006-08-19 49152]
    "Domino"="C:\WINDOWS\Domino.exe" [2006-08-18 49152]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
    "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 487424]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
    "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-10-18 1235736]
    "High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
    "SoundMan"="SOUNDMAN.EXE" [2004-09-10 C:\WINDOWS\SoundMan.exe]
    "AlcWzrd"="ALCWZRD.EXE" [2004-09-15 C:\WINDOWS\ALCWZRD.EXE]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]
    "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-09-11 113664]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "UIHost"=hex(2):76,69,73,74,61,75,69,2e,65,78,65,00

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
    "msacm.MPEGacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
    "msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
    backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk]
    backup=C:\WINDOWS\pss\Run Google Web Accelerator.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
    backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^joSH^Start Menu^Programs^Startup^MagicDisc.lnk]
    backup=C:\WINDOWS\pss\MagicDisc.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^joSH^Start Menu^Programs^Startup^Yahoo! Widget Engine.lnk]
    path=C:\Documents and Settings\joSH\Start Menu\Programs\Startup\Yahoo! Widget Engine.lnk
    backup=C:\WINDOWS\pss\Yahoo! Widget Engine.lnkStartup
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    C:\WINDOWS\system32\dumprep 0 -k [X]
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmcService
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Blaero Start Orb]
    --a------ 2006-07-30 21:32 575488 C:\Program Files\Blaero Start Orb\Blaero Start Orb.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
    --a------ 2007-08-14 03:44 113136 C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Domino]
    --a------ 2006-08-18 20:58 49152 C:\WINDOWS\Domino.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
    --a------ 2007-09-10 00:36 2441263 C:\Program Files\Free Download Manager\fdm.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Upload Manager]
    --a------ 2007-07-29 22:13 253952 C:\Program Files\Free Download Manager\FUM\fum.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Uploader Oe Integration]
    --a------ 2007-06-10 21:02 40960 C:\Program Files\Free Download Manager\FUM\fumoei.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
    --a------ 2007-01-02 09:22 3739648 C:\Program Files\Google\Google Talk\googletalk.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock]
    --a------ 2004-09-20 03:27 65536 C:\Program Files\LClock\LClock.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
    --a------ 2001-11-30 15:15 90112 C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    --a------ 2008-04-14 12:12 1695232 C:\Program Files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    --a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2006-01-12 18:40 155648 C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
    --a------ 2005-05-11 15:48 127118 c:\APPS\Powercinema\PCMService.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
    --a------ 2004-08-04 22:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
    --a------ 2004-08-04 22:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
    --a------ 2008-02-26 13:23 443968 C:\Program Files\Picasa2\PicasaMediaDetector.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
    --a------ 2007-04-10 00:23 200704 C:\Program Files\PowerISO\PWRISOVM.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2008-01-10 15:27 385024 C:\Program Files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
    --a------ 2007-08-24 15:52 240112 C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    -ra------ 2008-02-01 17:22 21898024 C:\Program Files\Skype\Phone\Skype.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
    --a------ 2007-09-11 17:20 2778112 C:\Program Files\Spyware Terminator\Spywareterminatorshield.Exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Styler]
    --a------ 2006-05-03 12:48 307200 C:\Program Files\Styler\Styler.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    --a------ 2007-09-23 16:24 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
    --a------ 2007-08-16 09:02 1877272 C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpyEraser]
    --a------ 2008-08-25 15:44 1431816 C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vista Sidebar]
    --a------ 2006-12-25 10:14 6083072 C:\Program Files\Vista Sidebar\sidebar.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VisualTooltip]
    --a------ 2006-10-06 11:21 942080 C:\Program Files\VisualTooltip\VisualToolTip.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    --a------ 2006-11-03 18:20 866584 C:\Program Files\Windows Defender\MSASCui.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
    --a------ 2007-08-30 19:43 4670704 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZSSnp211]
    --a------ 2006-08-19 15:37 49152 C:\WINDOWS\ZSSnp211.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
    --a------ 2003-12-17 11:50 19968 C:\WINDOWS\Logi_MwX.Exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "CyberLink Media Library Service"=2 (0x2)
    "CLSched"=2 (0x2)
    "CLCapSvc"=2 (0x2)
    "gusvc"=3 (0x3)
    "WLSetupSvc"=3 (0x3)
    "SymAppCore"=3 (0x3)
    "Symantec Core LC"=2 (0x2)
    "LiveUpdate Notice Service"=2 (0x2)
    "LiveUpdate Notice Ex"=2 (0x2)
    "LiveUpdate"=3 (0x3)
    "CLTNetCnService"=2 (0x2)
    "ccSetMgr"=3 (0x3)
    "ccEvtMgr"=2 (0x2)
    "WinDefend"=2 (0x2)
    "iPod Service"=3 (0x3)
    "ATI Smart"=2 (0x2)
    "Apple Mobile Device"=2 (0x2)
    "Adobe LM Service"=3 (0x3)
    "sp_rssrv"=2 (0x2)
    "sp_clamsrv"=3 (0x3)
    "RoxWatch10"=2 (0x2)
    "RoxMediaDB10"=3 (0x3)
    "Roxio Upnp Server 10"=2 (0x2)
    "Roxio UPnP Renderer 10"=3 (0x3)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\uTorrent\\uTorrent.exe"=
    "C:\\Program Files\\Free Download Manager\\fdm.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
    "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

