Trojan Horse Generic15.BKQQ

View previous topic View next topic Go down

Trojan Horse Generic15.BKQQ

Post by crib_troll on 24th November 2009, 5:05 pm

I need some help getting rid of a Trojan Horse I picked up. Here are some screencaps of just a few of the messages I'm getting from AVG and below I've posted my log from HijackThis when I first downloaded and installed it. I tried running HijackThis again but now it freezes up once it gets to O15 Trusted Zone enumeration.

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:09:49 AM, on 11/24/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: IE AdBlock - {46B37057-5BA8-4014-B28D-6448FD171A3E} - C:\Program Files\IE AdBlock\IE AdBlock.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: IE AdBlock - {BE1B1F92-AC2E-4AFB-BC9D-07FE272C1373} - C:\Program Files\IE AdBlock\IE AdBlock.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - .DEFAULT User Startup: Pin.lnk.disabled (User 'Default user')
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - [You must be registered and logged in to see this link.]
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - [You must be registered and logged in to see this link.]
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0) - [You must be registered and logged in to see this link.]
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0) - [You must be registered and logged in to see this link.]
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0) - [You must be registered and logged in to see this link.]
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - [You must be registered and logged in to see this link.]
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 10783 bytes

crib_troll
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2009-11-24
OS OS : Windows XP
Points Points : 25758
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Horse Generic15.BKQQ

Post by Belahzur on 24th November 2009, 9:12 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Trojan Horse Generic15.BKQQ

Post by crib_troll on 25th November 2009, 3:59 am

I can't seem to open the MBAM log.

[You must be registered and logged in to see this link.]

I take it back, as I was writing this I thought maybe I could just navigate to that particular folder and open it with wordpad instead of notepad and that worked so here are the contents.

Malwarebytes' Anti-Malware 1.41
Database version: 3226
Windows 5.1.2600 Service Pack 3

11/24/2009 10:40:53 PM
mbam-log-2009-11-24 (22-40-53).txt

Scan type: Quick Scan
Objects scanned: 110841
Time elapsed: 13 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 25
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 14
Files Infected: 287

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\videoegg.activexloader (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{168dc258-1455-4e61-8590-9dac2f27b675} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1a8642f1-dc80-4edc-a39d-0fb62a58b455} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3f91eb90-ef62-44ee-a685-fac29af111cd} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5c29c7e4-5321-4cad-be2e-877666bed5df} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{83dfb6ee-ab18-41b5-86d4-b544a141d67e} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{88d6cf0e-cf70-4c24-bf6e-e4e414bc649c} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8f6a82a2-d7b1-443e-bb9f-f7dc887dd618} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9856e2d8-ffb2-4fe5-8cad-d5ad6a35a804} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a3d06987-c35e-49e4-8fe2-ac67b9fbfb4c} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a58c497b-3ee2-45e7-9594-daca6be2a0d0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ad0a3058-fd49-4f98-a514-fd055201835e} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ad5915ea-b61a-4dba-b5c8-ef4b2df0a3c7} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bb187c0d-6f53-4f3e-9590-98fd3a7364a2} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c5041fd9-4819-4dc4-b20e-c950b5b03d2a} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d17726cc-d4dd-4c4a-9671-471d56e413b5} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{db8cce99-59c6-4552-8bfc-058feb38d6ce} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{dc3a04ee-cdd7-4407-915c-a5502f97eecd} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e1a63484-a022-4d42-830a-fbd411514440} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e282c728-189d-419e-8ee2-1601f4b39ba5} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\videoegg.activexloader.1 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\videosoft (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videoegg.com/publisher,version=0.2.0 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videoegg.com/updater,version=0.2.0 (Adware.VideoEgg) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\All Users\Application Data\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\messages (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Updater (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Updater\2817 (Adware.VideoEgg) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\VideoEgg\Loader\2817\npvideoegg-loader.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\VideoEgg\user.dat (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\publisher.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\avcodec.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\crashRpt.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\FLVEncoder.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\lame_enc.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\LevelMeter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\libpng.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\npvideoegg-publisher.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\remoteblacklist (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\report.log (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\VideoEgg_FLVWriter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\zlib.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\aol_watermark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\audio_combo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\audio_source.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\big_gray_logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\big_logo_cropped.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\blank_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\button_browse_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\button_browse_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\button_browse_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\camcorders_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\camcorder_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\camcorder_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\corners_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\corners_bottom_left_curve.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\corners_bottom_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\corners_top_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\done.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\done_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\done_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\done_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\done_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\done_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\dropshadow_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\dropshadow_horiz.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\dropshadow_vertical.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\dropzone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\dv_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\dv_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\dv_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\dv_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\dv_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\email_instructions.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\email_sent.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\email_sent_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\email_sent_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\eraser.CUR (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\eraser_cursor.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\file_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\file_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\help.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\icon_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\icon_camcorders.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\icon_camcorder_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\icon_camcorder_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\icon_ff.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\icon_file_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\icon_file_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\icon_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\icon_phone_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\icon_phone_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\icon_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\icon_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\icon_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\icon_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\icon_webcams.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\icon_webcam_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\icon_webcam_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\loading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\loading_movie.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\locating.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\logo_bottom.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\logo_middle.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\logo_top.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\mobile_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\mobile_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\mobile_slide_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\movie_placeholder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\ok.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\ok_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\ok_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\player_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\player_fast_forward_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\player_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\player_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\player_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\player_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\player_rewind_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\player_rewind_to_start.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\playhead.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\powered_by.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\progress.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\refresh_list_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\refresh_list_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\refresh_list_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\restart.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\restart_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\skin.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\skin.zip (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\start_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\start_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\start_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\start_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\start_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\start_over_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\start_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\stop_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\stop_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\stop_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\stop_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\stop_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\tab_slide_deselected.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\tape_control.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\text_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\text_camcorder_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\text_file.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\text_file_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\text_phone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\text_phone_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\text_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\text_webcam_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\upload.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\uploading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\uploading_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\uploading_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\uploading_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\uploading_medium.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\uploading_thumbnail.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\upload_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\upload_from.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\upload_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\videoegg-large.ico (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\videoegg-small.ico (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\videoegg.ico (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\volume_gray.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\volume_green.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\volume_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\volume_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\volume_orange.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\volume_red.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\volume_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\waiting_for_email.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\webcams_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\webcam_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\gid326\cid1094\AOL1\images\webcam_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\aol_watermark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\audio_combo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\audio_source.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\big_gray_logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\big_logo_cropped.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\blank_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\button_browse_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\button_browse_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\button_browse_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\camcorders_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\camcorder_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\camcorder_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\corners_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\corners_bottom_left_curve.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\corners_bottom_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\corners_top_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\done.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\done_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\done_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\done_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\done_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\done_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\dropshadow_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\dropshadow_horiz.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\dropshadow_vertical.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\dropzone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\dv_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\dv_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\dv_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\dv_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\dv_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\email_instructions.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\email_sent.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\email_sent_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\email_sent_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\eraser.CUR (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\eraser_cursor.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\file_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\file_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\help.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\icon_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\icon_camcorders.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\icon_camcorder_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\icon_camcorder_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\icon_ff.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\icon_file_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\icon_file_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\icon_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\icon_phone_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\icon_phone_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\icon_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\icon_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\icon_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\icon_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\icon_webcams.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\icon_webcam_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\icon_webcam_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\loading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\loading_movie.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\locating.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\logo_bottom.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\logo_middle.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\logo_top.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\mobile_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\mobile_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\mobile_slide_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\movie_placeholder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\ok.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\ok_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\ok_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\player_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\player_fast_forward_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\player_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\player_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\player_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\player_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\player_rewind_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\player_rewind_to_start.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\playhead.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\powered_by.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\progress.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\refresh_list_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\refresh_list_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\refresh_list_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\restart.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\restart_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\start_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\start_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\start_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\start_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\start_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\start_over_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\start_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\stop_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\stop_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\stop_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\stop_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\stop_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\tab_slide_deselected.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\tape_control.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\text_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\text_camcorder_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\text_file.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\text_file_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\text_phone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\text_phone_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\text_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\text_webcam_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\upload.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\uploading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\uploading_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\uploading_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\uploading_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\uploading_medium.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\uploading_thumbnail.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\upload_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\upload_from.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\upload_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\volume_gray.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\volume_green.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\volume_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\volume_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\volume_orange.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\volume_red.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\volume_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\waiting_for_email.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\webcams_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\webcam_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\images\webcam_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Publisher\2817\resources\VideoEgg\messages\messages.en-US.bundle (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Updater\updater.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Updater\2817\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg\Updater\2817\updater.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\str.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

crib_troll
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2009-11-24
OS OS : Windows XP
Points Points : 25758
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Horse Generic15.BKQQ

Post by Belahzur on 25th November 2009, 7:37 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Trojan Horse Generic15.BKQQ

Post by swampyankee22 on 26th November 2009, 2:37 am

I wasn't sure if when you said post the log txt here, if you literally meant "here" so I sent you a PM... thanks for your help !

swampyankee22
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-11-26
OS OS : Windows XP SP3
Points Points : 25783
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Horse Generic15.BKQQ

Post by crib_troll on 26th November 2009, 4:54 am

ComboFix 09-11-25.03 - Compaq_Owner 11/25/2009 23:26.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1982.1479 [GMT -5:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Sygate Personal Firewall *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Start Menu\HP Image Zone .lnk
c:\recycler\S-1-5-21-484763869-2025429265-1177238915-1003
c:\windows\COUPON~1.OCX
c:\windows\CouponPrinter.ocx
c:\windows\system32\Ijl11.dll
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-10-26 to 2009-11-26 )))))))))))))))))))))))))))))))
.

2009-11-25 03:04 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-25 03:04 . 2009-11-25 03:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-25 03:04 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-24 16:08 . 2009-11-24 16:08 -------- d-----w- c:\program files\Trend Micro
2009-11-23 04:34 . 2009-11-23 04:34 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Malwarebytes
2009-11-23 04:33 . 2009-11-23 04:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-22 19:41 . 2009-11-22 19:41 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2009-11-22 19:41 . 2009-11-22 19:41 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Yahoo!
2009-11-22 19:41 . 2009-11-22 19:41 -------- d-----w- c:\documents and settings\LocalService\Application Data\Yahoo!
2009-11-22 18:47 . 2009-11-22 18:48 -------- d-----w- c:\program files\MagicISO
2009-11-08 05:07 . 2009-11-08 05:07 79488 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-07 08:06 . 2009-11-07 08:06 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2009-11-07 08:06 . 2007-07-13 03:33 87552 ----a-w- c:\windows\system32\cpwmon2k.dll
2009-11-07 08:06 . 2009-11-07 08:06 -------- d-----w- c:\program files\NVIDIA Corporation
2009-11-07 07:58 . 2009-11-07 07:58 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-11-07 07:57 . 2009-11-08 05:08 152576 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-10-30 17:10 . 2009-10-30 17:10 -------- d-----w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Citrix
2009-10-30 17:10 . 2009-10-30 17:10 61224 ----a-w- c:\documents and settings\Compaq_Owner\GoToAssistDownloadHelper.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-24 05:34 . 2009-01-15 03:04 2357298 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2009-11-23 16:52 . 2006-05-06 21:30 -------- d-----w- c:\program files\Microsoft Works
2009-11-23 04:16 . 2009-04-09 05:36 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-11-16 05:23 . 2006-11-18 21:15 490 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\wklnhst.dat
2009-11-08 14:35 . 2006-09-17 02:29 21840 ----atw- c:\windows\system32\SIntfNT.dll
2009-11-08 14:35 . 2006-09-17 02:29 17212 ----atw- c:\windows\system32\SIntf32.dll
2009-11-08 14:35 . 2006-09-17 02:29 12067 ----atw- c:\windows\system32\SIntf16.dll
2009-11-08 05:09 . 2006-05-06 20:59 -------- d-----w- c:\program files\Java
2009-11-07 16:35 . 2006-09-16 21:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-07 08:00 . 2009-10-03 19:17 -------- d-----w- c:\program files\CDBurnerXP
2009-11-07 02:30 . 2009-04-09 12:55 -------- d-----w- c:\program files\LSI SoftModem
2009-11-06 14:47 . 2009-06-29 06:01 -------- d-----w- c:\program files\Cheat Engine
2009-10-27 03:53 . 2009-09-24 03:53 3695616 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AutoLaunch.exe
2009-10-27 03:53 . 2009-06-18 11:23 2353992 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-Aware.exe
2009-10-25 16:24 . 2006-10-29 06:00 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-11 09:17 . 2008-12-07 18:15 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-11 00:00 . 2006-11-12 03:09 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\LimeWire
2009-10-08 19:57 . 2007-10-09 17:03 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2009-10-08 19:57 . 2004-08-04 04:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 19:56 . 2004-08-04 04:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2009-10-03 19:18 . 2009-10-03 19:18 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Canneverbe_Limited
2009-10-03 19:18 . 2009-10-03 19:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Canneverbe Limited
2009-09-29 01:57 . 2009-10-03 19:17 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2009-09-27 23:20 . 2009-09-27 23:20 2173544 ----a-w- c:\windows\system32\nvcplui.exe
2009-09-27 23:19 . 2009-09-27 23:19 3166208 ----a-w- c:\windows\system32\nvwss.dll
2009-09-27 23:19 . 2009-09-27 23:19 4026368 ----a-w- c:\windows\system32\nvvitvs.dll
2009-09-27 23:19 . 2009-09-27 23:19 3547136 ----a-w- c:\windows\system32\nvgames.dll
2009-09-27 23:19 . 2009-09-27 23:19 188416 ----a-w- c:\windows\system32\nvmccss.dll
2009-09-27 23:19 . 2009-09-27 23:19 1286144 ----a-w- c:\windows\system32\nvmobls.dll
2009-09-27 23:19 . 2009-09-27 23:19 4935680 ----a-w- c:\windows\system32\nvdisps.dll
2009-09-27 21:12 . 2009-09-27 21:12 1714792 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-09-27 21:12 . 2009-09-27 21:12 1604482 ----a-w- c:\windows\system32\nvdata.bin
2009-09-27 21:12 . 2009-03-27 14:03 2194024 ----a-w- c:\windows\system32\nvcuvid.dll
2009-09-27 21:12 . 2009-03-27 14:03 2007040 ----a-w- c:\windows\system32\nvcuda.dll
2009-09-27 21:12 . 2006-05-06 21:10 490088 ----a-w- c:\windows\system32\nvudisp.exe
2009-09-27 04:34 . 2009-09-27 04:34 152576 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-09-24 14:24 . 2009-04-09 18:11 490088 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-09-11 14:18 . 2004-08-04 04:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2004-08-04 04:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-08-04 04:00 916480 ----a-w- c:\windows\system32\wininet.dll
2005-07-14 19:31 . 2006-05-24 17:37 27648 --sha-w- c:\windows\system32\AVSredirect.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FreeRAM XP"="c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-03-23 1591808]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-09-24 520024]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-11-03 2028312]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-10 7311360]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Pin.lnk.disabled [2005-8-17 572]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-16 04:12 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk.disabled]
backup=c:\windows\pss\Adobe Gamma Loader.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk.disabled]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk.disabled]
backup=c:\windows\pss\Adobe Reader Synchronizer.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]
backup=c:\windows\pss\Compaq Connections.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk.disabled
backup=c:\windows\pss\HP Image Zone Fast Start.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Printkey2000.lnk]
backup=c:\windows\pss\Printkey2000.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk.disabled]
backup=c:\windows\pss\Windows Search.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^Shortcut to Staples_Fall_2006.lnk]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCBG
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"CiSvc"=3 (0x3)
"Viewpoint Manager Service"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"NvMediaCenter"=RunDLL32.exe NvMCTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Sierra\\Empire Earth\\Empire Earth.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\WINDOWS\\network diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/9/2009 12:36 AM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/9/2009 12:36 AM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [6/16/2009 11:04 PM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [4/9/2009 12:36 AM 297752]
S2 ftpjpmrhvis;ftpjpmrhvis;\??\c:\windows\system32\drivers\oibzxurpfchrcha.sys --> c:\windows\system32\drivers\oibzxurpfchrcha.sys [?]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 2:06 PM 1028432]
S3 BLKWGD;Belkin Wireless G Desktop Card Service;c:\windows\system32\DRIVERS\BLKWGD.sys --> c:\windows\system32\DRIVERS\BLKWGD.sys [?]
S3 wlanndi5;wlanndi5 NDIS Protocol Driver;c:\windows\system32\wlanndi5.sys [4/21/2004 5:51 PM 16384]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [12/7/2008 6:57 PM 24652]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - FTSATA2_2
*Deregistered* - ftsata2_2
.
Contents of the 'Scheduled Tasks' folder

2009-11-24 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 03:53]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uStart Page = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\1u270ih9.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - prefs.js: network.proxy.http - 128.112.139.108
FF - prefs.js: network.proxy.type - 1
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Yahoo!\BrowserPlus\2.4.17\Plugins\npybrowserplus_2.4.17.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPZoneSB.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
.
------- File Associations -------
.
txtfile=%windir%\NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Ad-Aware - c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe REMOVE=TRUE MODIFY=FALSE
AddRemove-NVIDIA Drivers - c:\windows\system32\nvudisp.exe UninstallGUI



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-11-25 23:42
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, [You must be registered and logged in to see this link.]

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A445369]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xb80ecf28
\Driver\ACPI -> ACPI.sys @ 0xb7f60cb8
\Driver\atapi -> atapi.sys @ 0xb7e43852
\Driver\iaStor -> iaStor.sys @ 0xb7e67b10
IoDeviceObjectType -> SecurityProcedure -> ntkrnlpa.exe @ 0x80579208
\Device\Harddisk0\DR0 -> SecurityProcedure -> ntkrnlpa.exe @ 0x80579208
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,77,b5,41,d9,d7,c3,13,4a,b9,bb,7c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,77,b5,41,d9,d7,c3,13,4a,b9,bb,7c,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(768)
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(832)
c:\windows\system32\WININET.dll
.
Completion time: 2009-11-25 23:49
ComboFix-quarantined-files.txt 2009-11-26 04:49

Pre-Run: 45,821,743,104 bytes free
Post-Run: 45,864,595,456 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=,1,2,3,4
- - End Of File - - 82075C34F77DE1ADBEFCF34D41CC8090

crib_troll
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2009-11-24
OS OS : Windows XP
Points Points : 25758
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Horse Generic15.BKQQ

Post by swampyankee22 on 26th November 2009, 2:56 pm

Will start a new thread (I've always though most places DON'T want a new thread started...)

Thanks for any help!

swampyankee22
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-11-26
OS OS : Windows XP SP3
Points Points : 25783
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Horse Generic15.BKQQ

Post by Belahzur on 26th November 2009, 8:40 pm

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

sc delete ftpjpmrhvis

Now do the same for this command.

Combofix /u



This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Trojan Horse Generic15.BKQQ

Post by crib_troll on 27th November 2009, 6:04 pm

Well I tried to do what you suggested but it ultimately ended up killing my PC. It would go to the windows startup screen and ask me what I wanted to do, Logon to Windows XP or Run System Restore. Neither option would work, they would take me to a page that says Please select an option: Safe Mode, Safe Mode with Networking, Safe Mode with Command Prompt, Last Known Good Configuration or Start Windows Normally. nȯne of those worked and it just kept taking me in a loop back to the startup screen. So I finally decided to press F10 at the startup screen to enter PC Recovery Mode (using PC-Doctor). Long story short (sorta), XP was restored back to factory settings. What I'm curious to know is if I lost all my files or if they are still on the system somewhere. When I look at the properties of my C: drive it shows 60GB used 40GB free so I'm thinking that all my files must be somewhere still. Can you tell me how to find them if they are indeed hȋdden somewhere?

crib_troll
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2009-11-24
OS OS : Windows XP
Points Points : 25758
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum