1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved cdn4.specificclick.net

Discussion in 'Malware and Virus Removal Archive' started by IDLERACER, 2010/08/09.

Page 1 of 3
  1. 2010/08/09
    IDLERACER

    IDLERACER Inactive Thread Starter

    Joined:
    2005/06/24
    Messages:
    136
    Likes Received:
    0
    [Resolved] cdn4.specificclick.net

    By this time, I'm sure everyone is aware of the web's latest regenerating virus. I originally posted this issue HERE and was instructed to post it in this section instead. Once again, as soon as I opened up my Google Chrome browser, cdn4.specificclick.net appeared in my Flash Player Shared Objects section. I once again have sent it to the recycle bin, where it currently resides, in case you need me to bring it back in order to immunize it.

    I have downloaded the DDS device on to my desk top, and have only one question before running it and posting the results: What exactly is "Script Blocking" software? Is that the same thing as anti-virus software? I want to make sure I do this correctly. ;)
     
    IDLERACER,
    #1
  2. 2010/08/09
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    1. If you use Spybot....
    Disable TeaTimer, as it'll interfere with the cleaning process:
    Right click Spybot's TeaTimer System Tray Icon.
    Click Exit Spybot-S&D Resident.
    TeaTimer closes.
    NOTE. If on re-boot, Spybot inquires about registry change(s), allow it.

    Alternatively, I suggest, you uninstall Spybot since it's a tool of the past.

    2. If you use Windows Defender...
    Disable Windows Defender, as it'll interfere with cleaning process:
    - Open Windows Defender by clicking the Start, clicking All Programs, and then clicking Windows Defender.
    - Click Tools
    then...

    ++ Windows XP:
    - Click General Settings
    - Scroll down to Real Time Protection Options
    - Uncheck Turn on Real Time Protection
    - After you uncheck this, click on the Save button
    - Close Windows Defender

    ++ Windows Vista:
    - Click Options
    - Under Administrator options, clear the Use Windows Defender check box, and then click Save.

    Enable Windows Defender, when all cleaning is done.
     
    broni,
    #2


  3. to hide this advert.

  4. 2010/08/09
    IDLERACER

    IDLERACER Inactive Thread Starter

    Joined:
    2005/06/24
    Messages:
    136
    Likes Received:
    0
    I don't see anything entitled "Windows Defender" on my computer. Do you recommend I install that after the scan? One more question. I do have Avast. Should I disable that before the scan?
     
    Last edited: 2010/08/09
    IDLERACER,
    #3
  5. 2010/08/09
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I only said "If... "
    If you don't have any of those programs, go ahead with DDS.
    No, you don't have to disable Avast.
     
    broni,
    #4
  6. 2010/08/10
    IDLERACER

    IDLERACER Inactive Thread Starter

    Joined:
    2005/06/24
    Messages:
    136
    Likes Received:
    0
    Well, I did anyway (and turned it right back on before logging on) Here are the results:

    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Owner at 23:13:52.59 on Mon 08/09/2010
    Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_20
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.495.170 [GMT -7:00]

    AV: avast! antivirus 4.8.1368 [VPS 100809-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128

    -1A293FD8233D}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    C:\WINDOWS\Explorer.EXE
    svchost.exe
    svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    C:\Program Files\Digital Media Reader\shwiconem.exe
    C:\WINDOWS\system32\devldr32.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\Creative\ShareDLL\CtNotify.exe
    C:\Program Files\Creative\ShareDLL\Mediadet.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
    C:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Documents and Settings\Owner\Desktop\dds.pif

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.yahoo.com/
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-

    US&ie=utf8&oe=utf8
    uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe "
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mSearchAssistant = hxxp://www.google.com/ie
    mURLSearchHooks: H - No File
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0

    \activex\AcroIEHelper.dll
    BHO: {2AA0FE3E-BB7C-7DE4-3FD1-D24B5ACFB827} - No File
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} -

    c:\program files\real\realplayer\rpbrowserrecordplugin.dll
    BHO: {52CE8742-BCE2-8A43-5E70-10C016F66C01} - No File
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google

    toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program

    files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6

    \bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6

    \lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google

    toolbar\GoogleToolbar_32.dll
    TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
    TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
    uRun: [SetDefaultMIDI] MIDIDef.exe
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
    uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common

    files\ahead\lib\NMBgMonitor.exe "
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1
    uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c
    mRun: [SunKistEM] c:\program files\digital media reader\shwiconem.exe
    mRun: [<NO NAME>]
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe "
    mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
    mRun: [WINDVDPatch] CTHELPER.EXE
    mRun: [Jet Detection] "c:\program files\creative\sblive\program\ADGJDet.exe "
    mRun: [Disc Detector] c:\program files\creative\sharedll\CtNotify.exe
    mRun: [RegistryMechanic]
    mRun: [Reminder] %WINDIR%\Creator\Remind_XP.exe
    mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
    mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe "
    mRun: [Motive SmartBridge] c:\progra~1\verizon\smartb~1\MotiveSB.exe
    mRun: [DevconDefaultDB] c:\windows\READREG /PSCONV={NO} /NO_DEFPS
    mRun: [UpdReg] c:\windows\Updreg.exe
    mRun: [AudioHQ] c:\program files\creative\sblive2k\audiohq\AHQTB.EXE
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common

    files\adobe\calibration\Adobe Gamma Loader.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0

    \reader\reader_sl.exe
    IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google

    toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1

    \micros~2\office11\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1

    \spybot~1\SDHelper.dll
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/0/5/7/05796dde-b2ba

    -4eef-8da4-f99c7e0c9b92/LegitCheckControl.cab
    DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} -

    hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-

    i586.cab
    DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} -

    hxxp://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
    DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-

    i586.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-

    i586.cab
    DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-

    i586.cab
    DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-

    i586.cab
    DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-

    i586.cab
    DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-

    i586.cab
    DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-

    i586.cab
    DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-

    i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-

    i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-

    i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-

    i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-

    i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-

    windows-i586.cab
    DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} - hxxp://www.live365.com/players/play365.cab
    DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} -

    hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15108/CTPID.cab
    Notify: igfxcui - igfxsrvc.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32

    \WPDShServiceObj.dll
    SEH: CShellExecuteHookImpl Object: {54d9498b-cf93-414f-8984-8ce7fde0d391} - c:\program files\ewido anti-

    malware\shellhook.dll
    Hosts: 127.0.0.1 www.spywareinfo.com

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\1hpaxfmn.default\
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - plugin: c:\documents and settings\owner\application data\move networks\plugins\npqmp071505000010.dll
    FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\videoegg\loader\2663\npvideoegg-loader.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} -

    c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016

    -0000-0007-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016

    -0000-0011-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016

    -0000-0013-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016

    -0000-0014-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016

    -0000-0015-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016

    -0000-0017-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016

    -0000-0020-ABCDEFFEDCBA}

    ============= SERVICES / DRIVERS ===============

    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-4-5 114768]
    R1 ewido security suite driver;ewido security suite driver;c:\program files\ewido anti-malware\guard.sys [2005-12-30 3072]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-4-5 20560]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2006-2-25 138680]
    R2 ewido security suite control;ewido security suite control;c:\program files\ewido anti-malware\ewidoctrl.exe [2005-11-30

    13888]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-8 135664]
    S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2006-2-25 254040]
    S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2006-2-25 352920]
    S4 ewido security suite guard;ewido security suite guard;c:\program files\ewido anti-malware\ewidoguard.exe [2005-12-18

    151616]

    =============== Created Last 30 ================

    2010-08-04 01:46:16 0 d-----w- c:\windows\system32\wbem\Repository
    2010-07-16 04:02:37 13783040 ----a-w- c:\documents and settings\owner\s-1-5-21-2750416039-201122838-

    359310041-1003.rrr
    2010-07-14 03:46:11 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

    ==================== Find3M ====================

    2010-05-15 08:15:55 411368 ----a-w- c:\windows\system32\deployJava1.dll
    2009-11-06 07:53:28 8416452 ----a-w- c:\program files\audioextractor.exe
    2009-10-05 08:01:14 570208 ----a-w- c:\program files\googleupdatesetup.exe
    2008-10-14 00:27:43 961204 ----a-w- c:\program files\extractnow.exe
    2008-10-12 03:34:39 1234120 ----a-w- c:\program files\wrar380.exe
    2008-07-20 19:20:00 38005024 ----a-w- c:\program files\AVSVideoConverter.exe
    2008-05-04 03:14:13 243864 ----a-w- c:\program files\prismsetup.exe
    2007-08-16 06:15:54 381952 -c--a-w- c:\program files\justzipit.exe
    2007-01-10 06:43:49 14994392 -c--a-w- c:\program files\GoogleEarthWin.exe
    2006-12-11 08:48:57 9918872 -c--a-w- c:\program files\WMEncoder.exe
    2005-12-31 23:24:38 7079 -c--a-w- c:\program files\hijackthis.log
    2005-12-31 20:57:41 532480 -c--a-w- c:\program files\CWShredder.exe
    2005-12-31 02:46:20 218112 ----a-w- c:\program files\HijackThis.exe
    2008-09-04 05:34:52 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5

    \mshist012008090320080904\index.dat

    ============= FINISH: 23:14:37.10 ===============

    Sure enough, within two minutes of opening up Explorer, cdn4.specificclick.net reappeared in the Shared Objects folder. I'll stick it in the recycle bin for the time being
     
    IDLERACER,
    #5
  7. 2010/08/10
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Attach.txt part of DDS is missing.
    Also, please, disable "word wrap" in Notepad, because your logs are hard to read.
     
    broni,
    #6
  8. 2010/08/10
    IDLERACER

    IDLERACER Inactive Thread Starter

    Joined:
    2005/06/24
    Messages:
    136
    Likes Received:
    0
    Sorry about that. Here ya go:

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-03-17.01)

    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 7/26/2005 9:32:51 PM
    System Uptime: 8/8/2010 11:29:56 PM (24 hours ago)

    Motherboard: Intel Corporation | | D865GVHZ
    Processor: Intel(R) Celeron(R) CPU 2.93GHz | J2E1 | 2926/133mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 90 GiB total, 57.542 GiB free.
    D: is FIXED (FAT32) - 3 GiB total, 1.178 GiB free.
    E: is CDROM ()
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable

    ==== Disabled Device Manager Items =============

    Class GUID:
    Description: Multimedia Audio Controller
    Device ID: PCI\VEN_8086&DEV_24D5&SUBSYS_4043107B&REV_02\3&267A616A&0&FD
    Manufacturer:
    Name: Multimedia Audio Controller
    PNP Device ID: PCI\VEN_8086&DEV_24D5&SUBSYS_4043107B&REV_02\3&267A616A&0&FD
    Service:

    ==== System Restore Points ===================

    RP1734: 5/11/2010 9:31:49 PM - Restore Operation
    RP1735: 5/12/2010 1:31:23 AM - Software Distribution Service 3.0
    RP1736: 5/13/2010 2:14:15 AM - System Checkpoint
    RP1737: 5/14/2010 3:14:14 AM - System Checkpoint
    RP1738: 5/15/2010 1:14:55 AM - Removed Java(TM) 6 Update 11
    RP1739: 5/15/2010 1:15:18 AM - Installed Java(TM) 6 Update 20
    RP1740: 5/16/2010 1:34:52 AM - System Checkpoint
    RP1741: 5/17/2010 2:29:39 AM - System Checkpoint
    RP1742: 5/18/2010 3:14:19 AM - System Checkpoint
    RP1743: 5/19/2010 4:27:21 AM - System Checkpoint
    RP1744: 5/20/2010 5:14:18 AM - System Checkpoint
    RP1745: 5/21/2010 8:02:16 AM - System Checkpoint
    RP1746: 5/22/2010 8:49:31 AM - System Checkpoint
    RP1747: 5/23/2010 9:52:53 AM - System Checkpoint
    RP1748: 5/23/2010 6:44:23 PM - Restore Operation
    RP1749: 5/24/2010 8:19:02 PM - System Checkpoint
    RP1750: 5/25/2010 7:09:32 PM - Software Distribution Service 3.0
    RP1751: 5/26/2010 7:58:46 PM - System Checkpoint
    RP1752: 5/27/2010 8:16:35 PM - System Checkpoint
    RP1753: 5/28/2010 8:24:59 PM - System Checkpoint
    RP1754: 5/29/2010 8:52:36 PM - System Checkpoint
    RP1755: 5/31/2010 4:14:52 AM - System Checkpoint
    RP1756: 5/31/2010 3:35:24 PM - Restore Operation
    RP1757: 6/1/2010 7:46:44 PM - System Checkpoint
    RP1758: 6/2/2010 8:40:32 PM - System Checkpoint
    RP1759: 6/4/2010 2:07:45 AM - System Checkpoint
    RP1760: 6/5/2010 2:29:46 AM - System Checkpoint
    RP1761: 6/6/2010 3:20:29 AM - System Checkpoint
    RP1762: 6/7/2010 3:21:35 AM - System Checkpoint
    RP1763: 6/8/2010 4:20:31 AM - System Checkpoint
    RP1764: 6/9/2010 5:21:39 AM - System Checkpoint
    RP1765: 6/10/2010 6:20:34 AM - System Checkpoint
    RP1766: 6/11/2010 1:18:45 AM - Software Distribution Service 3.0
    RP1767: 6/12/2010 1:53:34 AM - System Checkpoint
    RP1768: 6/13/2010 2:13:57 AM - System Checkpoint
    RP1769: 6/14/2010 2:53:34 AM - System Checkpoint
    RP1770: 6/15/2010 3:53:33 AM - System Checkpoint
    RP1771: 6/16/2010 4:53:35 AM - System Checkpoint
    RP1772: 6/17/2010 5:53:35 AM - System Checkpoint
    RP1773: 6/18/2010 6:42:54 AM - System Checkpoint
    RP1774: 6/19/2010 8:33:44 AM - System Checkpoint
    RP1775: 6/20/2010 8:42:57 AM - System Checkpoint
    RP1776: 6/21/2010 10:02:37 AM - System Checkpoint
    RP1777: 6/22/2010 11:02:47 AM - System Checkpoint
    RP1778: 6/23/2010 12:44:08 PM - System Checkpoint
    RP1779: 6/24/2010 3:00:35 AM - Software Distribution Service 3.0
    RP1780: 6/25/2010 3:42:59 AM - System Checkpoint
    RP1781: 6/26/2010 4:44:03 AM - System Checkpoint
    RP1782: 6/27/2010 5:43:04 AM - System Checkpoint
    RP1783: 6/28/2010 6:41:25 AM - System Checkpoint
    RP1784: 6/29/2010 7:41:26 AM - System Checkpoint
    RP1785: 6/30/2010 8:42:31 AM - System Checkpoint
    RP1786: 7/1/2010 9:10:12 AM - System Checkpoint
    RP1787: 7/2/2010 9:24:59 AM - System Checkpoint
    RP1788: 7/3/2010 9:44:04 AM - System Checkpoint
    RP1789: 7/4/2010 10:43:20 AM - System Checkpoint
    RP1790: 7/5/2010 11:39:06 AM - System Checkpoint
    RP1791: 7/6/2010 12:11:33 PM - System Checkpoint
    RP1792: 7/7/2010 1:50:46 PM - System Checkpoint
    RP1793: 7/8/2010 2:29:49 PM - System Checkpoint
    RP1794: 7/9/2010 3:52:22 PM - System Checkpoint
    RP1795: 7/10/2010 4:27:54 PM - System Checkpoint
    RP1796: 7/11/2010 6:22:23 PM - System Checkpoint
    RP1797: 7/12/2010 7:41:30 PM - System Checkpoint
    RP1798: 7/13/2010 8:15:15 PM - System Checkpoint
    RP1799: 7/14/2010 1:17:03 AM - Software Distribution Service 3.0
    RP1800: 7/15/2010 1:18:01 AM - System Checkpoint
    RP1801: 7/15/2010 8:59:44 PM - Made by Registry Mechanic
    RP1802: 7/15/2010 10:53:40 PM - Made by Registry Mechanic
    RP1803: 7/16/2010 1:03:24 PM - Made by Registry Mechanic
    RP1804: 7/17/2010 1:19:48 AM - Restore Operation
    RP1805: 7/17/2010 3:02:34 AM - Software Distribution Service 3.0
    RP1806: 7/18/2010 3:39:04 AM - System Checkpoint
    RP1807: 7/19/2010 3:54:17 AM - System Checkpoint
    RP1808: 7/20/2010 3:59:17 AM - System Checkpoint
    RP1809: 7/21/2010 5:00:21 AM - System Checkpoint
    RP1810: 7/22/2010 5:07:09 AM - System Checkpoint
    RP1811: 7/23/2010 6:01:43 AM - System Checkpoint
    RP1812: 7/24/2010 6:59:14 AM - System Checkpoint
    RP1813: 7/25/2010 7:59:18 AM - System Checkpoint
    RP1814: 7/26/2010 9:48:28 AM - System Checkpoint
    RP1815: 7/27/2010 1:31:31 PM - System Checkpoint
    RP1816: 7/28/2010 3:09:17 PM - System Checkpoint
    RP1817: 7/29/2010 3:32:19 PM - System Checkpoint
    RP1818: 7/30/2010 6:23:37 PM - System Checkpoint
    RP1819: 7/31/2010 6:40:14 PM - System Checkpoint
    RP1820: 8/1/2010 7:49:17 PM - System Checkpoint
    RP1821: 8/2/2010 6:48:31 PM - Software Distribution Service 3.0
    RP1822: 8/3/2010 6:42:42 PM - Restore Operation
    RP1823: 8/3/2010 7:42:27 PM - Software Distribution Service 3.0
    RP1824: 8/4/2010 11:34:47 PM - System Checkpoint
    RP1825: 8/6/2010 2:13:28 AM - System Checkpoint
    RP1826: 8/7/2010 2:25:59 AM - System Checkpoint
    RP1827: 8/8/2010 2:55:17 AM - System Checkpoint
    RP1828: 8/9/2010 3:34:42 AM - System Checkpoint

    ==== Installed Programs ======================

    Adobe Acrobat 4.0
    Adobe Flash Player 10 ActiveX
    Adobe Photoshop 7.0
    Adobe Reader 7.0.5 Language Support
    Adobe Reader 7.1.0
    Adobe® Photoshop® Album Starter Edition 3.0
    AoA Audio Extractor 1.0
    AOL You've Got Pictures Screensaver
    Apple Application Support
    Apple Software Update
    avast! Antivirus
    AVS Video Converter 6
    AVS4YOU Software Navigator 1.2
    Digital Media Reader
    DreamStation DXi2
    ewido anti-malware
    Google Chrome
    Google Earth
    Google Toolbar for Internet Explorer
    Google Update Helper
    HijackThis 1.99.1
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    Intel(R) Extreme Graphics 2 Driver
    Intel(R) PRO Network Adapters and Drivers
    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 11
    J2SE Runtime Environment 5.0 Update 4
    J2SE Runtime Environment 5.0 Update 6
    J2SE Runtime Environment 5.0 Update 8
    J2SE Runtime Environment 5.0 Update 9
    Java Auto Updater
    Java(TM) 6 Update 2
    Java(TM) 6 Update 20
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Java(TM) SE Runtime Environment 6 Update 1
    Macromedia Fireworks MX
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft IntelliPoint 5.3
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Standard Edition 2003
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Works
    Move Media Player
    Mozilla Firefox (3.5.3)
    MSN
    MSXML 4.0 SP2 (KB925672)
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Music Creator 2
    Nero 7 Essentials
    Nero BurnRights
    neroxml
    PDFCreator
    PowerDVD
    QuickTime
    RealPlayer
    Recovery Software Suite eMachines
    Registry Mechanic 5.1
    Score Writer 2.1
    Security Update for CAPICOM (KB931906)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 7 (KB974455)
    Security Update for Windows Internet Explorer 7 (KB976325)
    Security Update for Windows Internet Explorer 7 (KB978207)
    Security Update for Windows Internet Explorer 7 (KB982381)
    Security Update for Windows Media Encoder (KB954156)
    Security Update for Windows Media Encoder (KB979332)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB981349)
    sfArk
    SoftV92 Data Fax Modem with SmartCP
    Sound Blaster Live!
    Spybot - Search & Destroy
    Spybot - Search & Destroy 1.4
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 7 (KB976749)
    Update for Windows Internet Explorer 7 (KB980182)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Verizon Online Help and Support
    VideoEgg Publisher
    Viewpoint Media Player
    Virtual Sound Canvas DXi
    WAV to MP3 Encoder
    WavePad Uninstall
    WebFldrs XP
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage v1.3.0254.0
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 7
    Windows Media Encoder 9 Series
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3
    WinRAR archiver
    Yahoo! Mail Quick Select Tool (PhotoMail)

    ==== Event Viewer Messages From Past Week ========

    8/8/2010 11:34:02 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 bf812510, parameter3 ecd349cc, parameter4 00000000.
    8/2/2010 6:16:50 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.

    ==== End Of File ===========================

    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Owner at 23:13:52.59 on Mon 08/09/2010
    Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_20
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.495.170 [GMT -7:00]

    AV: avast! antivirus 4.8.1368 [VPS 100809-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    C:\WINDOWS\Explorer.EXE
    svchost.exe
    svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    C:\Program Files\Digital Media Reader\shwiconem.exe
    C:\WINDOWS\system32\devldr32.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\Creative\ShareDLL\CtNotify.exe
    C:\Program Files\Creative\ShareDLL\Mediadet.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
    C:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Documents and Settings\Owner\Desktop\dds.pif

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.yahoo.com/
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe "
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mSearchAssistant = hxxp://www.google.com/ie
    mURLSearchHooks: H - No File
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
    BHO: {2AA0FE3E-BB7C-7DE4-3FD1-D24B5ACFB827} - No File
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
    BHO: {52CE8742-BCE2-8A43-5E70-10C016F66C01} - No File
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
    TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
    uRun: [SetDefaultMIDI] MIDIDef.exe
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
    uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe "
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1
    uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c
    mRun: [SunKistEM] c:\program files\digital media reader\shwiconem.exe
    mRun: [<NO NAME>]
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe "
    mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
    mRun: [WINDVDPatch] CTHELPER.EXE
    mRun: [Jet Detection] "c:\program files\creative\sblive\program\ADGJDet.exe "
    mRun: [Disc Detector] c:\program files\creative\sharedll\CtNotify.exe
    mRun: [RegistryMechanic]
    mRun: [Reminder] %WINDIR%\Creator\Remind_XP.exe
    mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
    mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe "
    mRun: [Motive SmartBridge] c:\progra~1\verizon\smartb~1\MotiveSB.exe
    mRun: [DevconDefaultDB] c:\windows\READREG /PSCONV={NO} /NO_DEFPS
    mRun: [UpdReg] c:\windows\Updreg.exe
    mRun: [AudioHQ] c:\program files\creative\sblive2k\audiohq\AHQTB.EXE
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
    IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/0/5/7/05796dde-b2ba-4eef-8da4-f99c7e0c9b92/LegitCheckControl.cab
    DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} - hxxp://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
    DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} - hxxp://www.live365.com/players/play365.cab
    DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15108/CTPID.cab
    Notify: igfxcui - igfxsrvc.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: CShellExecuteHookImpl Object: {54d9498b-cf93-414f-8984-8ce7fde0d391} - c:\program files\ewido anti-malware\shellhook.dll
    Hosts: 127.0.0.1 www.spywareinfo.com

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\1hpaxfmn.default\
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - plugin: c:\documents and settings\owner\application data\move networks\plugins\npqmp071505000010.dll
    FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\videoegg\loader\2663\npvideoegg-loader.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

    ============= SERVICES / DRIVERS ===============

    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-4-5 114768]
    R1 ewido security suite driver;ewido security suite driver;c:\program files\ewido anti-malware\guard.sys [2005-12-30 3072]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-4-5 20560]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2006-2-25 138680]
    R2 ewido security suite control;ewido security suite control;c:\program files\ewido anti-malware\ewidoctrl.exe [2005-11-30 13888]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-8 135664]
    S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2006-2-25 254040]
    S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2006-2-25 352920]
    S4 ewido security suite guard;ewido security suite guard;c:\program files\ewido anti-malware\ewidoguard.exe [2005-12-18 151616]

    =============== Created Last 30 ================

    2010-08-04 01:46:16 0 d-----w- c:\windows\system32\wbem\Repository
    2010-07-16 04:02:37 13783040 ----a-w- c:\documents and settings\owner\s-1-5-21-2750416039-201122838-359310041-1003.rrr
    2010-07-14 03:46:11 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

    ==================== Find3M ====================

    2010-05-15 08:15:55 411368 ----a-w- c:\windows\system32\deployJava1.dll
    2009-11-06 07:53:28 8416452 ----a-w- c:\program files\audioextractor.exe
    2009-10-05 08:01:14 570208 ----a-w- c:\program files\googleupdatesetup.exe
    2008-10-14 00:27:43 961204 ----a-w- c:\program files\extractnow.exe
    2008-10-12 03:34:39 1234120 ----a-w- c:\program files\wrar380.exe
    2008-07-20 19:20:00 38005024 ----a-w- c:\program files\AVSVideoConverter.exe
    2008-05-04 03:14:13 243864 ----a-w- c:\program files\prismsetup.exe
    2007-08-16 06:15:54 381952 -c--a-w- c:\program files\justzipit.exe
    2007-01-10 06:43:49 14994392 -c--a-w- c:\program files\GoogleEarthWin.exe
    2006-12-11 08:48:57 9918872 -c--a-w- c:\program files\WMEncoder.exe
    2005-12-31 23:24:38 7079 -c--a-w- c:\program files\hijackthis.log
    2005-12-31 20:57:41 532480 -c--a-w- c:\program files\CWShredder.exe
    2005-12-31 02:46:20 218112 ----a-w- c:\program files\HijackThis.exe
    2008-09-04 05:34:52 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090320080904\index.dat

    ============= FINISH: 23:14:37.10 ===============
     
    IDLERACER,
    #7
  9. 2010/08/10
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Very good :)

    STEP 1. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/mbam.php to your desktop.
    (Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform Quick Scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt


    STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
    Alternative downloads:
    - http://majorgeeks.com/GMER_d5198.html
    - http://www.softpedia.com/get/Interne...ers/GMER.shtml
    Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
    Do NOT use the computer while GMER is running!
    When scan is completed, click Save button, and save the results as gmer.log
    Warning ! Please, do not select the "Show all" checkbox during the scan.
    Post the log to your next reply.

    IMPORTANT! If for some reason GMER refuses to run, try again.
    If it still fails, try to UN-check "Devices" in right pane.
    If still no joy, try to run it from Safe Mode.


    STEP 3. Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.



    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #8
  10. 2010/08/10
    IDLERACER

    IDLERACER Inactive Thread Starter

    Joined:
    2005/06/24
    Messages:
    136
    Likes Received:
    0
    Thanks. I will do all of that this evening. By the way, thanks for the advice about disabling Spybot. :cool: I have a feeling it was interfering with Avast's ability to do it's job. Since I last posted, I did a thorough Avast scan with Spybot disabled, and one trojan was discovered (I moved it to Avast's chest, so it will be automatically E-mailed to them during their next automatic update). That might have even done the job as far as specificclick is concerned (it hasn't re-appeared yet!) I will definitely take your advice and remove Spybot from the computer altogether, as it really does appear to be outdated software that's more of a hindrance than a help. ;)
     
    IDLERACER,
    #9
  11. 2010/08/10
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Very well :)
     
    broni,
    #10
  12. 2010/08/11
    IDLERACER

    IDLERACER Inactive Thread Starter

    Joined:
    2005/06/24
    Messages:
    136
    Likes Received:
    0
    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4420

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 7.0.5730.11

    8/11/2010 8:07:22 PM
    mbam-log-2010-08-11 (20-07-22).txt

    Scan type: Quick scan
    Objects scanned: 134298
    Time elapsed: 14 minute(s), 49 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 29
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 17
    Files Infected: 298

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\videoegg.activexloader (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{168dc258-1455-4e61-8590-9dac2f27b675} (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{1a8642f1-dc80-4edc-a39d-0fb62a58b455} (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{3f91eb90-ef62-44ee-a685-fac29af111cd} (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{5c29c7e4-5321-4cad-be2e-877666bed5df} (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{83dfb6ee-ab18-41b5-86d4-b544a141d67e} (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{88d6cf0e-cf70-4c24-bf6e-e4e414bc649c} (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{8f6a82a2-d7b1-443e-bb9f-f7dc887dd618} (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{9856e2d8-ffb2-4fe5-8cad-d5ad6a35a804} (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{a3d06987-c35e-49e4-8fe2-ac67b9fbfb4c} (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{a58c497b-3ee2-45e7-9594-daca6be2a0d0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{ad0a3058-fd49-4f98-a514-fd055201835e} (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{ad5915ea-b61a-4dba-b5c8-ef4b2df0a3c7} (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{bb187c0d-6f53-4f3e-9590-98fd3a7364a2} (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{c5041fd9-4819-4dc4-b20e-c950b5b03d2a} (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5041fd9-4819-4dc4-b20e-c950b5b03d2a} (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{d17726cc-d4dd-4c4a-9671-471d56e413b5} (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{db8cce99-59c6-4552-8bfc-058feb38d6ce} (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{dc3a04ee-cdd7-4407-915c-a5502f97eecd} (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{e1a63484-a022-4d42-830a-fbd411514440} (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{e282c728-189d-419e-8ee2-1601f4b39ba5} (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\videoegg.activexloader.1 (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videoegg.com/publisher,version=0.2.0 (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videoegg.com/updater,version=0.2.0 (Adware.VideoEgg) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    (Continued in next post)
     
    IDLERACER,
    #11
  13. 2010/08/11
    IDLERACER

    IDLERACER Inactive Thread Starter

    Joined:
    2005/06/24
    Messages:
    136
    Likes Received:
    0
    There was so much, I couldn't fit it all into one post:

    Folders Infected:
    C:\Documents and Settings\All Users\Application Data\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Data (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461 (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\messages (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520 (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\messages (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Updater (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Updater\2663 (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Updater\4458 (Adware.VideoEgg) -> Quarantined and deleted successfully.

    Files Infected:
    C:\Program Files\VideoEgg\Loader\2663\npvideoegg-loader.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\VideoEgg\user.dat (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\DataLOCKED (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Data\report.log (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\publisher.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\avcodec.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\crashRpt.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\dataCollection.tmp (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\FLVEncoder.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\lame_enc.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\LevelMeter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\libpng.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\npvideoegg-publisher.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\report.log (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\VideoEgg_FLVWriter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\zlib.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\aol_watermark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\audio_combo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\audio_source.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\big_gray_logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\big_logo_cropped.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\blank_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\button_browse_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\button_browse_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\button_browse_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\camcorders_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\camcorder_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\camcorder_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\corners_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\corners_bottom_left_curve.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\corners_bottom_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\corners_top_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\done.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\done_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\done_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\done_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\done_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\done_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\dropshadow_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\dropshadow_horiz.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\dropshadow_vertical.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\dropzone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\dv_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\dv_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\dv_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\dv_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\dv_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\email_instructions.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\email_sent.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\email_sent_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\email_sent_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\eraser.CUR (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\eraser_cursor.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\file_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\file_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\help.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\icon_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\icon_camcorders.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\icon_camcorder_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\icon_camcorder_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\icon_ff.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\icon_file_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\icon_file_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\icon_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\icon_phone_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\icon_phone_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\icon_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\icon_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\icon_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\icon_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\icon_webcams.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\icon_webcam_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\icon_webcam_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\loading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\loading_movie.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\locating.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\logo_bottom.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\logo_middle.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\logo_top.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\mobile_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\mobile_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\mobile_slide_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\movie_placeholder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\ok.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\ok_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\ok_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\player_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\player_fast_forward_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\player_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\player_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\player_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\player_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\player_rewind_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\player_rewind_to_start.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\playhead.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\powered_by.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\progress.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\refresh_list_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\refresh_list_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\refresh_list_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\restart.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\restart_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\start_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\start_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\start_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\start_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\start_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\start_over_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\start_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\stop_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\stop_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\stop_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\stop_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\stop_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\tab_slide_deselected.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\tape_control.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\text_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\text_camcorder_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\text_file.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\text_file_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\text_phone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\text_phone_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\text_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\text_webcam_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\upload.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\uploading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\uploading_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\uploading_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\uploading_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\uploading_medium.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\uploading_thumbnail.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\upload_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\upload_from.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\upload_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\volume_gray.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\volume_green.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\volume_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\volume_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\volume_orange.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\volume_red.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\volume_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\waiting_for_email.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\webcams_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\webcam_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\webcam_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\messages\messages.en-US.bundle (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\avcodec.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\crashRpt.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\FLVEncoder.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\lame_enc.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\LevelMeter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\libpng.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\npvideoegg-publisher.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\VideoEgg_FLVWriter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\zlib.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\aol_watermark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\audio_combo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\audio_source.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\big_gray_logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\big_logo_cropped.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\blank_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorders_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorder_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorder_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_left_curve.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_top_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_horiz.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_vertical.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropzone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_instructions.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\eraser.CUR (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\eraser_cursor.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\file_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\file_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\help.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorders.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_ff.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_file_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_file_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_phone_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_phone_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcams.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\loading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\loading_movie.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\locating.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_bottom.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_middle.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_top.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_slide_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\movie_placeholder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fast_forward_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind_to_start.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\playhead.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\powered_by.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\progress.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\restart.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\restart_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_over_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\tab_slide_deselected.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\tape_control.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_camcorder_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_file.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_file_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_phone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_phone_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_webcam_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_medium.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_thumbnail.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_from.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_gray.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_green.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_orange.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_red.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\waiting_for_email.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcams_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcam_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcam_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\messages\messages.en-US.bundle (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Updater\updater.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Updater\VideoEggBroker.exe (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Updater\2663\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Updater\2663\updater.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Updater\4458\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\VideoEgg\Updater\4458\updater.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\WINDOWS\hosts (Trojan.Agent) -> Quarantined and deleted successfully.
     
    IDLERACER,
    #12
  14. 2010/08/11
    IDLERACER

    IDLERACER Inactive Thread Starter

    Joined:
    2005/06/24
    Messages:
    136
    Likes Received:
    0
    I will now restart my computer (which is what Malwarebytes has instructed me to do) and then go for GMER and MBRCheck. ;)
     
    IDLERACER,
    #13
  15. 2010/08/12
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Go ahead :)
     
    broni,
    #14
  16. 2010/08/12
    IDLERACER

    IDLERACER Inactive Thread Starter

    Joined:
    2005/06/24
    Messages:
    136
    Likes Received:
    0
    This log is horizontally large, regardless of whether or not it is in the "word wrap" mode. Not sure how it's going to look but here goes:

    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-08-11 22:04:02
    Windows 5.1.2600 Service Pack 3
    Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\kwtyapow.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xEEBF46B8]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xEEBF4574]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xEEBF4A52]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xEEBF414C]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xEEBF464E]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xEEBF408C]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xEEBF40F0]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xEEBF476E]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xEEBF472E]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xEEBF48AE]
    SSDT \??\C:\Program Files\ewido anti-malware\guard.sys ZwTerminateProcess [0xF7C9D604]

    ---- Kernel code sections - GMER 1.0.15 ----

    ? hffl.sys The system cannot find the file specified. !
    init C:\WINDOWS\System32\Drivers\sunkfilt.sys entry point in "init" section [0xF790E300]

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00390002
    IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00390000

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

    ---- EOF - GMER 1.0.15 ----
     
    IDLERACER,
    #15
  17. 2010/08/12
    IDLERACER

    IDLERACER Inactive Thread Starter

    Joined:
    2005/06/24
    Messages:
    136
    Likes Received:
    0
    Finally, here's this. What does it all mean? One of those little yellow "Windows Update" shields recently appeared on my toolbar and I'm going to assume it's safe to click on it and install whatever it's going to install.

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Home Edition
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x000001fc

    Kernel Drivers (total 168):
    0x804D7000 \WINDOWS\system32\ntoskrnl.exe
    0x806EE000 \WINDOWS\system32\hal.dll
    0xF7B3E000 \WINDOWS\system32\KDCOM.DLL
    0xF7A4E000 \WINDOWS\system32\BOOTVID.dll
    0xF75EF000 ACPI.sys
    0xF7B40000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xF75DE000 pci.sys
    0xF763E000 isapnp.sys
    0xF7C06000 pciide.sys
    0xF78BE000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xF7B42000 aliide.sys
    0xF7B44000 cmdide.sys
    0xF7B46000 toside.sys
    0xF7B48000 viaide.sys
    0xF7B4A000 intelide.sys
    0xF764E000 MountMgr.sys
    0xF75BF000 ftdisk.sys
    0xF78C6000 PartMgr.sys
    0xF765E000 VolSnap.sys
    0xF7A52000 cpqarray.sys
    0xF75A7000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
    0xF758F000 atapi.sys
    0xF7A56000 aha154x.sys
    0xF78CE000 sparrow.sys
    0xF7A5A000 symc810.sys
    0xF766E000 aic78xx.sys
    0xF7A5E000 dac960nt.sys
    0xF767E000 ql10wnt.sys
    0xF7A62000 amsint.sys
    0xF78D6000 asc.sys
    0xF7A66000 asc3550.sys
    0xF78DE000 mraid35x.sys
    0xF78E6000 i2omp.sys
    0xF7A6A000 ini910u.sys
    0xF768E000 ql1240.sys
    0xF769E000 aic78u2.sys
    0xF78EE000 symc8xx.sys
    0xF78F6000 sym_hi.sys
    0xF78FE000 sym_u3.sys
    0xF7906000 ABP480N5.SYS
    0xF790E000 asc3350p.sys
    0xF7B4C000 cd20xrnt.sys
    0xF76AE000 ultra.sys
    0xF7576000 adpu160m.sys
    0xF7916000 dpti2o.sys
    0xF76BE000 ql1080.sys
    0xF76CE000 ql1280.sys
    0xF76DE000 ql12160.sys
    0xF791E000 perc2.sys
    0xF7B4E000 perc2hib.sys
    0xF7926000 hpn.sys
    0xF7A6E000 cbidf2k.sys
    0xF754A000 dac2w2k.sys
    0xF76EE000 disk.sys
    0xF76FE000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xF752A000 fltmgr.sys
    0xF7518000 sr.sys
    0xF7501000 KSecDD.sys
    0xF74EE000 WudfPf.sys
    0xF7461000 Ntfs.sys
    0xF7434000 NDIS.sys
    0xF770E000 sisagp.sys
    0xF771E000 viaagp.sys
    0xF741A000 Mup.sys
    0xF772E000 agp440.sys
    0xF773E000 alim1541.sys
    0xF774E000 amdagp.sys
    0xF775E000 agpCPQ.sys
    0xF77AE000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0xF695D000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
    0xF6949000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xF7A3E000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0xF6925000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xF7A46000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xF68DF000 \SystemRoot\system32\drivers\emu10k1m.sys
    0xF68BB000 \SystemRoot\system32\drivers\portcls.sys
    0xF77BE000 \SystemRoot\system32\drivers\drmk.sys
    0xF6898000 \SystemRoot\system32\drivers\ks.sys
    0xF77CE000 \SystemRoot\system32\drivers\sfmanm.sys
    0xF7B6E000 \SystemRoot\system32\drivers\ctlfacem.sys
    0xF73EA000 \SystemRoot\system32\DRIVERS\gameenum.sys
    0xF6872000 \SystemRoot\system32\DRIVERS\e100b325.sys
    0xF77DE000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0xF7956000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xF795E000 \SystemRoot\system32\DRIVERS\fdc.sys
    0xF77EE000 \SystemRoot\system32\DRIVERS\serial.sys
    0xF73E6000 \SystemRoot\system32\DRIVERS\serenum.sys
    0xF685E000 \SystemRoot\system32\DRIVERS\parport.sys
    0xF77FE000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xF780E000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xF781E000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xF7CA7000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xF782E000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xF73DE000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xF6847000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xF783E000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xF784E000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xF7966000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xF6836000 \SystemRoot\system32\DRIVERS\psched.sys
    0xF785E000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xF796E000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xF7976000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xF786E000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xF797E000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xF7B70000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xF67D8000 \SystemRoot\system32\DRIVERS\update.sys
    0xF73D6000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xF789E000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xF78AE000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xF7B72000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xF7AFA000 \SystemRoot\System32\Drivers\i2omgmt.SYS
    0xF7B86000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xF7D0C000 \SystemRoot\System32\Drivers\Null.SYS
    0xF7B88000 \SystemRoot\System32\Drivers\Beep.SYS
    0xF799E000 \SystemRoot\System32\drivers\vga.sys
    0xF7B8A000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xF7B8C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xF79A6000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xF79AE000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xF7AFE000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xEE4E9000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xEE490000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xF7382000 \SystemRoot\System32\Drivers\aswTdi.SYS
    0xEE3AA000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xF7372000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xEE382000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xEE360000 \SystemRoot\System32\drivers\afd.sys
    0xF7362000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xEE335000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xEE29D000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xF7342000 \SystemRoot\System32\Drivers\Fips.SYS
    0xF7D25000 \??\C:\Program Files\ewido anti-malware\guard.sys
    0xEE25C000 \SystemRoot\System32\Drivers\aswSP.SYS
    0xF7B26000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0xF7332000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0xF79C6000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0xF79CE000 \SystemRoot\System32\Drivers\Aavmker4.SYS
    0xF79DE000 \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys
    0xF79E6000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0xF7B2A000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0xF79EE000 \SystemRoot\system32\DRIVERS\point32.sys
    0xEDEF8000 \SystemRoot\System32\Drivers\Fastfat.SYS
    0xEDEE0000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0xF7BC4000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xEE321000 \SystemRoot\System32\drivers\Dxapi.sys
    0xEE019000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xF7D46000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF020000 \SystemRoot\System32\ialmdnt5.dll
    0xBF012000 \SystemRoot\System32\ialmrnt5.dll
    0xBF03E000 \SystemRoot\System32\ialmdev5.DLL
    0xBF064000 \SystemRoot\System32\ialmdd5.DLL
    0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
    0xEDF4C000 \SystemRoot\system32\DRIVERS\aswFsBlk.sys
    0xEDE5C000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xEDBFA000 \SystemRoot\System32\Drivers\aswMon2.SYS
    0xEDA2D000 \SystemRoot\system32\drivers\wdmaud.sys
    0xEDD50000 \SystemRoot\system32\drivers\sysaudio.sys
    0xED81A000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xED847000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    0xF7B9A000 \??\C:\WINDOWS\system32\PfModNT.sys
    0xEDAF2000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xED65B000 \SystemRoot\system32\DRIVERS\srv.sys
    0xED6CA000 \SystemRoot\System32\Drivers\aswRdr.SYS
    0xED34A000 \SystemRoot\System32\Drivers\HTTP.sys
    0xECF0F000 \SystemRoot\system32\drivers\kmixer.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 48):
    0 System Idle Process
    4 System
    568 C:\WINDOWS\system32\smss.exe
    632 csrss.exe
    656 C:\WINDOWS\system32\winlogon.exe
    700 C:\WINDOWS\system32\services.exe
    720 C:\WINDOWS\system32\lsass.exe
    896 C:\WINDOWS\system32\svchost.exe
    964 svchost.exe
    1060 C:\WINDOWS\system32\svchost.exe
    1096 C:\WINDOWS\system32\svchost.exe
    1312 svchost.exe
    1436 C:\WINDOWS\explorer.exe
    1492 svchost.exe
    1620 C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    1668 C:\Program Files\Alwil Software\Avast4\ashServ.exe
    1960 C:\WINDOWS\system32\spoolsv.exe
    1120 svchost.exe
    1268 C:\Program Files\ewido anti-malware\ewidoctrl.exe
    1372 C:\Program Files\Java\jre6\bin\jqs.exe
    1584 C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    412 C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    552 C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    2124 alg.exe
    2552 C:\Program Files\Digital Media Reader\shwiconEM.exe
    2568 C:\WINDOWS\system32\devldr32.exe
    2592 C:\WINDOWS\system32\igfxtray.exe
    2608 C:\WINDOWS\system32\hkcmd.exe
    2652 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    2680 C:\WINDOWS\system32\CTHELPER.EXE
    2712 C:\Program Files\Creative\ShareDLL\CTNotify.exe
    2776 C:\Program Files\Creative\ShareDLL\Mediadet.exe
    2812 C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    2840 C:\Program Files\Microsoft IntelliPoint\point32.exe
    2872 C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
    2896 C:\Program Files\Creative\SBLive2k\AudioHQ\ahqtb.exe
    2924 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    2960 C:\Program Files\QuickTime\QTTask.exe
    3004 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    3076 C:\WINDOWS\system32\ctfmon.exe
    3084 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    3100 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    3468 C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    3592 C:\WINDOWS\system32\wuauclt.exe
    3680 C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    124 C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    2424 C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    3424 C:\Documents and Settings\Owner\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`d34dde00 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (FAT32)

    PhysicalDrive0 Model Number: ST3100011A, Rev: 3.02

    Size Device Name MBR Status
    --------------------------------------------
    93 GB \\.\PhysicalDrive0 Gateway MBR code detected
    SHA1: 007DADCB3671462B53686F6996D328CFD544ABBD


    Done!
     
    IDLERACER,
    #16
  18. 2010/08/12
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You can go ahead with Windows updates.

    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    [color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • [color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #17
  19. 2010/08/12
    IDLERACER

    IDLERACER Inactive Thread Starter

    Joined:
    2005/06/24
    Messages:
    136
    Likes Received:
    0
    I will do all this later this evening (sounds a bit complicated and I want to study it first). For the time being, it appears that specificclick is in remission, but I do want to make sure it's gone for good. ;)
     
    IDLERACER,
    #18
  20. 2010/08/12
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    No problem :)
     
    broni,
    #19
  21. 2010/08/13
    IDLERACER

    IDLERACER Inactive Thread Starter

    Joined:
    2005/06/24
    Messages:
    136
    Likes Received:
    0
    These are the most complicated instructions yet, and I have a few questions:

    1. First of all, I accidentally downloaded combofix to "Program Files" instead of the desktop (which is the default download folder on my computer). I have cut and pasted it on to the desktop and made the adjustment in the registry (via the use of "Registry Mechanic. ") Is this o.k, or do you recommend that I just delete it and download it again (this time directly on to the desktop) before starting?

    2. According to these instructions, I need to temporarily disable Avast (no problem), but should I also disable my modem's firewall?

    3. You mention that this will close my connection to the internet as soon as the scan starts. Would it be advisable to just do that myself before beginning the scan (by shutting off the modem)?

    4. Approximately how long is this scan going to take? I'm wondering if it might be better to begin this process when I'm certain I will not be web surfing for at least a few hours.

    5. Finally, are you absolutely certain I will be able to reconnect after this whole thing is finished? It would be downright scary if I wasn't.

    Incidentally, I'd like to mention that the problem that prompted me to start this thread in the first place appears to have been allieviated. cdn4.specificclick.net has not resurfaced since I did those MBR and GMER checks. :D
     
    IDLERACER,
    #20
Page 1 of 3

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...