Jump to content

Need help cleaning my son's PC


SimonF

Recommended Posts

Hi there,

My son's PC recently picked up something nasty (we think through Bebo) and IE7 ended up being redirected to unwanted sites. I think many of the problems have been fixed by a combination of Spybot and MBAM but it's not fixed everything. Can you help?

Log files for MBAM, PandaScan and HiJack This are attached...couldn't paste in the results due too long...please advise.

Many thanks.

Malwarebytes' Anti-Malware 1.30

Database version: 1417

Windows 5.1.2600 Service Pack 3

23/11/2008 11:37:20

mbam-log-2008-11-23 (11-37-20).txt

Scan type: Quick Scan

Objects scanned: 63804

Time elapsed: 9 minute(s), 49 second(s)

Memory Processes Infected: 1

Memory Modules Infected: 0

Registry Keys Infected: 38

Registry Values Infected: 3

Registry Data Items Infected: 0

Folders Infected: 19

Files Infected: 278

Memory Processes Infected:

C:\Program Files\tinyproxy\tinyproxy.exe (Trojan.Proxy) -> Unloaded process successfully.

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\videoegg.activexloader (Adware.VideoEgg) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{168dc258-1455-4e61-8590-9dac2f27b675} (Adware.VideoEgg) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{1a8642f1-dc80-4edc-a39d-0fb62a58b455} (Adware.VideoEgg) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{3f91eb90-ef62-44ee-a685-fac29af111cd} (Adware.VideoEgg) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{5c29c7e4-5321-4cad-be2e-877666bed5df} (Adware.VideoEgg) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{83dfb6ee-ab18-41b5-86d4-b544a141d67e} (Adware.VideoEgg) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{88d6cf0e-cf70-4c24-bf6e-e4e414bc649c} (Adware.VideoEgg) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{8f6a82a2-d7b1-443e-bb9f-f7dc887dd618} (Adware.VideoEgg) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{9856e2d8-ffb2-4fe5-8cad-d5ad6a35a804} (Adware.VideoEgg) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{a3d06987-c35e-49e4-8fe2-ac67b9fbfb4c} (Adware.VideoEgg) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{a58c497b-3ee2-45e7-9594-daca6be2a0d0} (Adware.VideoEgg) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{ad0a3058-fd49-4f98-a514-fd055201835e} (Adware.VideoEgg) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{ad5915ea-b61a-4dba-b5c8-ef4b2df0a3c7} (Adware.VideoEgg) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{bb187c0d-6f53-4f3e-9590-98fd3a7364a2} (Adware.VideoEgg) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{c5041fd9-4819-4dc4-b20e-c950b5b03d2a} (Adware.VideoEgg) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5041fd9-4819-4dc4-b20e-c950b5b03d2a} (Adware.VideoEgg) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{d17726cc-d4dd-4c4a-9671-471d56e413b5} (Adware.VideoEgg) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{db8cce99-59c6-4552-8bfc-058feb38d6ce} (Adware.VideoEgg) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{dc3a04ee-cdd7-4407-915c-a5502f97eecd} (Adware.VideoEgg) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{e1a63484-a022-4d42-830a-fbd411514440} (Adware.VideoEgg) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{e282c728-189d-419e-8ee2-1601f4b39ba5} (Adware.VideoEgg) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\videoegg.activexloader.1 (Adware.VideoEgg) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dhcp client (dhcp) (Trojan.Proxy) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\dhcp client (dhcp) (Trojan.Proxy) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dhcp client (dhcp) (Trojan.Proxy) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pnkbstra (pnkbstra) (Trojan.Proxy) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\pnkbstra (pnkbstra) (Trojan.Proxy) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pnkbstra (pnkbstra) (Trojan.Proxy) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\videoegg (Adware.VideoEgg) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videoegg.com/publisher,version=1.5 (Adware.VideoEgg) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\MozillaPlugins\@videoegg.com/publisher,version=1.5 (Adware.VideoEgg) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nafyvep (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysftray2 (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysberay2 (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

C:\Program Files\TinyProxy (Trojan.Proxy) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329 (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124 (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03 (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Loader (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Loader\4665 (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520 (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\messages (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4665 (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Updater (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Updater\4665 (Adware.VideoEgg) -> Quarantined and deleted successfully.

Files Infected:

C:\WINDOWS\system32\gozennaquob.exe (Trojan.FakeAlert.H) -> Delete on reboot.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Loader\4665\npvideoegg-loader.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Program Files\TinyProxy\tinyproxy.exe (Trojan.Proxy) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\DataLOCKED (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Uninstall.exe (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\report.log (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\aol_watermark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\audio_combo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\audio_source.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\bebo_tv_watermark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\bebo_tv_watermark_1.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\big_gray_logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\big_logo_cropped.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\blank_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\button_browse_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\button_browse_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\button_browse_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\camcorders_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\camcorder_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\camcorder_slide copy.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\camcorder_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\corners_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\corners_bottom_left_curve.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\corners_bottom_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\corners_top_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dropshadow_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dropshadow_horiz.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dropshadow_vertical.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dropzone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dv_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dv_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dv_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dv_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dv_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\email_instructions.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\email_sent.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\email_sent_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\email_sent_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\eraser.CUR (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\eraser_cursor.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\file_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\file_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\help.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_camcorders.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_ff.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_webcams.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\loading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\loading_movie.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\locating.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\logo_bottom.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\logo_middle.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\logo_top.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\mobile_btn_highlighted copy.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\mobile_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\mobile_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\mobile_slide_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\movie_placeholder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\ok.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\ok_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\ok_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_fast_forward_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_rewind_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_rewind_to_start.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\playhead.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\powered_by.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\progress.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\refresh_list_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\refresh_list_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\refresh_list_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\skin.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\skin.zip (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_over_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\stop_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\stop_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\stop_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\stop_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\stop_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\tab_slide_deselected.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\tape_control.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\upload.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading_medium.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading_thumbnail.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\upload_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\upload_from.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\upload_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\videoegg-large.ico (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\videoegg-small.ico (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\videoegg.ico (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_gray.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_green.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_orange.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_red.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\waiting_for_email.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\webcams_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\webcam_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\webcam_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Loader\loader.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\publisher.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\avcodec.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\crashRpt.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\FLVEncoder.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\lame_enc.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\LevelMeter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\libpng.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\npvideoegg-publisher.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\VideoEgg_FLVWriter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\zlib.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\aol_watermark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\audio_combo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\audio_source.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\big_gray_logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\big_logo_cropped.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\blank_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorders_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorder_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorder_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_left_curve.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_top_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_horiz.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_vertical.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropzone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_instructions.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\eraser.CUR (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\eraser_cursor.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\file_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\file_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\help.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorders.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_ff.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_file_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_file_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_phone_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_phone_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcams.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\loading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\loading_movie.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\locating.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_bottom.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_middle.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_top.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_slide_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\movie_placeholder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fast_forward_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind_to_start.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\playhead.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\powered_by.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\progress.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\restart.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\restart_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_over_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\tab_slide_deselected.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\tape_control.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_camcorder_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_file.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_file_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_phone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_phone_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_webcam_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_medium.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_thumbnail.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_from.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_gray.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_green.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_orange.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_red.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\waiting_for_email.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcams_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcam_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcam_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\messages\messages.en-US.bundle (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Updater\updater.exe (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Updater\updater.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Updater\VideoEggBroker.exe (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Updater\VideoEggBroker.exe.old (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Updater\4665\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tom\Application Data\VideoEgg\Updater\4665\updater.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\WINDOWS\tmark2.dat (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\fmark2.dat (Malware.Trace) -> Quarantined and deleted successfully.

;*******************************************************************************

********************************************************************************

*

*******************

ANALYSIS: 2008-11-23 14:16:38

PROTECTIONS: 1

MALWARE: 30

SUSPECTS: 1

;*******************************************************************************

********************************************************************************

*

*******************

PROTECTIONS

Description Version Active Updated

;===============================================================================

================================================================================

=

===================

Windows Defender 1.1.4104.0 No No

;===============================================================================

================================================================================

=

===================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===============================================================================

================================================================================

=

===================

00096188 spyware/searchcentrix Spyware No 1 Yes No hkey_current_user\software\dynamic toolbar

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Tom\Cookies\tom@doubleclick[5].txt

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Tom\Cookies\tom@doubleclick[4].txt

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Tom\Cookies\tom@doubleclick[3].txt

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Tom\Cookies\tom@doubleclick[2].txt

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Tom\Cookies\tom@doubleclick[1].txt

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Tom\Cookies\tom@doubleclick[8].txt

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Tom\Cookies\tom@doubleclick[6].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Tom\Cookies\tom@atdmt[8].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Tom\Cookies\tom@atdmt[7].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Tom\Cookies\tom@atdmt[6].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Tom\Cookies\tom@atdmt[5].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Tom\Cookies\tom@atdmt[1].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Tom\Cookies\tom@atdmt[2].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Tom\Cookies\tom@atdmt[3].txt

00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Tom\Cookies\tom@tradedoubler[2].txt

00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Tom\Cookies\tom@247realmedia[1].txt

00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Tom\Cookies\tom@fastclick[2].txt

00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Tom\Cookies\tom@fastclick[1].txt

00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Tom\Cookies\tom@tribalfusion[3].txt

00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Tom\Cookies\tom@tribalfusion[2].txt

00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Tom\Cookies\tom@tribalfusion[4].txt

00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Tom\Cookies\tom@mediaplex[3].txt

00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Tom\Cookies\tom@mediaplex[2].txt

00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Tom\Cookies\tom@mediaplex[1].txt

00147824 Cookie/Clickbank TrackingCookie No 0 Yes No C:\Documents and Settings\Tom\Cookies\tom@clickbank[1].txt

00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Tom\Cookies\tom@com[1].txt

00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Tom\Cookies\tom@statcounter[1].txt

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Tom\Cookies\tom@ad.yieldmanager[2].txt

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Tom\Cookies\tom@ad.yieldmanager[4].txt

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Tom\Cookies\tom@ad.yieldmanager[1].txt

00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Tom\Cookies\tom@apmebf[3].txt

00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Tom\Cookies\tom@apmebf[1].txt

00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Tom\Cookies\tom@apmebf[4].txt

00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Tom\Cookies\tom@apmebf[2].txt

00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Tom\Cookies\tom@burstnet[1].txt

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Tom\Cookies\tom@serving-sys[3].txt

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Tom\Cookies\tom@serving-sys[4].txt

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Tom\Cookies\tom@serving-sys[5].txt

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Tom\Cookies\tom@serving-sys[2].txt

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Tom\Cookies\tom@serving-sys[8].txt

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Tom\Cookies\tom@serving-sys[7].txt

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Tom\Cookies\tom@serving-sys[1].txt

00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Tom\Cookies\tom@bs.serving-sys[6].txt

00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Tom\Cookies\tom@bs.serving-sys[5].txt

00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Tom\Cookies\tom@bs.serving-sys[4].txt

00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Tom\Cookies\tom@bs.serving-sys[3].txt

00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Tom\Cookies\tom@bs.serving-sys[2].txt

00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Tom\Cookies\tom@bs.serving-sys[1].txt

00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Tom\Cookies\tom@adtech[5].txt

00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Tom\Cookies\tom@adtech[2].txt

00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Tom\Cookies\tom@adtech[3].txt

00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Tom\Cookies\tom@adtech[4].txt

00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Tom\Cookies\tom@adtech[1].txt

00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Family\Cookies\family@server.iad.liveperson[2].txt

00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Tom\Cookies\tom@advertising[1].txt

00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Tom\Cookies\tom@advertising[2].txt

00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Tom\Cookies\tom@advertising[3].txt

00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Tom\Cookies\tom@advertising[5].txt

00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Tom\Cookies\tom@advertising[7].txt

00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Tom\Cookies\tom@advertising[4].txt

00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Tom\Cookies\tom@media.adrevolver[1].txt

00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Tom\Cookies\tom@statse.webtrendslive[3].txt

00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Tom\Cookies\tom@statse.webtrendslive[2].txt

00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Tom\Cookies\tom@questionmarket[3].txt

00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Tom\Cookies\tom@questionmarket[5].txt

00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Tom\Cookies\tom@questionmarket[1].txt

00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Tom\Cookies\tom@questionmarket[2].txt

00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Tom\Cookies\tom@zedo[1].txt

00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Tom\Cookies\tom@zedo[2].txt

00172825 Joke/Stress Jokes No 0 Yes No C:\Documents and Settings\Tom\My Documents\Outlook Express Files\Thomas's Sent Items\Re .eml[sTRESS_REDUCER.EXE]

00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\Tom\Cookies\tom@bluestreak[1].txt

00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Tom\Cookies\tom@adrevolver[1].txt

00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Tom\Cookies\tom@adrevolver[3].txt

00207936 Cookie/Adviva TrackingCookie No 0 Yes No C:\Documents and Settings\Tom\Cookies\tom@adviva[4].txt

00207936 Cookie/Adviva TrackingCookie No 0 Yes No C:\Documents and Settings\Tom\Cookies\tom@adviva[3].txt

00207936 Cookie/Adviva TrackingCookie No 0 Yes No C:\Documents and Settings\Tom\Cookies\tom@adviva[2].txt

00444798 W32/Boface.G.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP661\A0119283.exe

03839851 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP678\A0122421.sys

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP649\A0105569.exe

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP650\A0106569.exe

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP650\A0106734.exe

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP650\A0107734.exe

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP650\A0108071.exe

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP651\A0108303.exe

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP651\A0108317.exe

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP651\A0108339.exe

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\Documents and Settings\Tom\Local Settings\Temp\Temporary Directory 2 for img87-y8_JPeG.zip\pic-798.jpg-thomasfoster@ntlworld.com

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP652\A0108369.exe

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP652\A0108390.exe

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP652\A0108408.exe

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP652\A0108420.exe

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP653\A0108445.exe

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP653\A0108479.exe

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP653\A0108494.exe

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP653\A0108508.exe

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP653\A0108522.exe

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP653\A0108542.exe

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP653\A0108557.exe

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP653\A0108571.exe

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP653\A0108584.exe

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP653\A0108604.exe

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP653\A0108619.exe

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP653\A0108639.exe

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP654\A0108661.exe

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP654\A0108683.exe

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP654\A0108704.exe

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP654\A0108738.exe

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP654\A0108761.exe

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP654\A0108799.exe

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP654\A0108835.exe

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP654\A0108863.exe

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP654\A0109864.exe

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP655\A0109878.exe

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP655\A0110879.exe

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP655\A0111879.exe

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP655\A0112879.exe

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP655\A0112899.exe

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP655\A0112927.exe

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP655\A0113926.exe

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP655\A0113938.exe

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP655\A0113952.exe

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP655\A0114953.exe

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP657\A0115008.exe

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP657\A0115028.exe

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP658\A0115042.exe

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP658\A0116043.exe

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP659\A0116201.exe

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP659\A0117188.exe

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP659\A0117226.exe

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP659\A0117238.exe

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP660\A0117267.exe

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP660\A0117285.exe

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP660\A0117290.exe

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP660\A0117310.exe

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP661\A0117347.exe

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP661\A0118348.exe

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP661\A0118384.exe

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP661\A0118417.exe

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP661\A0118427.exe

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP661\A0118437.exe

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP661\A0118474.exe

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP661\A0118561.exe

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP661\A0119208.exe

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP661\A0119252.exe

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP661\A0119264.exe

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP661\A0119276.exe

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\Documents and Settings\Tom\Local Settings\Temp\byzorizav.tmp

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP661\A0119292.exe

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP661\A0119374.exe

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP662\A0119417.exe

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP662\A0120417.exe

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP663\A0120435.exe

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP663\A0120446.exe

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP663\A0120458.exe

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP663\A0120472.exe

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP663\A0120515.exe

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP663\A0120530.exe

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP663\A0120542.exe

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP664\A0120574.exe

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP664\A0120585.exe

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP667\A0120709.exe

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP667\A0120728.exe

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP667\A0120751.exe

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP670\A0120837.exe

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP670\A0120848.exe

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP670\A0120884.exe

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP671\A0120917.exe

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP676\A0121322.exe

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP676\A0121337.exe

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP677\A0122336.exe

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP678\A0122377.exe

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP678\A0122390.exe

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP651\A0108352.exe

03971370 Generic Backdoor Virus/Trojan No 0 Yes No C:\WINDOWS\system32\gozennaquob.exe

mbam_log_2008_11_23__11_37_20_.txt

PandaActiveScan_23Nov_1416.txt

mbam_log_2008_11_23__11_37_20_.txt

PandaActiveScan_23Nov_1416.txt

Link to post
Share on other sites

...and here's the HJT log file...

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:24:42, on 23/11/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Virgin Broadband\PCguard\Fws.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Belkin\F5D7051\WLService.exe

C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe

C:\Program Files\Belkin\F5D7051\WLanCfgG.exe

C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe

C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe

C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe

C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe

C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe

C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\kunoobapyg.exe

C:\Program Files\Raxco\PerfectDisk\PDAgent.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\CyberLink\PowerCinema\PCMService.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe

C:\Program Files\Virgin Broadband\PCguard\Rps.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Raxco\PerfectDisk\PDEngine.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\WinTV\Ir.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Documents and Settings\Tom\My Documents\My Received Files\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/webhp?sourceid=nav...nt&ie=UTF-8

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = ARSENAL ARE THE BEST

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9090

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll

O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll

O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [{1290A33C-85F5-4164-A1BE-7DD299D4986A}] "C:\Program Files\CyberLink\PowerBackup\PBKScheduler.exe"

O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN

O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"

O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe"

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\RunOnce: [indexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\RunOnce: [indexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe

O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MSOFFI~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com

O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-03.sun.com/s/ESD5/JSCDL/jre...ows-i586-jc.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx

O20 - AppInit_DLLs:

O23 - Service: Belkin High-Speed Mode Wireless G USB Driver (Belkin High-Speed Mode Wireless G USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\F5D7051\WLService.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe

O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe

O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe

O23 - Service: EPGService - Hauppauge Computer Works - C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe

O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HauppaugeTVServer - Hauppauge Computer Works - C:\PROGRA~1\WinTV\HCWTVS~1.EXE

O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: BCL easyPDF SDK Loader (ogidu15uynijoxoe) - Unknown owner - C:\WINDOWS\system32\kunoobapyg.exe (file missing)

O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe

O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: Virgin Broadband PCguard Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe

O23 - Service: PCguard Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\Fws.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--

End of file - 12794 bytes

Link to post
Share on other sites

Hi SimonF and welcome to Malwarebytes. Please move HJT to it's own folder on C:\Program files.

Did you make this change R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = ARSENAL ARE THE BEST ?

Please run HJT in scan only and put a check next to the following items.

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O20 - AppInit_DLLs:

O23 - Service: BCL easyPDF SDK Loader (ogidu15uynijoxoe) - Unknown owner - C:\WINDOWS\system32\kunoobapyg.exe (file missing)

Reboot to normal mode. Update MBAM run a quick scan, post that log and a new HJT log please.

Edited by JeanInMontana
add instructions
Link to post
Share on other sites

Hi there,

This is looking better...

Yes, I made the change to the Internet Explorer window title...Arsenal is my son's favourite football team.

Here are the new log files...

MBAM

Malwarebytes' Anti-Malware 1.30

Database version: 1423

Windows 5.1.2600 Service Pack 3

25/11/2008 21:42:51

mbam-log-2008-11-25 (21-42-51).txt

Scan type: Quick Scan

Objects scanned: 64356

Time elapsed: 10 minute(s), 15 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

and a new HJT log...

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:45:59, on 25/11/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Virgin Broadband\PCguard\Fws.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Belkin\F5D7051\WLService.exe

C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe

C:\Program Files\Belkin\F5D7051\WLanCfgG.exe

C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe

C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe

C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe

C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe

C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Raxco\PerfectDisk\PDAgent.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\Program Files\CyberLink\PowerCinema\PCMService.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Raxco\PerfectDisk\PDEngine.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe

C:\Program Files\Virgin Broadband\PCguard\Rps.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\WinTV\Ir.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/webhp?sourceid=nav...nt&ie=UTF-8

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = ARSENAL ARE THE BEST

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9090

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll

O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll

O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [{1290A33C-85F5-4164-A1BE-7DD299D4986A}] "C:\Program Files\CyberLink\PowerBackup\PBKScheduler.exe"

O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN

O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"

O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe"

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\RunOnce: [indexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\RunOnce: [indexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe

O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MSOFFI~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com

O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-03.sun.com/s/ESD5/JSCDL/jre...ows-i586-jc.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx

O23 - Service: Belkin High-Speed Mode Wireless G USB Driver (Belkin High-Speed Mode Wireless G USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\F5D7051\WLService.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe

O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe

O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe

O23 - Service: EPGService - Hauppauge Computer Works - C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe

O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HauppaugeTVServer - Hauppauge Computer Works - C:\PROGRA~1\WinTV\HCWTVS~1.EXE

O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: BCL easyPDF SDK Loader (ogidu15uynijoxoe) - Unknown owner - C:\WINDOWS\system32\kunoobapyg.exe (file missing)

O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe

O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: Virgin Broadband PCguard Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe

O23 - Service: PCguard Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\Fws.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--

End of file - 12673 bytes

Please advise of any more action...many thanks

Link to post
Share on other sites

Hi SimonF,

I'm sorry for the delay, Jean' isn't available at the moment

If you still require help, please do the following

Download and Run RSIT

  • Please download Random's System Information Tool by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open:
    • log.txt will be opened maximized.
    • info.txt will be opened minimized.

    [*]Please post the contents of both log.txt and info.txt.

Link to post
Share on other sites

Hi Katana,

Thnaks for looking at this...wondered where jean had gone.

I think this machine is pretty clean now and I've switched the usual firewall back on, as it seems do more than the Windows firewall, but I just want to make sure so I have followed your instructions and here are the files you requested.

Things seem to be running ok but please let me know if you can see anything slightly iffy.

Thanks Simon

Logfile of random's system information tool 1.04 (written by random/random)

Run by Tom at 2008-11-30 21:31:06

Microsoft Windows XP Home Edition Service Pack 3

System drive C: has 59 GB (40%) free of 148 GB

Total RAM: 1023 MB (45% free)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:31:32, on 30/11/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Virgin Broadband\PCguard\Fws.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Belkin\F5D7051\WLService.exe

C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe

C:\Program Files\Belkin\F5D7051\WLanCfgG.exe

C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe

C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe

C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe

C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe

C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Raxco\PerfectDisk\PDAgent.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\Program Files\Raxco\PerfectDisk\PDEngine.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\CyberLink\PowerCinema\PCMService.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe

C:\Program Files\Virgin Broadband\PCguard\Rps.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\WinTV\Ir.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe

C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Documents and Settings\Tom\Desktop\RSIT.exe

C:\Program Files\Trend Micro\HiJackThis\Tom.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/webhp?sourceid=nav...nt&ie=UTF-8

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = ARSENAL ARE THE BEST

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9090

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll

O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll

O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [{1290A33C-85F5-4164-A1BE-7DD299D4986A}] "C:\Program Files\CyberLink\PowerBackup\PBKScheduler.exe"

O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN

O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"

O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe"

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\RunOnce: [indexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\RunOnce: [indexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe

O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MSOFFI~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com

O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-03.sun.com/s/ESD5/JSCDL/jre...ows-i586-jc.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx

O23 - Service: Belkin High-Speed Mode Wireless G USB Driver (Belkin High-Speed Mode Wireless G USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\F5D7051\WLService.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe

O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe

O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe

O23 - Service: EPGService - Hauppauge Computer Works - C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe

O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HauppaugeTVServer - Hauppauge Computer Works - C:\PROGRA~1\WinTV\HCWTVS~1.EXE

O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: BCL easyPDF SDK Loader (ogidu15uynijoxoe) - Unknown owner - C:\WINDOWS\system32\kunoobapyg.exe (file missing)

O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe

O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: Virgin Broadband PCguard Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe

O23 - Service: PCguard Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\Fws.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--

End of file - 12714 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3C060EA2-E6A9-4E49-A530-D4657B8C449A}]

PopKill Class - C:\Program Files\Virgin Broadband\PCguard\pkR.dll [2007-09-05 55024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]

UrlHelper Class - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll [2007-12-02 394680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-20 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - c:\program files\google\googletoolbar4.dll [2007-01-19 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-10-09 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-20 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-20 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2005-08-04 343112]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar4.dll [2007-01-19 2403392]

{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - BearShare MediaBar - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll [2007-12-02 480696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"PCMService"=C:\Program Files\CyberLink\PowerCinema\PCMService.exe [2005-01-14 110744]

"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]

"{1290A33C-85F5-4164-A1BE-7DD299D4986A}"=C:\Program Files\CyberLink\PowerBackup\PBKScheduler.exe [2004-06-08 69721]

"Ptipbmf"=C:\WINDOWS\system32\ptipbmf.dll [2003-06-20 118784]

"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAShCut.exe [2004-10-27 61952]

"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-04-11 180269]

"NeroCheck"=C:\WINDOWS\system32\NeroCheck.exe [2003-07-13 155648]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-10-10 7286784]

"nwiz"=nwiz.exe /install []

"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2005-10-10 86016]

"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2005-10-26 159744]

"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-06 57344]

"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2005-11-25 98304]

"Broadbandadvisor.exe"=C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe [2007-08-07 2061552]

"PCguard"=C:\Program Files\Virgin Broadband\PCguard\Rps.exe [2007-09-05 310000]

"-FreedomNeedsReboot"=C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe [2007-09-05 13552]

"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]

"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-20 136600]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"IndexCleaner"=C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe [2007-09-05 61168]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-05-22 68856]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"IndexCleaner"=C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe [2007-09-05 61168]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup

Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

AutoStart IR.lnk - C:\Program Files\WinTV\Ir.exe

EPSON Status Monitor 3 Environment Check 2.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\CyberLink\PowerCinema\PowerCinema.exe"="C:\Program Files\CyberLink\PowerCinema\PowerCinema.exe:*:Enabled:PowerCinema"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Football Manager 2008\fm.exe"="C:\Program Files\Football Manager 2008\fm.exe:*:Enabled:Football Manager 2008"

"C:\Program Files\America's Army\System\ArmyOps.exe"="C:\Program Files\America's Army\System\ArmyOps.exe:*:Enabled:ArmyOps"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

======List of files/folders created in the last 1 months======

2008-11-30 21:31:06 ----D---- C:\rsit

2008-11-25 21:18:34 ----D---- C:\Program Files\Trend Micro

2008-11-23 12:01:46 ----D---- C:\Program Files\Panda Security

2008-11-23 11:11:20 ----D---- C:\Documents and Settings\Tom\Application Data\Malwarebytes

2008-11-23 11:11:14 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2008-11-23 11:11:14 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-11-23 10:42:44 ----D---- C:\Program Files\Spybot - Search & Destroy

2008-11-23 09:53:11 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-11-20 21:09:47 ----A---- C:\WINDOWS\system32\javaws.exe

2008-11-20 21:09:47 ----A---- C:\WINDOWS\system32\javaw.exe

2008-11-20 21:09:47 ----A---- C:\WINDOWS\system32\java.exe

2008-11-20 21:09:47 ----A---- C:\WINDOWS\system32\deploytk.dll

2008-11-20 21:09:24 ----D---- C:\Program Files\Java

2008-11-17 19:21:13 ----D---- C:\Program Files\Windows Defender

2008-11-16 20:05:39 ----D---- C:\Program Files\Windows Live Safety Center

2008-11-16 13:01:58 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$

2008-11-16 13:01:18 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$

2008-11-16 13:00:26 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$

2008-11-16 12:54:54 ----D---- C:\8f6c73d5b395f91c7b4c7f49d2e08246

2008-11-10 20:20:10 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2

2008-11-10 11:36:27 ----D---- C:\Program Files\Raxco

2008-11-10 11:36:27 ----D---- C:\Documents and Settings\All Users\Application Data\Raxco

2008-11-09 17:58:36 ----D---- C:\Program Files\Common Files\Authentium

2008-11-09 17:58:25 ----D---- C:\Program Files\CA

2008-11-09 17:58:23 ----D---- C:\Program Files\Common Files\Scanner

2008-11-09 17:56:43 ----D---- C:\Documents and Settings\Tom\Application Data\InstallShield

2008-11-09 17:55:14 ----D---- C:\Documents and Settings\Tom\Application Data\Virgin Broadband

2008-11-09 17:55:10 ----D---- C:\Program Files\Virgin Broadband

2008-11-09 17:55:10 ----D---- C:\Documents and Settings\All Users\Application Data\Virgin Broadband

2008-11-04 21:42:06 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$

2008-11-04 21:42:00 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$

2008-11-04 21:41:54 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$

2008-11-04 21:40:22 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$

2008-11-04 21:40:11 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$

2008-11-04 21:37:44 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$

======List of files/folders modified in the last 1 months======

2008-11-30 21:18:19 ----D---- C:\Program Files\WinTV

2008-11-30 19:39:07 ----SD---- C:\WINDOWS\Tasks

2008-11-30 19:37:51 ----SHD---- C:\RECYCLER

2008-11-30 19:37:50 ----SHD---- C:\WINDOWS\Installer

2008-11-30 19:37:50 ----SHD---- C:\Config.Msi

2008-11-30 19:37:47 ----D---- C:\WINDOWS\Temp

2008-11-30 19:37:13 ----D---- C:\WINDOWS\system32\CatRoot2

2008-11-30 19:36:31 ----AD---- C:\WINDOWS

2008-11-30 19:36:24 ----D---- C:\WINDOWS\system32\ias

2008-11-30 19:36:11 ----D---- C:\WINDOWS\system32\Macromed

2008-11-29 22:47:16 ----A---- C:\WINDOWS\SchedLgU.Txt

2008-11-29 21:04:09 ----SD---- C:\WINDOWS\Downloaded Program Files

2008-11-29 21:04:07 ----HD---- C:\WINDOWS\inf

2008-11-29 15:45:57 ----A---- C:\WINDOWS\system32\PnkBstrB.exe

2008-11-29 12:03:53 ----D---- C:\WINDOWS\Debug

2008-11-25 21:18:45 ----RD---- C:\Program Files

2008-11-24 17:02:33 ----D---- C:\WINDOWS\system32

2008-11-23 12:04:02 ----D---- C:\WINDOWS\system32\drivers

2008-11-22 16:53:09 ----RSHDC---- C:\WINDOWS\system32\dllcache

2008-11-22 09:57:46 ----D---- C:\WINDOWS\Help

2008-11-20 20:48:49 ----D---- C:\Program Files\Common Files

2008-11-17 19:21:13 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft

2008-11-16 13:01:57 ----HD---- C:\WINDOWS\$hf_mig$

2008-11-16 13:00:19 ----D---- C:\WINDOWS\WinSxS

2008-11-16 10:22:03 ----D---- C:\Program Files\America's Army

2008-11-09 18:15:02 ----D---- C:\WINDOWS\Registration

2008-11-09 17:58:19 ----D---- C:\Program Files\ComPlus Applications

2008-11-09 17:57:04 ----HD---- C:\Program Files\InstallShield Installation Information

2008-11-09 17:42:36 ----D---- C:\WINDOWS\Prefetch

2008-11-09 10:18:59 ----D---- C:\WINDOWS\system32\FxsTmp

2008-11-05 13:08:12 ----D---- C:\WINDOWS\system32\wbem

2008-11-05 13:08:12 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2008-11-04 21:41:42 ----D---- C:\Program Files\Internet Explorer

2008-11-04 21:41:33 ----D---- C:\WINDOWS\ie7updates

2008-11-04 21:41:09 ----A---- C:\WINDOWS\win.ini

2008-11-03 16:10:26 ----A---- C:\WINDOWS\system32\MRT.exe

2008-11-02 19:00:34 ----D---- C:\Documents and Settings\All Users\Application Data\WLInstaller

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Athlon64 Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2003-11-07 35328]

R1 HCW88AUD;Hauppauge WinTV 88x Audio Capture; C:\WINDOWS\system32\drivers\hcw88aud.sys [2007-01-23 11904]

R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2007-02-20 5632]

R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-03-01 17801]

R2 CSS DVP;Dynamic Virus Protection; C:\WINDOWS\system32\DRIVERS\css-dvp.sys [2007-11-26 835792]

R2 RPSKT;Security Services Driver (x86); C:\WINDOWS\system32\DRIVERS\rp_skt32.sys [2008-11-10 53192]

R3 GTNDIS5;GTNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\GTNDIS5.SYS []

R3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod; C:\WINDOWS\system32\drivers\hcw88bda.sys [2007-01-23 207872]

R3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture; C:\WINDOWS\system32\drivers\hcw88tse.sys [2007-01-23 299776]

R3 HCW88TUNE;Hauppauge WinTV 88x Tuner; C:\WINDOWS\system32\drivers\hcw88tun.sys [2007-01-23 149504]

R3 hcw88vid;Hauppauge WinTV 88x Video; C:\WINDOWS\system32\drivers\hcw88vid.sys [2007-01-23 498176]

R3 HCW88XBAR;Hauppauge WinTV 88x Crossbar; C:\WINDOWS\system32\drivers\HCW88BAR.sys [2007-01-23 23552]

R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-10-27 145920]

R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]

R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-10-10 3530432]

R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-07-29 12928]

R3 RPPKT;Radialpoint Filter (x86); C:\WINDOWS\system32\DRIVERS\rp_pkt32.sys [2007-04-19 48384]

R3 USB_RNDIS;Belkin High-Speed Mode Wireless G USB Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]

S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]

S3 cpuz;cpuz; \??\E:\cpuz.sys []

S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]

S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]

S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]

S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]

S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-07-29 34048]

S3 PnkBstrK;PnkBstrK; \??\C:\WINDOWS\system32\drivers\PnkBstrK.sys []

S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]

S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S3 W700bus;Sony Ericsson W700 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\W700bus.sys [2006-02-19 61536]

S3 W700mdfl;Sony Ericsson W700 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\W700mdfl.sys [2006-02-19 9264]

S3 W700mdm;Sony Ericsson W700 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\W700mdm.sys [2006-02-19 97056]

S3 W700mgmt;Sony Ericsson W700 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\W700mgmt.sys [2006-02-19 88560]

S3 W700obex;Sony Ericsson W700 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\W700obex.sys [2006-02-19 86368]

S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]

S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]

S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]

S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]

S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]

S4 fasttx2k;fasttx2k; C:\WINDOWS\system32\DRIVERS\fasttx2k.sys [2003-08-06 159744]

S4 iaStor;Intel AHCI Controller; C:\WINDOWS\system32\DRIVERS\iaStor.sys [2004-04-20 472960]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]

S4 m5287;m5287; C:\WINDOWS\system32\DRIVERS\m5287.sys [2005-02-05 85888]

S4 m5289;m5289; C:\WINDOWS\system32\DRIVERS\m5289.sys [2004-12-01 51840]

S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]

S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

S4 viamraid;viamraid; C:\WINDOWS\system32\DRIVERS\viamraid.sys [2004-03-29 73600]

S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Belkin High-Speed Mode Wireless G USB Network Adapter Service;Belkin High-Speed Mode Wireless G USB Driver; C:\Program Files\Belkin\F5D7051\WLService.exe [2004-03-29 49152]

R2 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe [2005-01-14 172153]

R2 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe [2005-01-14 110711]

R2 CyberLink Media Library Service;CyberLink Media Library Service; C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe [2005-01-14 24576]

R2 dvpapi;DvpApi; C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe [2007-11-27 177448]

R2 EPGService;EPGService; C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe [2006-11-28 361984]

R2 EPSONStatusAgent2;EPSON Printer Status Agent2; C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe [2001-08-09 90112]

R2 ITMRTSVC;CA Pest Patrol Realtime Protection Service; C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe [2006-12-19 280080]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-20 152984]

R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-10-10 131139]

R2 PDAgent;PDAgent; C:\Program Files\Raxco\PerfectDisk\PDAgent.exe [2008-04-28 414984]

R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-02-19 66872]

R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2008-11-29 202352]

R2 RP_FWS;PCguard Firewall; C:\Program Files\Virgin Broadband\PCguard\Fws.exe [2007-09-05 293104]

R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2003-11-12 49152]

R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]

R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

R3 PDEngine;PDEngine; C:\Program Files\Raxco\PerfectDisk\PDEngine.exe [2008-04-28 738568]

R3 RPSUpdaterR;Virgin Broadband PCguard Update Service; C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe [2008-11-10 99056]

S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]

S2 ogidu15uynijoxoe;BCL easyPDF SDK Loader; C:\WINDOWS\system32\kunoobapyg.exe []

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]

S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-26 138168]

S3 HauppaugeTVServer;HauppaugeTVServer; C:\PROGRA~1\WinTV\HCWTVS~1.EXE [2007-02-20 815104]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 Radialpoint Security Services;Virgin Broadband PCguard; C:\WINDOWS\system32\dllhost.exe [2008-04-14 5120]

S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]

S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]

S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.04 2008-11-30 21:31:35

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Adobe Download Manager 2.0 (Remove Only)-->"C:\Program Files\Common Files\Adobe\ESD\uninst.exe"

Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Photoshop 7.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"

Adobe Reader 7.0.7-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70700000002}

Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log

Adobe

Link to post
Share on other sites

Step 1

Remove Programs

Older versions of some programs have vulnerabilities that malware can use to infect your system.

Now click Start---Control Panel. Double click Add or Remove Programs (XP) / Programs and Features (Vista) . If any of the following programs are listed there,

click on the program to highlight it, and click on remove.

  • Adobe Reader 7.0.7 << See below for updating Adobe
  • BearShare MediaBar << Malware Related

Now close the Control Panel.

----------------------------------------------------------- -----------------------------------------------------------

Step 2

OTMoveIt

Please download OTMoveIt3 by OldTimer and save it to your desktop

  • Double-click OTMoveIt3.exe to run it.
  • Copy the lines in the codebox below. ( Make sure you include :Services )
:Servicesogidu15uynijoxoe:Reg[-hkey_current_user\software\dynamic toolbar]:FilesC:\WINDOWS\system32\kunoobapyg.exe:Commands[Purity][EmptyTemp]
  • Return to OTMoveIt3, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar), and paste it in your next reply.
  • Close OTMoveIt3

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

----------------------------------------------------------- -----------------------------------------------------------

Step 3

Fix With HJT

Close all other windows and then start HiJack This

Click Do A System Scan Only

When it has finished scanning put a check next to the following lines IF still present

Unless you set these proxy settings yourself, I recommend you fix these also

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9090

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>

O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll

O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe"

O23 - Service: BCL easyPDF SDK Loader (ogidu15uynijoxoe) - Unknown owner - C:\WINDOWS\system32\kunoobapyg.exe (file missing)

- Close ALL open windows (especially Internet Explorer!)-

Now click Fix checked

Click yes to any prompts

Close HijackThis

----------------------------------------------------------- -----------------------------------------------------------

Step 4

Logs/Information to Post in Reply

Please post the following logs/Information in your reply

  • OTMI Log
  • A Fresh HJT log
  • Are there any problems now ?

----------------------------------------------------------- -----------------------------------------------------------

Additional Notes

Your Adobe Acrobat Reader is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Adobe Reader is a large program and uses unnecessary space.

If you prefer a smaller program you can get Foxit 2.0 from http://www.foxitsoftware.com/pdf/rd_intro.php << Recommended

There is a newer version of Adobe Acrobat Reader available.

  • Please go to this link Adobe Acrobat Reader Download Link
  • Click Download
  • On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
  • Click the Continue button
  • Click Run, and click Run again
  • Next click the Install Now button and follow the on screen prompts

When the installation is complete go to Add/Remove Programs and uninstall all previous versions.

Link to post
Share on other sites

Hi Katana,

Here are the new log files you wanted to see. There's just one line I haven't taken out with HJT yet as I wanted to check with you.

O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe"

I've not yet deleted this...PC Guard is the anti-virus/spyware that we use from Virgin Media. Can you confirm ok to delete this line?

Everything seems to be running much better...please let me know if you have any further recommendations.

OTMI log

========== SERVICES/DRIVERS ==========

Service ogidu15uynijoxoe stopped successfully.

Service ogidu15uynijoxoe deleted successfully.

========== REGISTRY ==========

Registry key hkey_current_user\software\dynamic toolbar\\ not found.

========== FILES ==========

File/Folder C:\WINDOWS\system32\kunoobapyg.exe not found.

========== COMMANDS ==========

User's Temp folder emptied.

User's Temporary Internet Files folder emptied.

User's Internet Explorer cache folder emptied.

Local Service Temp folder emptied.

File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

Local Service Temporary Internet Files folder emptied.

File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_1d4.dat scheduled to be deleted on reboot.

Windows Temp folder emptied.

Java cache emptied.

Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12062008_194701

Files moved on Reboot...

File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.

File C:\WINDOWS\temp\Perflib_Perfdata_1d4.dat not found!