    R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-10-18 97928]
    R1 c2scsi;c2scsi;C:\WINDOWS\system32\drivers\c2scsi.sys [2007-01-11 244736]
    R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2007-09-11 138624]
    R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-10-18 76040]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-05 24652]
    R3 Avgfwdx;Avgfwdx;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-10-18 23296]
    S2 RoxLiveShare10;LiveShare P2P Server 10;C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2007-08-24 309744]
    S3 Avgfwfd;AVG network filter service;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-10-18 23296]
    S3 se44bus;Sony Ericsson Device 068 driver (WDM);C:\WINDOWS\system32\DRIVERS\se44bus.sys [2006-11-30 61536]
    S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se44mdfl.sys [2006-11-30 9360]
    S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se44mdm.sys [2006-11-30 97088]
    S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se44mgmt.sys [2006-11-30 88624]
    S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS);C:\WINDOWS\system32\DRIVERS\se44nd5.sys [2006-11-30 18704]
    S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se44obex.sys [2006-11-30 86432]
    S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM);C:\WINDOWS\system32\DRIVERS\se44unic.sys [2006-11-30 90800]
    S4 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-10-18 875288]
    S4 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-18 231704]
    S4 avgfws8;AVG8 Firewall;C:\PROGRA~1\AVG\AVG8\avgfws8.exe [2008-10-18 1220888]
    S4 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2007-08-24 72176]
    S4 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe [2007-08-24 362992]
    S4 RoxMediaDB10;RoxMediaDB10;C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2007-08-24 1083888]
    S4 RoxWatch10;Roxio Hard Drive Watcher 10;C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2007-08-24 166384]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{122190dd-82b3-11dc-b209-001676364538}]
    \Shell\AutoRun\command - ie.exe
    \Shell\explore\Command - ie.exe
    \Shell\open\Command - ie.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7bbc8fef-94c5-11dd-b3d6-001676364538}]
    \Shell\auto\command - Thumbs.com
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Thumbs.com
    .
    Contents of the 'Scheduled Tasks' folder
    2008-10-18 C:\WINDOWS\Tasks\ACF4B95E91332AA2.job
    - c:\docume~1\josh\applic~1\grimto~1\Savedefysect.exe []

    2008-07-01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

    2008-10-18 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]

    2008-10-11 C:\WINDOWS\Tasks\MP Scheduled Scan.job
    - C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

    2008-09-21 C:\WINDOWS\Tasks\Uniblue SpyEraser.job
    - C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe [2008-08-25 15:44]
    .
    - - - - ORPHANS REMOVED - - - -
    BHO-{34DA163F-8155-4422-A3F6-2A7310D963A7} - (no file)
    MSConfigStartUp-osCheck - C:\Program Files\Norton Internet Security\osCheck.exe
    MSConfigStartUp-Uniblue RegistryBooster 2009 - C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe
    .
    ------- Supplementary Scan -------
    FireFox -: Profile - C:\Documents and Settings\joSH\Application Data\Mozilla\Firefox\Profiles\h5f028sz.default\
    FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
    FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.yahoo.com/
    FF -: plugin - C:\Documents and Settings\joSH\Application Data\VideoEgg\Loader\4665\npvideoegg-loader.dll
    FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
    FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
    FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
    FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
    FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll
    .
    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-18 22:51:47
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    ------------------------ Other Running Processes ------------------------
    C:\WINDOWS\system32\ati2evxx.exe
    C:\WINDOWS\system32\ati2evxx.exe
    C:\APPS\HIDSERVICE\HidService.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\UPHClean\uphclean.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Common Files\Teleca Shared\Generic.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\Program Files\AVG\AVG8\avgrsx.exe
    C:\Program Files\AVG\AVG8\avgrsx.exe
    Completion time: 2008-10-18 23:00:05 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-10-18 10:59:59
    Pre-Run: 11,184,185,344 bytes free
    Post-Run: 11,149,844,480 bytes free
    429 --- E O F --- 2008-10-16 20:31:25
     
  4. yoyoia

    yoyoia Thread Starter

    Joined:
    Sep 21, 2008
    Messages:
    9
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:58:08 PM, on 10/18/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\ALCWZRD.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\ZSSnp211.exe
    C:\WINDOWS\Domino.exe
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
    c:\APPS\HIDSERVICE\HIDSERVICE.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\UPHClean\uphclean.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Common Files\Teleca Shared\Generic.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\PROGRA~1\AVG\AVG8\avgfws8.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\PROGRA~1\AVG\AVG8\avgam.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Program Files\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
    C:\Documents and Settings\joSH\Desktop\CWINDOWSwindowslogonexe\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1396957
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    R3 - URLSearchHook: Mininova Toolbar - {f592709f-ff4a-4862-b659-4afabda56312} - C:\Program Files\Mininova\tbMini.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: dcads - {10a72bfd-414f-89a1-b332-d7da581be5e8} - C:\WINDOWS\system32\nsm69.dll
    O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
    O2 - BHO: Mininova Toolbar - {f592709f-ff4a-4862-b659-4afabda56312} - C:\Program Files\Mininova\tbMini.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
    O3 - Toolbar: Mininova Toolbar - {f592709f-ff4a-4862-b659-4afabda56312} - C:\Program Files\Mininova\tbMini.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe
    O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
    O4 - HKCU\..\RunOnce: [] C:\Program Files\Internet Explorer\iexplore.exe http://www.symantec.com/techsupp/se...0000049.000000b9&c=00000082.00000096.000001da
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O4 - Startup: AutorunsDisabled
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: Crawler Search - tbr:iemenu
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll
    O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - http://www.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{CCDA70F9-D542-4D5F-90C0-8AD182586F31}: NameServer = 202.62.124.238 202.62.120.4
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: tbr - (no CLSID) - (no file)
    O20 - AppInit_DLLs: avgrsstx.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
    O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    --
    End of file - 11701 bytes
     
  5. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    37,042
    Please download Malwarebytes' Anti-Malware from Here or Here

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






    Download and scan with SUPERAntiSpyware Free for Home Users
    • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    • An icon will be created on your desktop. Double-click that icon to launch the program.
    • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
    • Under "Configuration and Preferences", click the Preferences button.
    • Click the Scanning Control tab.
    • Under Scanner Options make sure the following are checked (leave all others unchecked):
      • Close browsers before scanning.
      • Scan for tracking cookies.
      • Terminate memory threats before quarantining.
    • Click the "Close" button to leave the control center screen.
    • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive.
    • On the right, under "Complete Scan", choose Perform Complete Scan.
    • Click "Next" to start the scan. Please be patient while it scans your computer.
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes".
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.
      • Click Preferences, then click the Statistics/Logs tab.
      • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
      • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
      • Please copy and paste the Scan Log results in your next reply.
    • Click Close to exit the program.

    So, in your next reply, post the MBAM log, SAS log and a fresh HijackThis log :)

    eddie
     
  6. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    37,042
    I've also moved your other thread here, please keep to one thread per problem :)

    I'll look thru the ComboFix log after you've done the above :)

    eddie
     
  7. yoyoia

    yoyoia Thread Starter

    Joined:
    Sep 21, 2008
    Messages:
    9
    Dear Eddie 5659,
    Thank you so much for your help. The MBAM Log is 56142 characters long. What should I do? Should I cut it into 2 parts? Oh, my apologies for posting another thread for the same prob. Cheers
     
  8. yoyoia

    yoyoia Thread Starter

    Joined:
    Sep 21, 2008
    Messages:
    9
    I have broken up the MBAM log into two parts. The second part is that of the "FILES INFECTED" bit.

    Malwarebytes' Anti-Malware 1.29
    Database version: 1286
    Windows 5.1.2600 Service Pack 3

    10/19/2008 9:46:42 AM
    mbam-log-2008-10-19 (09-46-42).txt

    Scan type: Quick Scan
    Objects scanned: 62579
    Time elapsed: 10 minute(s), 55 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 2
    Registry Keys Infected: 33
    Registry Values Infected: 3
    Registry Data Items Infected: 0
    Folders Infected: 19
    Files Infected: 278

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    C:\Program Files\Conduit\Community Alerts\Alert.dll (Adware.Conduit) -> Delete on reboot.
    C:\Program Files\Mininova\tbMini.dll (Adware.HumourCanineToolbar) -> Delete on reboot.

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1} (Adware.Conduit) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{f592709f-ff4a-4862-b659-4afabda56312} (Adware.HumourCanineToolbar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f592709f-ff4a-4862-b659-4afabda56312} (Adware.HumourCanineToolbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\videoegg.activexloader (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{168dc258-1455-4e61-8590-9dac2f27b675} (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{1a8642f1-dc80-4edc-a39d-0fb62a58b455} (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{3f91eb90-ef62-44ee-a685-fac29af111cd} (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{5c29c7e4-5321-4cad-be2e-877666bed5df} (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{83dfb6ee-ab18-41b5-86d4-b544a141d67e} (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{88d6cf0e-cf70-4c24-bf6e-e4e414bc649c} (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{8f6a82a2-d7b1-443e-bb9f-f7dc887dd618} (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{9856e2d8-ffb2-4fe5-8cad-d5ad6a35a804} (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{a3d06987-c35e-49e4-8fe2-ac67b9fbfb4c} (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{a58c497b-3ee2-45e7-9594-daca6be2a0d0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{ad0a3058-fd49-4f98-a514-fd055201835e} (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{ad5915ea-b61a-4dba-b5c8-ef4b2df0a3c7} (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{bb187c0d-6f53-4f3e-9590-98fd3a7364a2} (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{c5041fd9-4819-4dc4-b20e-c950b5b03d2a} (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{d17726cc-d4dd-4c4a-9671-471d56e413b5} (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{db8cce99-59c6-4552-8bfc-058feb38d6ce} (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{dc3a04ee-cdd7-4407-915c-a5502f97eecd} (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{e1a63484-a022-4d42-830a-fbd411514440} (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{e282c728-189d-419e-8ee2-1601f4b39ba5} (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\videoegg.activexloader.1 (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\videoegg (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videoegg.com/publisher,version=1.5 (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\MozillaPlugins\@videoegg.com/publisher,version=1.5 (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE Custom Tools (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE Safety Features (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Information Center (Trojan.Zlob) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{f592709f-ff4a-4862-b659-4afabda56312} (Adware.HumourCanineToolbar) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{f592709f-ff4a-4862-b659-4afabda56312} (Adware.HumourCanineToolbar) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{f592709f-ff4a-4862-b659-4afabda56312} (Adware.HumourCanineToolbar) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    C:\Program Files\Online Add-on (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329 (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124 (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03 (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Loader (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Loader\4665 (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520 (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\messages (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4665 (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Updater (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Updater\4665 (Adware.VideoEgg) -> Quarantined and deleted successfully.
     
  9. yoyoia

    yoyoia Thread Starter

    Joined:
    Sep 21, 2008
    Messages:
    9
    The following is the second part of the MBAM log:

    Files Infected:
    C:\Program Files\Conduit\Community Alerts\Alert.dll (Adware.Conduit) -> Delete on reboot.
    C:\Program Files\Mininova\tbMini.dll (Adware.HumourCanineToolbar) -> Delete on reboot.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Loader\4665\npvideoegg-loader.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Program Files\Online Add-on\ot.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\Program Files\Online Add-on\ts.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\DataLOCKED (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Uninstall.exe (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\report.log (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\aol_watermark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\audio_combo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\audio_source.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\bebo_tv_watermark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\bebo_tv_watermark_1.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\big_gray_logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\big_logo_cropped.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\blank_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\button_browse_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\button_browse_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\button_browse_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\camcorders_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\camcorder_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\camcorder_slide copy.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\camcorder_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\corners_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\corners_bottom_left_curve.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\corners_bottom_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\corners_top_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dropshadow_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dropshadow_horiz.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dropshadow_vertical.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dropzone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dv_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dv_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dv_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dv_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dv_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\email_instructions.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\email_sent.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\email_sent_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\email_sent_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\eraser.CUR (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\eraser_cursor.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\file_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\file_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\help.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_camcorders.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_ff.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_webcams.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\loading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\loading_movie.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\locating.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\logo_bottom.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\logo_middle.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\logo_top.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\mobile_btn_highlighted copy.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\mobile_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\mobile_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\mobile_slide_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\movie_placeholder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\ok.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\ok_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\ok_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_fast_forward_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_rewind_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_rewind_to_start.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\playhead.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\powered_by.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\progress.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\refresh_list_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\refresh_list_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\refresh_list_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\skin.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\skin.zip (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
     
  10. yoyoia

    yoyoia Thread Starter

    Joined:
    Sep 21, 2008
    Messages:
    9
    Forgive me but the second part needed trimming as well:

    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_over_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\stop_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\stop_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\stop_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\stop_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\stop_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\tab_slide_deselected.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\tape_control.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\upload.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading_medium.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading_thumbnail.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\upload_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\upload_from.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\upload_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\videoegg-large.ico (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\videoegg-small.ico (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\videoegg.ico (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_gray.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_green.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_orange.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_red.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\waiting_for_email.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\webcams_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\webcam_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\webcam_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Loader\loader.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\publisher.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\avcodec.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\crashRpt.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\FLVEncoder.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\lame_enc.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\LevelMeter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\libpng.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\npvideoegg-publisher.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\VideoEgg_FLVWriter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\zlib.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\aol_watermark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\audio_combo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\audio_source.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\big_gray_logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\big_logo_cropped.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\blank_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorders_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorder_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorder_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_left_curve.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_top_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_horiz.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_vertical.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropzone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_instructions.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\eraser.CUR (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\eraser_cursor.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\file_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\file_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\help.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorders.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_ff.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_file_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_file_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_phone_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_phone_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcams.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\loading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\loading_movie.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\locating.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_bottom.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_middle.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_top.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_slide_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\movie_placeholder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fast_forward_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
     
  11. yoyoia

    yoyoia Thread Starter

    Joined:
    Sep 21, 2008
    Messages:
    9
    Continuation of MBAM log report (Part 4)

    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind_to_start.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\playhead.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\powered_by.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\progress.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\restart.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\restart_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_over_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\tab_slide_deselected.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\tape_control.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_camcorder_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_file.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_file_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_phone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_phone_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_webcam_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_medium.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_thumbnail.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_from.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_gray.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_green.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_orange.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_red.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\waiting_for_email.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcams_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcam_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcam_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\messages\messages.en-US.bundle (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Updater\updater.exe (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Updater\updater.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Updater\VideoEggBroker.exe (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Updater\VideoEggBroker.exe.old (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Updater\4665\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\joSH\Application Data\VideoEgg\Updater\4665\updater.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
     
  12. yoyoia

    yoyoia Thread Starter

    Joined:
    Sep 21, 2008
    Messages:
    9
    Thank you for your time and effort
     
  13. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    37,042
    Also need the SAS log and a fresh HijackThis log :)

    eddie
     
  14. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/751870

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice