TechSpot

[Not curable - Ramnit] Help with removal of Malware jacking and duplicating?

By danu se
Nov 23, 2010
  1. Hi there, sorry, same old story, I've got malware/virus slowing down my system and crashing explorer repeatedly. Trouble is I can't spot anything bad on my hjt log. Can you help?

    Danu
    ==============

    [HJT log removed - Broni]
     
  2. Broni

    Broni Malware Annihilator Posts: 47,691   +268

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. danu se

    danu se TS Rookie Topic Starter

    MBAM Log 1

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 5193

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    26/11/2010 17:11:29
    mbam-log-2010-11-26 (17-11-29).txt

    Scan type: Quick scan
    Objects scanned: 152588
    Time elapsed: 9 minute(s), 25 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 23
    Registry Values Infected: 5
    Registry Data Items Infected: 0
    Folders Infected: 25
    Files Infected: 406

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\videoegg.activexloader (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\videoegg.activexloader.1 (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0494d0d9-f8e0-41ad-92a3-14154ece70ac} (Adware.MywaySearch) -> Quarantined and deleted successfully.
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywaytoolbar.netscapeshutdown (Adware.MyWaySearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywaytoolbar.netscapeshutdown.1 (Adware.MyWaySearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywaytoolbar.netscapestartup (Adware.MyWaySearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywaytoolbar.netscapestartup.1 (Adware.MyWaySearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywaytoolbar.settingsplugin (Adware.MyWaySearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywaytoolbar.settingsplugin.1 (Adware.MyWaySearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\WUSN.1 (Adware.WhenU) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\dark (Trojan.Banker) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Cydoor (AdWare.Cydoor) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videoegg.com/publisher,version=0.2.0 (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videoegg.com/updater,version=0.2.0 (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch (Adware.BookedSpace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\MyWay (Adware.MyWaySearch) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{0494d0d9-f8e0-41ad-92a3-14154ece70ac} (Adware.MywaySearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0494d0d9-f8e0-41ad-92a3-14154ece70ac} (Adware.MywaySearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\registrymonitor1 (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\registrymonitor2 (Malware.Trace) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    C:\Documents and Settings\All Users\Application Data\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329 (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124 (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03 (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461 (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\messages (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520 (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\messages (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Updater (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Updater\2663 (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Updater\4458 (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Program Files\MyGlobalSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyGlobalSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\bookls (Backdoor.Bot) -> Quarantined and deleted successfully.

    Files Infected:
    C:\Documents and Settings\All Users\Application Data\VideoEgg\user.dat (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\DataLOCKED (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\report.log (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\aol_watermark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\audio_combo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\audio_source.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\bebo_tv_watermark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\bebo_tv_watermark_1.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\big_gray_logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\big_logo_cropped.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\blank_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\button_browse_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\button_browse_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\button_browse_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\camcorders_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\camcorder_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\camcorder_slide copy.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\camcorder_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\corners_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\corners_bottom_left_curve.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\corners_bottom_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\corners_top_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dropshadow_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dropshadow_horiz.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dropshadow_vertical.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dropzone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dv_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dv_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dv_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dv_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dv_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\email_instructions.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\email_sent.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\email_sent_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\email_sent_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\eraser.CUR (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\eraser_cursor.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\file_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\file_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\help.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_camcorders.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_ff.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_webcams.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\loading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\loading_movie.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\locating.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\logo_bottom.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\logo_middle.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\logo_top.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\mobile_btn_highlighted copy.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\mobile_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\mobile_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\mobile_slide_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\movie_placeholder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\ok.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\ok_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\ok_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_fast_forward_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_rewind_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_rewind_to_start.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\playhead.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\powered_by.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\progress.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\refresh_list_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\refresh_list_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\refresh_list_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\skin.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\skin.zip (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_over_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\stop_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\stop_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\stop_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\stop_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\stop_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\tab_slide_deselected.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\tape_control.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\upload.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading_medium.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading_thumbnail.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\upload_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\upload_from.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\upload_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\videoegg-large.ico (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\videoegg-small.ico (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\videoegg.ico (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_gray.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_green.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_orange.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_red.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\waiting_for_email.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\webcams_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\webcam_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\webcam_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\publisher.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\avcodec.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\dataCollection.tmp (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\FLVEncoder.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\LevelMeter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\remoteblacklist (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\report.log (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\VideoEgg_FLVWriter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\aol_watermark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\audio_combo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\audio_source.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\big_gray_logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\big_logo_cropped.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\blank_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\button_browse_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\button_browse_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\button_browse_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\camcorders_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\camcorder_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\camcorder_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\corners_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\corners_bottom_left_curve.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\corners_bottom_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\corners_top_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\done.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\done_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\done_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\done_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\done_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\done_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\dropshadow_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\dropshadow_horiz.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\dropshadow_vertical.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\dropzone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\dv_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\dv_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\dv_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\dv_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\dv_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\email_instructions.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\email_sent.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\email_sent_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\email_sent_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\eraser.CUR (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\eraser_cursor.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\file_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\file_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\help.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\icon_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\icon_camcorders.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\icon_camcorder_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\icon_camcorder_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\icon_ff.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\icon_file_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\icon_file_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\icon_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\icon_phone_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\icon_phone_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\icon_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\icon_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\icon_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\icon_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\icon_webcams.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\icon_webcam_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\icon_webcam_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\loading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\loading_movie.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\locating.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\logo_bottom.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\logo_middle.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\logo_top.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\mobile_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\mobile_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\mobile_slide_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\movie_placeholder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\ok.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\ok_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\ok_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\player_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\player_fast_forward_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\player_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
     
  4. danu se

    danu se TS Rookie Topic Starter

    MBAM Log 2

    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\player_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\player_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\player_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\player_rewind_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\player_rewind_to_start.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\playhead.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\powered_by.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\progress.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\refresh_list_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\refresh_list_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\refresh_list_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\restart.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\restart_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\start_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\start_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\start_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\start_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\start_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\start_over_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\start_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\stop_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\stop_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\stop_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\stop_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\stop_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\tab_slide_deselected.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\tape_control.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\text_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\text_camcorder_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\text_file.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\text_file_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\text_phone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\text_phone_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\text_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\text_webcam_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\upload.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\uploading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\uploading_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\uploading_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\uploading_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\uploading_medium.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\uploading_thumbnail.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\upload_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\upload_from.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\upload_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\volume_gray.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\volume_green.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\volume_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\volume_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\volume_orange.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\volume_red.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\volume_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\waiting_for_email.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\webcams_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\webcam_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\images\webcam_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\3461\resources\VideoEgg\messages\messages.en-US.bundle (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\avcodec.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\FLVEncoder.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\LevelMeter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\VideoEgg_FLVWriter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\aol_watermark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\audio_combo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\audio_source.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\big_gray_logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\big_logo_cropped.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\blank_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorders_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorder_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorder_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_left_curve.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_top_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_horiz.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_vertical.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropzone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_instructions.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\eraser.CUR (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\eraser_cursor.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\file_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\file_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\help.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorders.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_ff.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_file_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_file_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_phone_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_phone_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcams.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\loading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\loading_movie.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\locating.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_bottom.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_middle.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_top.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_slide_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\movie_placeholder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fast_forward_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind_to_start.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\playhead.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\powered_by.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\progress.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\restart.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\restart_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_over_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\tab_slide_deselected.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\tape_control.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_camcorder_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_file.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_file_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_phone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_phone_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_webcam_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_medium.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_thumbnail.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_from.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_gray.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_green.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_orange.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_red.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\waiting_for_email.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcams_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcam_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcam_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\messages\messages.en-US.bundle (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Updater\updater.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Ian Stead\Application Data\VideoEgg\Updater\VideoEggBroker.exe (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\bookls\dooi.poc (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\bookls\dooi.poc.lll (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\bookls\orde.poc (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Application Data\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Documents\Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.
     
  5. danu se

    danu se TS Rookie Topic Starter

    GMER Log

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit quick scan 2010-11-26 17:24:44
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Scsi\SiSRaid1Port2Path0Target0Lun0 Maxtor_6 rev.____
    Running: 1s2rsh54.exe; Driver: C:\DOCUME~1\IANSTE~1\LOCALS~1\Temp\uwlyrpow.sys


    ---- System - GMER 1.0.15 ----

    SSDT spwi.sys ZwEnumerateKey [0xF73F3DA4]
    SSDT spwi.sys ZwEnumerateValueKey [0xF73F4132]

    ---- Devices - GMER 1.0.15 ----

    Device \Driver\atapi \Device\Ide\IdePort0 [F7355B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort1 [F7355B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-5 [F7355B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\SiSRaid \Device\Scsi\SiSRaid1 86FD81F8
    Device \Driver\SiSRaid \Device\Scsi\SiSRaid1Port2Path0Target0Lun0 86FD81F8
    Device \Driver\amo33v8x \Device\Scsi\amo33v8x1 86C6C500
    Device \Driver\amo33v8x \Device\Scsi\amo33v8x1Port3Path0Target0Lun0 86C6C500
    Device \FileSystem\Ntfs \Ntfs 86FD71F8
    Device \FileSystem\Fastfat \Fat 868A0450

    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----
     
  6. danu se

    danu se TS Rookie Topic Starter

    DDS

    DDS (Ver_10-11-26.01) - NTFSx86
    Run by Ian Stead at 17:41:14.10 on 26/11/2010
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.695 [GMT 0:00]

    AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Ian Stead\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.co.uk/
    uSearch Bar = hxxp://www.google.com/ie
    uSearch Page = hxxp://www.google.com
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mSearchAssistant = hxxp://www.google.com/ie
    mWinlogon: Userinit=c:\windows\system32\userinit.exe
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
    TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
    TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
    TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
    TB: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No File
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    uRun: [AdobeBridge]
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [SiSUSBRG] c:\windows\SiSUSBrg.exe
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: Open in new background tab - c:\program files\windows live toolbar\components\en-gb\msntabres.dll.mui/229?5a40f16ec2a44566b4bf5e5f5312356d
    IE: Open in new foreground tab - c:\program files\windows live toolbar\components\en-gb\msntabres.dll.mui/230?5a40f16ec2a44566b4bf5e5f5312356d
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} - hxxp://www.bebo.com/files/BeboUploader.5.1.4.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://active.macromedia.com/director/cabs/sw.cab
    DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1103734048453
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\ianste~1\applic~1\mozilla\firefox\profiles\g7eph0mt.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - plugin: c:\documents and settings\ian stead\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false

    ============= SERVICES / DRIVERS ===============

    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]
    R3 BTUsbrXP(R);BT Voyager 1010 USB Adapter;c:\windows\system32\drivers\BTUSBRXP.SYS [2004-12-25 93056]
    S1 axphbhjq;axphbhjq;\??\c:\windows\system32\drivers\axphbhjq.sys --> c:\windows\system32\drivers\axphbhjq.sys [?]
    S1 cdlzevib;cdlzevib;\??\c:\windows\system32\drivers\cdlzevib.sys --> c:\windows\system32\drivers\cdlzevib.sys [?]
    S1 flrvaipl;flrvaipl;\??\c:\windows\system32\drivers\flrvaipl.sys --> c:\windows\system32\drivers\flrvaipl.sys [?]
    S1 gppceybu;gppceybu;\??\c:\windows\system32\drivers\gppceybu.sys --> c:\windows\system32\drivers\gppceybu.sys [?]
    S1 hcudyfjp;hcudyfjp;\??\c:\windows\system32\drivers\hcudyfjp.sys --> c:\windows\system32\drivers\hcudyfjp.sys [?]
    S1 hzafayog;hzafayog;\??\c:\windows\system32\drivers\hzafayog.sys --> c:\windows\system32\drivers\hzafayog.sys [?]
    S1 ibblqjye;ibblqjye;\??\c:\windows\system32\drivers\ibblqjye.sys --> c:\windows\system32\drivers\ibblqjye.sys [?]
    S1 iqepoijn;iqepoijn;\??\c:\windows\system32\drivers\iqepoijn.sys --> c:\windows\system32\drivers\iqepoijn.sys [?]
    S1 jcwdteff;jcwdteff;\??\c:\windows\system32\drivers\jcwdteff.sys --> c:\windows\system32\drivers\jcwdteff.sys [?]
    S1 kqgnnkfa;kqgnnkfa;\??\c:\windows\system32\drivers\kqgnnkfa.sys --> c:\windows\system32\drivers\kqgnnkfa.sys [?]
    S1 kugrtxrh;kugrtxrh;\??\c:\windows\system32\drivers\kugrtxrh.sys --> c:\windows\system32\drivers\kugrtxrh.sys [?]
    S1 mirmxegv;mirmxegv;\??\c:\windows\system32\drivers\mirmxegv.sys --> c:\windows\system32\drivers\mirmxegv.sys [?]
    S1 neyqypor;neyqypor;\??\c:\windows\system32\drivers\neyqypor.sys --> c:\windows\system32\drivers\neyqypor.sys [?]
    S1 nhthrgxc;nhthrgxc;\??\c:\windows\system32\drivers\nhthrgxc.sys --> c:\windows\system32\drivers\nhthrgxc.sys [?]
    S1 pmiguyqb;pmiguyqb;\??\c:\windows\system32\drivers\pmiguyqb.sys --> c:\windows\system32\drivers\pmiguyqb.sys [?]
    S1 pvygpkib;pvygpkib;\??\c:\windows\system32\drivers\pvygpkib.sys --> c:\windows\system32\drivers\pvygpkib.sys [?]
    S1 qllslkwi;qllslkwi;\??\c:\windows\system32\drivers\qllslkwi.sys --> c:\windows\system32\drivers\qllslkwi.sys [?]
    S1 sgfbbfxk;sgfbbfxk;\??\c:\windows\system32\drivers\sgfbbfxk.sys --> c:\windows\system32\drivers\sgfbbfxk.sys [?]
    S1 tqvfwqan;tqvfwqan;\??\c:\windows\system32\drivers\tqvfwqan.sys --> c:\windows\system32\drivers\tqvfwqan.sys [?]
    S1 tshlknkr;tshlknkr;\??\c:\windows\system32\drivers\tshlknkr.sys --> c:\windows\system32\drivers\tshlknkr.sys [?]
    S1 vafnvifl;vafnvifl;\??\c:\windows\system32\drivers\vafnvifl.sys --> c:\windows\system32\drivers\vafnvifl.sys [?]
    S1 xfirgtkk;xfirgtkk;\??\c:\windows\system32\drivers\xfirgtkk.sys --> c:\windows\system32\drivers\xfirgtkk.sys [?]
    S1 xncegeka;xncegeka;\??\c:\windows\system32\drivers\xncegeka.sys --> c:\windows\system32\drivers\xncegeka.sys [?]
    S1 yakfbhoh;yakfbhoh;\??\c:\windows\system32\drivers\yakfbhoh.sys --> c:\windows\system32\drivers\yakfbhoh.sys [?]
    S1 yertmeml;yertmeml;\??\c:\windows\system32\drivers\yertmeml.sys --> c:\windows\system32\drivers\yertmeml.sys [?]
    S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
    S3 TWINLOAD;TWINLOAD;c:\windows\system32\drivers\twinload.sys [2005-2-27 17536]
    S3 TWINUSB;TwinHan - USB DVB-T adapter Driver;c:\windows\system32\drivers\twincap.sys [2005-2-27 15360]
    S3 WLAN(WLAN);XPC 802.11b/g Wireless Kit Driver(WLAN);c:\windows\system32\drivers\ZD1211U.sys [2005-8-16 278016]
    S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-17 136176]

    =============== Created Last 30 ================

    2010-11-26 16:59:44 -------- d-----w- c:\docume~1\ianste~1\applic~1\Malwarebytes
    2010-11-26 16:59:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-11-26 16:59:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-11-26 16:59:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-11-26 16:59:19 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2010-11-26 16:28:23 6273872 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{256b09f9-9055-46c3-b421-703693f300af}\mpengine.dll
    2010-11-23 21:01:04 -------- d-----w- C:\!KillBox
    2010-11-23 20:45:26 -------- d-----w- c:\program files\windows
    2010-11-21 19:23:52 -------- d-----w- c:\docume~1\ianste~1\locals~1\applic~1\PCHealth
    2010-11-17 18:52:45 -------- d-----w- c:\program files\wins
    2010-11-15 11:43:29 -------- d-----w- c:\program files\win
    2010-11-15 10:36:14 -------- d-----w- c:\program files\tmp
    2010-11-13 20:15:54 6273872 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
    2010-11-12 18:56:55 222080 ------w- c:\windows\system32\MpSigStub.exe
    2010-11-12 18:49:45 -------- d-----w- c:\program files\Microsoft Security Essentials
    2010-11-12 18:49:16 -------- d-----w- c:\docume~1\ianste~1\applic~1\Xyhyix
    2010-11-12 16:03:16 -------- d-----w- c:\docume~1\ianste~1\applic~1\Nafyl
    2010-11-12 00:54:26 -------- d-----w- c:\program files\temp
    2010-10-31 10:28:07 -------- d-----w- c:\windows\system32\Adobe

    ==================== Find3M ====================

    2010-11-12 19:00:04 507904 ----a-w- c:\windows\system32\winlogon.exe
    2010-11-12 19:00:04 1033728 ----a-w- c:\windows\explorer.exe
    2010-09-18 11:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
    2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
    2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys

    ============= FINISH: 17:41:28.26 ===============
     
  7. danu se

    danu se TS Rookie Topic Starter

    DDS Attach 1

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-11-26.01)

    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 22/12/2004 16:19:03
    System Uptime: 26/11/2010 17:12:33 (0 hours ago)

    Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | MS-7060
    Processor: Intel(R) Pentium(R) 4 CPU 3.20GHz | Socket 478 | 3207/200mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 153 GiB total, 58.768 GiB free.
    D: is CDROM (CDFS)
    E: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP7: 17/11/2010 19:03:39 - Software Distribution Service 3.0
    RP8: 18/11/2010 19:54:37 - Software Distribution Service 3.0
    RP9: 23/11/2010 20:39:06 - Software Distribution Service 3.0
    RP10: 23/11/2010 22:00:37 - Software Distribution Service 3.0
    RP11: 26/11/2010 16:28:21 - Software Distribution Service 3.0

    ==== Installed Programs ======================

    µTorrent
    Acrobat.com
    Adobe AIR
    Adobe Anchor Service CS4
    Adobe Bridge CS4
    Adobe CMaps CS4
    Adobe Color - Photoshop Specific CS4
    Adobe Color EU Extra Settings CS4
    Adobe Color JA Extra Settings CS4
    Adobe Color NA Recommended Settings CS4
    Adobe Color Video Profiles CS CS4
    Adobe CSI CS4
    Adobe Default Language CS4
    Adobe Device Central CS4
    Adobe Dreamweaver CS4
    Adobe Drive CS4
    Adobe ExtendScript Toolkit CS4
    Adobe Extension Manager CS4
    Adobe Fireworks CS4
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Fonts All
    Adobe Illustrator CS4
    Adobe Linguistics CS4
    Adobe Media Player
    Adobe Output Module
    Adobe PDF Library Files CS4
    Adobe Photoshop CS4
    Adobe Photoshop CS4 Support
    Adobe Reader 9.3.3
    Adobe Search for Help
    Adobe Service Manager Extension
    Adobe Setup
    Adobe Shockwave Player 11.5
    Adobe Type Support CS4
    Adobe Update Manager CS4
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS4
    AdobeColorCommonSetCMYK
    AdobeColorCommonSetRGB
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AudibleManager
    Bonjour
    CCleaner
    Connect
    Content Transfer
    Critical Update for Windows Media Player 11 (KB959772)
    DivX Setup
    Google Chrome
    Google Earth Plug-in
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976002-v5)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Deskjet 1280
    iTunes
    Jaangle music management
    Java(TM) 6 Update 17
    kuler
    LimeWire 5.4.6
    Malwarebytes' Anti-Malware
    Map Button (Windows Live Toolbar)
    Messenger Plus! Live
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Antimalware
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Office 2003 Web Components
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional Edition 2003
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Search Enhancement Pack
    Microsoft Security Essentials
    Microsoft Software Update for Web Folders (English) 12
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Mozilla Firefox (3.6.12)
    MSVCRT
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NVIDIA Drivers
    OneCare Advisor (Windows Live Toolbar)
    PDF Settings CS4
    Photoshop Camera Raw
    Popup Blocker (Windows Live Toolbar)
    QuickTime
    RealPlayer
    RealUpgrade 1.0
    SA30xx Media Converter
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2289158)
    Security Update for 2007 Microsoft Office System (KB2344875)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2345035)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office Outlook 2007 (KB2288953)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
    Security Update for Microsoft Office Publisher 2007 (KB982124)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Media Player 9 (KB911565)
    Security Update for Windows Media Player 9 (KB917734)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950759)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953838)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956390)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958215)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960714)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB963027)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969897)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972260)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974455)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Segoe UI
    Smart Menus (Windows Live Toolbar)
    Spotify
    Suite Shared Configuration CS4
    Tabbed Browsing (Windows Live Toolbar)
    Total Commander (Remove or Repair)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Outlook 2007 Junk Email Filter (KB2443839)
    Update for Windows Internet Explorer 8 (KB975364)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    VC80CRTRedist - 8.0.50727.4053
    VideoEgg Publisher
    VLC media player 1.0.5
    WebFldrs XP
    Windows Genuine Advantage Notifications (KB905474)
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Favorites for Windows Live Toolbar
    Windows Live Messenger
    Windows Live Outlook Toolbar (Windows Live Toolbar)
    Windows Live Sign-in Assistant
    Windows Live Toolbar
    Windows Live Toolbar Extension (Windows Live Toolbar)
    Windows Live Toolbar Feed Detector (Windows Live Toolbar)
    Windows Live Upload Tool
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3
     
  8. danu se

    danu se TS Rookie Topic Starter

    DDS Attach 2

    ==== Event Viewer Messages From Past Week ========

    26/11/2010 17:23:53, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Microsoft Antimalware Service service, but this action failed with the following error: An instance of the service is already running.
    26/11/2010 17:13:06, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: uagp35
    24/11/2010 18:20:25, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\windows nt\accessories\wordpad.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.2600.6010, the version of the system file is 5.1.2600.6010.
    24/11/2010 18:20:25, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\windows media player\wmplayer.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 11.0.5721.5145, the version of the system file is 11.0.5721.5145.
    24/11/2010 18:20:25, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\windows media player\setup_wm.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 11.0.5721.5146, the version of the system file is 11.0.5721.5146.
    24/11/2010 18:20:24, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\windows media player\mpvis.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 11.0.5721.5145, the version of the system file is 11.0.5721.5145.
    24/11/2010 18:18:24, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\outlook express\msoe.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 6.0.2900.5931, the version of the system file is 6.0.2900.5931.
    24/11/2010 18:18:05, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\movie maker\moviemk.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 2.1.4028.0, the version of the system file is 2.1.4028.0.
    24/11/2010 18:14:50, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\internet explorer\hmmapi.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 8.0.6001.18702, the version of the system file is 8.0.6001.18702.
    24/11/2010 18:13:58, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\common files\system\msadc\msadce.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 2.81.3002.0, the version of the system file is 2.81.3002.0.
    24/11/2010 18:13:26, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\common files\microsoft shared\vgx\vgx.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 8.0.6001.18702, the version of the system file is 8.0.6001.18702.
    24/11/2010 18:13:26, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\common files\microsoft shared\triedit\triedit.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 6.1.0.9246, the version of the system file is 6.1.0.9246.
    24/11/2010 18:03:43, error: Service Control Manager [7034] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 3 time(s).
    24/11/2010 18:03:12, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
    24/11/2010 18:00:59, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 1 time(s).
    24/11/2010 18:00:57, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
    24/11/2010 18:00:55, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    24/11/2010 18:00:52, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).
    23/11/2010 22:56:28, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Ramnit.I&threatid=2147640008 User: IAN-PC02\Ian Stead Name: Virus:Win32/Ramnit.I ID: 2147640008 Severity: Severe Category: Virus Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.476.0, AS: 1.95.476.0 Engine Version: 1.1.6402.0
    23/11/2010 22:56:28, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Ramnit.I&threatid=2147640008 User: IAN-PC02\Ian Stead Name: Virus:Win32/Ramnit.I ID: 2147640008 Severity: Severe Category: Virus Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.476.0, AS: 1.95.476.0 Engine Version: 1.1.6402.0
    23/11/2010 22:56:28, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Ramnit.I&threatid=2147640008 User: IAN-PC02\Ian Stead Name: Virus:Win32/Ramnit.I ID: 2147640008 Severity: Severe Category: Virus Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.476.0, AS: 1.95.476.0 Engine Version: 1.1.6402.0
    23/11/2010 22:56:28, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Ramnit.I&threatid=2147640008 User: IAN-PC02\Ian Stead Name: Virus:Win32/Ramnit.I ID: 2147640008 Severity: Severe Category: Virus Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.476.0, AS: 1.95.476.0 Engine Version: 1.1.6402.0
    23/11/2010 22:56:28, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Ramnit.I&threatid=2147640008 User: IAN-PC02\Ian Stead Name: Virus:Win32/Ramnit.I ID: 2147640008 Severity: Severe Category: Virus Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.476.0, AS: 1.95.476.0 Engine Version: 1.1.6402.0
    23/11/2010 22:55:24, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Ramnit.I&threatid=2147640008 User: NT AUTHORITY\SYSTEM Name: Virus:Win32/Ramnit.I ID: 2147640008 Severity: Severe Category: Virus Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.476.0, AS: 1.95.476.0 Engine Version: 1.1.6402.0
    23/11/2010 22:55:24, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Ramnit.I&threatid=2147640008 User: NT AUTHORITY\SYSTEM Name: Virus:Win32/Ramnit.I ID: 2147640008 Severity: Severe Category: Virus Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.476.0, AS: 1.95.476.0 Engine Version: 1.1.6402.0
    23/11/2010 22:55:24, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Ramnit.I&threatid=2147640008 User: NT AUTHORITY\SYSTEM Name: Virus:Win32/Ramnit.I ID: 2147640008 Severity: Severe Category: Virus Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.476.0, AS: 1.95.476.0 Engine Version: 1.1.6402.0
    23/11/2010 22:55:24, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Ramnit.I&threatid=2147640008 User: NT AUTHORITY\SYSTEM Name: Virus:Win32/Ramnit.I ID: 2147640008 Severity: Severe Category: Virus Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.476.0, AS: 1.95.476.0 Engine Version: 1.1.6402.0
    23/11/2010 22:55:24, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Ramnit.I&threatid=2147640008 User: NT AUTHORITY\SYSTEM Name: Virus:Win32/Ramnit.I ID: 2147640008 Severity: Severe Category: Virus Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.476.0, AS: 1.95.476.0 Engine Version: 1.1.6402.0
    23/11/2010 22:55:24, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Ramnit.I&threatid=2147640008 User: NT AUTHORITY\SYSTEM Name: Virus:Win32/Ramnit.I ID: 2147640008 Severity: Severe Category: Virus Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.476.0, AS: 1.95.476.0 Engine Version: 1.1.6402.0
    23/11/2010 22:55:24, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Ramnit.I&threatid=2147640008 User: NT AUTHORITY\SYSTEM Name: Virus:Win32/Ramnit.I ID: 2147640008 Severity: Severe Category: Virus Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.476.0, AS: 1.95.476.0 Engine Version: 1.1.6402.0
    23/11/2010 22:55:24, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Ramnit.I&threatid=2147640008 User: NT AUTHORITY\SYSTEM Name: Virus:Win32/Ramnit.I ID: 2147640008 Severity: Severe Category: Virus Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.476.0, AS: 1.95.476.0 Engine Version: 1.1.6402.0
    23/11/2010 22:55:24, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Ramnit.I&threatid=2147640008 User: NT AUTHORITY\SYSTEM Name: Virus:Win32/Ramnit.I ID: 2147640008 Severity: Severe Category: Virus Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.476.0, AS: 1.95.476.0 Engine Version: 1.1.6402.0
    23/11/2010 22:55:24, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Ramnit.I&threatid=2147640008 User: NT AUTHORITY\SYSTEM Name: Virus:Win32/Ramnit.I ID: 2147640008 Severity: Severe Category: Virus Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.476.0, AS: 1.95.476.0 Engine Version: 1.1.6402.0
    23/11/2010 22:55:24, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Ramnit.I&threatid=2147640008 User: NT AUTHORITY\SYSTEM Name: Virus:Win32/Ramnit.I ID: 2147640008 Severity: Severe Category: Virus Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.476.0, AS: 1.95.476.0 Engine Version: 1.1.6402.0
    23/11/2010 22:23:12, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Ramnit.I&threatid=2147640008 User: NT AUTHORITY\SYSTEM Name: Virus:Win32/Ramnit.I ID: 2147640008 Severity: Severe Category: Virus Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.476.0, AS: 1.95.476.0 Engine Version: 1.1.6402.0
    23/11/2010 22:23:12, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Ramnit.I&threatid=2147640008 User: NT AUTHORITY\SYSTEM Name: Virus:Win32/Ramnit.I ID: 2147640008 Severity: Severe Category: Virus Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.476.0, AS: 1.95.476.0 Engine Version: 1.1.6402.0
    23/11/2010 22:23:12, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Ramnit.I&threatid=2147640008 User: NT AUTHORITY\SYSTEM Name: Virus:Win32/Ramnit.I ID: 2147640008 Severity: Severe Category: Virus Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.476.0, AS: 1.95.476.0 Engine Version: 1.1.6402.0
    23/11/2010 22:23:12, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Ramnit.I&threatid=2147640008 User: NT AUTHORITY\SYSTEM Name: Virus:Win32/Ramnit.I ID: 2147640008 Severity: Severe Category: Virus Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.476.0, AS: 1.95.476.0 Engine Version: 1.1.6402.0
    23/11/2010 22:23:12, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Ramnit.I&threatid=2147640008 User: NT AUTHORITY\SYSTEM Name: Virus:Win32/Ramnit.I ID: 2147640008 Severity: Severe Category: Virus Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.476.0, AS: 1.95.476.0 Engine Version: 1.1.6402.0
    23/11/2010 22:08:37, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\common files\system\msadc\msadce.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 2.81.3002.0.
    23/11/2010 22:07:34, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\common files\microsoft shared\vgx\vgx.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 8.0.6001.18702.
    23/11/2010 22:07:32, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\common files\microsoft shared\triedit\triedit.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 6.1.0.9246.
    23/11/2010 21:32:28, error: Service Control Manager [7000] - The OMSCAN service failed to start due to the following error: The system cannot find the file specified.
    23/11/2010 21:32:28, error: Service Control Manager [7000] - The NVIDIA Display Driver Service service failed to start due to the following error: The system cannot find the file specified.
    23/11/2010 20:56:36, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file '0003.exe' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
    22/11/2010 17:58:08, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.95.141.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6402.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    21/11/2010 19:05:56, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Ramnit.I&threatid=2147640008 User: NT AUTHORITY\SYSTEM Name: Virus:Win32/Ramnit.I ID: 2147640008 Severity: Severe Category: Virus Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.141.0, AS: 1.95.141.0 Engine Version: 1.1.6402.0
    21/11/2010 19:05:56, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Ramnit.I&threatid=2147640008 User: NT AUTHORITY\SYSTEM Name: Virus:Win32/Ramnit.I ID: 2147640008 Severity: Severe Category: Virus Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.141.0, AS: 1.95.141.0 Engine Version: 1.1.6402.0
    21/11/2010 19:05:56, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Ramnit.I&threatid=2147640008 User: NT AUTHORITY\SYSTEM Name: Virus:Win32/Ramnit.I ID: 2147640008 Severity: Severe Category: Virus Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.141.0, AS: 1.95.141.0 Engine Version: 1.1.6402.0
    21/11/2010 19:05:56, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Ramnit.I&threatid=2147640008 User: NT AUTHORITY\SYSTEM Name: Virus:Win32/Ramnit.I ID: 2147640008 Severity: Severe Category: Virus Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.141.0, AS: 1.95.141.0 Engine Version: 1.1.6402.0
    21/11/2010 19:05:56, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Ramnit.I&threatid=2147640008 User: NT AUTHORITY\SYSTEM Name: Virus:Win32/Ramnit.I ID: 2147640008 Severity: Severe Category: Virus Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.141.0, AS: 1.95.141.0 Engine Version: 1.1.6402.0
    21/11/2010 19:02:36, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\windows nt\accessories\wordpad.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.6010.
    21/11/2010 19:02:35, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\windows media player\wmplayer.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 11.0.5721.5145.
    21/11/2010 19:02:34, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\windows media player\setup_wm.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 11.0.5721.5146.
    21/11/2010 19:02:31, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\windows media player\mpvis.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 11.0.5721.5145.
    21/11/2010 19:00:21, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\outlook express\msoe.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.2900.5931.
    21/11/2010 18:59:57, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\movie maker\moviemk.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 2.1.4028.0.
    21/11/2010 18:55:47, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\internet explorer\hmmapi.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 8.0.6001.18702.
    21/11/2010 18:18:44, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Ramnit.I&threatid=2147640008 User: NT AUTHORITY\SYSTEM Name: Virus:Win32/Ramnit.I ID: 2147640008 Severity: Severe Category: Virus Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.141.0, AS: 1.95.141.0 Engine Version: 1.1.6402.0
    21/11/2010 18:18:44, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Ramnit.I&threatid=2147640008 User: NT AUTHORITY\SYSTEM Name: Virus:Win32/Ramnit.I ID: 2147640008 Severity: Severe Category: Virus Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.141.0, AS: 1.95.141.0 Engine Version: 1.1.6402.0
    21/11/2010 18:18:44, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Ramnit.I&threatid=2147640008 User: NT AUTHORITY\SYSTEM Name: Virus:Win32/Ramnit.I ID: 2147640008 Severity: Severe Category: Virus Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.141.0, AS: 1.95.141.0 Engine Version: 1.1.6402.0
    21/11/2010 18:18:44, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Ramnit.I&threatid=2147640008 User: NT AUTHORITY\SYSTEM Name: Virus:Win32/Ramnit.I ID: 2147640008 Severity: Severe Category: Virus Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.141.0, AS: 1.95.141.0 Engine Version: 1.1.6402.0
    21/11/2010 18:18:44, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Ramnit.I&threatid=2147640008 User: NT AUTHORITY\SYSTEM Name: Virus:Win32/Ramnit.I ID: 2147640008 Severity: Severe Category: Virus Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.141.0, AS: 1.95.141.0 Engine Version: 1.1.6402.0
    21/11/2010 17:31:35, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Ramnit.I&threatid=2147640008 User: NT AUTHORITY\SYSTEM Name: Virus:Win32/Ramnit.I ID: 2147640008 Severity: Severe Category: Virus Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.141.0, AS: 1.95.141.0 Engine Version: 1.1.6402.0
    21/11/2010 17:31:35, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Ramnit.I&threatid=2147640008 User: NT AUTHORITY\SYSTEM Name: Virus:Win32/Ramnit.I ID: 2147640008 Severity: Severe Category: Virus Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.141.0, AS: 1.95.141.0 Engine Version: 1.1.6402.0
    21/11/2010 17:31:35, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Ramnit.I&threatid=2147640008 User: NT AUTHORITY\SYSTEM Name: Virus:Win32/Ramnit.I ID: 2147640008 Severity: Severe Category: Virus Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.141.0, AS: 1.95.141.0 Engine Version: 1.1.6402.0
    21/11/2010 17:31:35, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Ramnit.I&threatid=2147640008 User: NT AUTHORITY\SYSTEM Name: Virus:Win32/Ramnit.I ID: 2147640008 Severity: Severe Category: Virus Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.141.0, AS: 1.95.141.0 Engine Version: 1.1.6402.0
    21/11/2010 17:31:35, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Ramnit.I&threatid=2147640008 User: NT AUTHORITY\SYSTEM Name: Virus:Win32/Ramnit.I ID: 2147640008 Severity: Severe Category: Virus Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.141.0, AS: 1.95.141.0 Engine Version: 1.1.6402.0
    21/11/2010 16:42:53, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Ramnit.I&threatid=2147640008 User: NT AUTHORITY\SYSTEM Name: Virus:Win32/Ramnit.I ID: 2147640008 Severity: Severe Category: Virus Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.141.0, AS: 1.95.141.0 Engine Version: 1.1.6402.0
    21/11/2010 16:42:52, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Ramnit.I&threatid=2147640008 User: NT AUTHORITY\SYSTEM Name: Virus:Win32/Ramnit.I ID: 2147640008 Severity: Severe Category: Virus Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.141.0, AS: 1.95.141.0 Engine Version: 1.1.6402.0
    21/11/2010 16:42:52, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Ramnit.I&threatid=2147640008 User: NT AUTHORITY\SYSTEM Name: Virus:Win32/Ramnit.I ID: 2147640008 Severity: Severe Category: Virus Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.141.0, AS: 1.95.141.0 Engine Version: 1.1.6402.0
    21/11/2010 16:42:52, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Ramnit.I&threatid=2147640008 User: NT AUTHORITY\SYSTEM Name: Virus:Win32/Ramnit.I ID: 2147640008 Severity: Severe Category: Virus Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.141.0, AS: 1.95.141.0 Engine Version: 1.1.6402.0
    21/11/2010 16:42:52, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Ramnit.I&threatid=2147640008 User: NT AUTHORITY\SYSTEM Name: Virus:Win32/Ramnit.I ID: 2147640008 Severity: Severe Category: Virus Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.141.0, AS: 1.95.141.0 Engine Version: 1.1.6402.0
    21/11/2010 16:05:30, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Ramnit.I&threatid=2147640008 User: NT AUTHORITY\SYSTEM Name: Virus:Win32/Ramnit.I ID: 2147640008 Severity: Severe Category: Virus Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.141.0, AS: 1.95.141.0 Engine Version: 1.1.6402.0
    21/11/2010 16:05:30, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Ramnit.I&threatid=2147640008 User: NT AUTHORITY\SYSTEM Name: Virus:Win32/Ramnit.I ID: 2147640008 Severity: Severe Category: Virus Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.141.0, AS: 1.95.141.0 Engine Version: 1.1.6402.0
    21/11/2010 16:05:30, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Ramnit.I&threatid=2147640008 User: NT AUTHORITY\SYSTEM Name: Virus:Win32/Ramnit.I ID: 2147640008 Severity: Severe Category: Virus Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.141.0, AS: 1.95.141.0 Engine Version: 1.1.6402.0
    21/11/2010 16:05:30, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Ramnit.I&threatid=2147640008 User: NT AUTHORITY\SYSTEM Name: Virus:Win32/Ramnit.I ID: 2147640008 Severity: Severe Category: Virus Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.141.0, AS: 1.95.141.0 Engine Version: 1.1.6402.0
    21/11/2010 16:05:30, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Ramnit.I&threatid=2147640008 User: NT AUTHORITY\SYSTEM Name: Virus:Win32/Ramnit.I ID: 2147640008 Severity: Severe Category: Virus Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.141.0, AS: 1.95.141.0 Engine Version: 1.1.6402.0
    21/11/2010 15:54:48, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Ramnit.I&threatid=2147640008 User: NT AUTHORITY\SYSTEM Name: Virus:Win32/Ramnit.I ID: 2147640008 Severity: Severe Category: Virus Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.141.0, AS: 1.95.141.0 Engine Version: 1.1.6402.0
    21/11/2010 15:54:48, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Ramnit.I&threatid=2147640008 User: NT AUTHORITY\SYSTEM Name: Virus:Win32/Ramnit.I ID: 2147640008 Severity: Severe Category: Virus Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.141.0, AS: 1.95.141.0 Engine Version: 1.1.6402.0
    21/11/2010 15:54:48, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Ramnit.I&threatid=2147640008 User: NT AUTHORITY\SYSTEM Name: Virus:Win32/Ramnit.I ID: 2147640008 Severity: Severe Category: Virus Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.141.0, AS: 1.95.141.0 Engine Version: 1.1.6402.0
    21/11/2010 15:54:48, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Ramnit.I&threatid=2147640008 User: NT AUTHORITY\SYSTEM Name: Virus:Win32/Ramnit.I ID: 2147640008 Severity: Severe Category: Virus Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.141.0, AS: 1.95.141.0 Engine Version: 1.1.6402.0
    21/11/2010 15:54:48, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Ramnit.I&threatid=2147640008 User: NT AUTHORITY\SYSTEM Name: Virus:Win32/Ramnit.I ID: 2147640008 Severity: Severe Category: Virus Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.141.0, AS: 1.95.141.0 Engine Version: 1.1.6402.0

    ==== End Of File ===========================
     
  9. danu se

    danu se TS Rookie Topic Starter

    Broni

    Hello Broni,

    Sorry for the delay. I followed the instructions and ran all the scans. A lot of junk was removed and my PC definately seems much better!

    How do I look? :)

    Danu
     
  10. Broni

    Broni Malware Annihilator Posts: 47,691   +268

    In your Event Viewer, you have number of entries like this one:

    I'm afraid I have very bad news.

    You're infected with Ramnit file infector virus.

    Win32/Ramnit.A is a file infector with IRCBot functionality which infects .exe, and .HTML/HTM files, and opens a back door that compromises your computer. Using this backdoor, a remote attacker can access and instruct the infected computer to download and execute more malicious files. The infected .HTML or .HTM files may be detected as Virus:VBS/Ramnit.A. Win32/Ramnit.A!dll is a related file infector often seen with this infection. It too has IRCBot functionality which infects .exe, .dll and .HTML/HTM files and opens a back door that compromises your computer. This component is injected into the default web browser by Worm:Win32/Ramnit.A which is dropped by a Ramnit infected executable file.

    -- Note: As with most malware infections, the threat name may be different depending on the anti-virus or anti-malware program which detected it. Each security vendor uses their own naming conventions to identify various types of malware.
    With this particular infection the safest solution and only sure way to remove it effectively is to reformat and reinstall the OS.

    Why? The malware injects code in legitimate files similar to the Virut virus and in many cases the infected files (which could number in the thousands) cannot be disinfected properly by your anti-virus. When disinfection is attempted, the files often become corrupted and the system may become unstable or irreparable. The longer Ramnit.A remains on a computer, the more files it infects and corrupts so the degree of infection can vary.

    Ramnit is commonly spread via a flash drive (usb, pen, thumb, jump) infection where it copies Worm:Win32/Ramnit.A with a random file name. The infection is often contracted by visiting remote, crack and keygen sites. These type of sites are infested with a smörgåsbord of malware and a major source of system infection.

    In my opinion, Ramnit.A is not effectively disinfectable, so your best option is to perform a full reformat as there is no guarantee this infection can be completely removed. In most instances it may have caused so much damage to your system files that it cannot be completely cleaned or repaired. Further, your machine has likely been compromised by the backdoor Trojan and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if your anti-virus reports that the malware appears to have been removed.

    Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:
    Backdoors and What They Mean to You

    This is what Jesper M. Johansson at Microsoft TechNet has to say: Help: I Got Hacked. Now What Do I Do?.

    Important Note:: If your computer was used for online banking, has credit card information or other sensitive data on it, you should disconnect from the Internet until your system is cleaned. All passwords should be changed immediately to to include those used for banking, email, eBay, paypal and any online activities which require a username and password. You should consider them to be compromised. You should change each password using a clean computer and not the infected one. If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified of the possible security breach. Failure to notify your financial institution and local law enforcement can result in refusal to reimburse funds lost due to fraud or similar criminal activity.
     
  11. danu se

    danu se TS Rookie Topic Starter

    Thankyou very much Broni, I'll wipe it!
     
     
  12. Broni

    Broni Malware Annihilator Posts: 47,691   +268

    I wish, I had better news :(
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.