HJT Log

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:03:07, on 06/12/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Virgin Broadband\PCguard\Fws.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Belkin\F5D7051\WLService.exe

C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe

C:\Program Files\Belkin\F5D7051\WLanCfgG.exe

C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe

C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe

C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe

C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe

C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe

C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Raxco\PerfectDisk\PDAgent.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Raxco\PerfectDisk\PDEngine.exe

C:\Program Files\CyberLink\PowerCinema\PCMService.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe

C:\Program Files\Virgin Broadband\PCguard\Rps.exe

C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\WinTV\Ir.exe

C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/webhp?sourceid=nav...nt&ie=UTF-8

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = ARSENAL ARE THE BEST

O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [{1290A33C-85F5-4164-A1BE-7DD299D4986A}] "C:\Program Files\CyberLink\PowerBackup\PBKScheduler.exe"

O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN

O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"

O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe"

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\RunOnce: [indexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\RunOnce: [indexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe

O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MSOFFI~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com

O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-03.sun.com/s/ESD5/JSCDL/jre...ows-i586-jc.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx

O23 - Service: Belkin High-Speed Mode Wireless G USB Driver (Belkin High-Speed Mode Wireless G USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\F5D7051\WLService.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe

O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe

O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe

O23 - Service: EPGService - Hauppauge Computer Works - C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe

O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HauppaugeTVServer - Hauppauge Computer Works - C:\PROGRA~1\WinTV\HCWTVS~1.EXE

O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe

O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: Virgin Broadband PCguard Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe

O23 - Service: PCguard Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\Fws.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--

End of file - 11492 bytes

Thanks very much for your help

cheers Simon

Link to post
Share on other sites

O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe"

I've not yet deleted this...PC Guard is the anti-virus/spyware that we use from Virgin Media. Can you confirm ok to delete this line?

I've helped a lot of people where this was causing problems at shutdown.

If you aren't having any trouble, you can leave it alone.

Congratulations your logs look clean :D

Let's see if I can help you keep it that way

First lets tidy up

Open OTMoveIt Click Cleanup,

it will now connect to the internet and get a list of files to delete.

When a box pops up click YES.

Please delete RSIT.exe and C:\RSIT (entire folder)

Delete any logs we have produced and empty your recycle bin

Set correct settings for files that should be hidden in Windows XP

  • Click Start > My Computer > Tools menu (at top of page) > Folder Options > View tab.

  • Under "Hidden files and folders" if necessary select Do not show hidden files and folders.

  • If unchecked please checkHide protected operating system files (Recommended)

  • If necessary check "Display content of system folders"

  • If necessary Uncheck Hide file extensions for known file types. << This helps identify rogue files

  • Click OK

Reset System Restore.

Now you should disable System restore to purge any infected files and then re-enable it,

On the Desktop, right-click My Computer.

Click Properties.

Click the System Restore tab.

Check Turn off System Restore.

Click Apply, and then click OK.

Restart your computer

Turn ON System Restore

On the Desktop, right-click My Computer.

Click Properties.

Click the System Restore tab.

Un-Check Turn off System Restore.

Click Apply, and then click OK.

----------------------------------------------------------- -----------------------------------------------------------

The following is some info to help you stay safe and clean.

You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future.

( Vista users must ensure that any programs are Vista compatible BEFORE installing )

Online Scanners

I would recommend a scan at one or more of the following sites at least once a month.

http://www.pandasecurity.com/activescan

http://www.kaspersky.com/kos/eng/partner/7...kavwebscan.html

!!! Make sure that all your programs are updated !!!

Secunia Software Inspector does all the work for you, .... see HERE for details

AntiSpyware

  • AntiSpyware is not the same thing as Antivirus.

    Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.

    You should only have one running all the time, the other/s should be used "on demand" on a regular basis.

    Most of the programs in this list have a free (for Home Users ) and paid versions,

    it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.

  • Spybot - Search & Destroy <<< A must have program
    • It includes host protection and registry protection

    • A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites

    [*] MalwareBytes Anti-malware <<< A New and effective program

    [*]a-squared Free <<< A good "realtime" or "on demand" scanner

    [*]superantispyware <<< A good "realtime" or "on demand" scanner

Prevention

  • These programs don't detect malware, they help stop it getting on your machine in the first place.

    Each does a different job, so you can have more than one

  • Winpatrol
    • An excellent startup manager and then some !!

    • Notifies you if programs are added to startup

    • Allows delayed startup

    • A must have addition

    [*]SpywareBlaster 4.0

    • SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.

    [*]SpywareGuard 2.2

    • SpywareGuard provides real-time protection against spyware.

    • Not required if you have other "realtime" antispyware or Winpatrol

    [*]ZonedOut

    • Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.

    [*]MVPS HOSTS

    • This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.

    • For information on how to download and install, please read this tutorial by WinHelp2002.

    • Not required if you are using other host file protections

Internet Browsers

  • Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys.

    Using a different web browser can help stop malware getting on your machine.

    • Make your Internet Explorer more secure - This can be done by following these simple instructions:
      1. From within Internet Explorer click on the Tools menu and then click on Options.

      2. Click once on the Security tab

      3. Click once on the Internet icon so it becomes highlighted.

      4. Click once on the Custom Level button.

        • Change the Download signed ActiveX controls to Prompt

        • Change the Download unsigned ActiveX controls to Disable

        • Change the Initialise and script ActiveX controls not marked as safe to Disable

        • Change the Installation of desktop items to Prompt

        • Change the Launching programs and files in an IFRAME to Prompt

        • Change the Navigate sub-frames across different domains to Prompt

        • When all these settings have been made, click on the OK button.

        • If it prompts you as to whether or not you want to save the settings, press the Yes button.

      [*]Next press the Apply button and then the OK to exit the Internet Properties page.

If you are still using IE6 then either update, or get one of the following.

  • FireFox
    • With many addons available that make customization easy this is a very popular choice

    • NoScript and AdBlockPlus addons are essential

    [*]Opera

    • Another popular alternative

    [*]Netscape

    • Another popular alternative

    • Also has Addons available

Cleaning Temporary Internet Files and Tracking Cookies

  • Temporary Internet Files are mainly the files that are downloaded when you open a web page.

    Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware.

    It is a good idea to empty the Temporary Internet Files folder on a regular basis.

    Tracking Cookies are files that websites use to monitor which sites you visit and how often.

    A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted.

    CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords

    Both of these can be cleaned manually, but a quicker option is to use a program

  • ATF Cleaner
    • Free and very simple to use

    [*]CCleaner

    • Free and very flexible, you can chose which cookies to keep

Also PLEASE read this article.....So How Did I Get Infected In The First Place

The last and most important thing I can tell you is UPDATE.

If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.

Malware changes on a day to day basis. You should update every week at the very least.

If you follow this advice then (with a bit of luck) you will never have to hear from me again :)

If you could post back one more time to let me know everything is OK, then I can have this thread archived.

Happy surfing K'

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.