I see a lot of concern about this big file and that the system apparently freezes for everyone concerned with scanning the Firefox / thunderbird folders with the DviX web player installed. I had concerns as well, but done a bit of playing and analyzing, Hopefully I can put this to bed for a lot of people. From what I have read of late and listening to a podcast about Nods advanced heuristics engine is it creates a sandbox environment and emulates (or at least tries to) what a specific file does so it can evaluate if the file is malicious or not. So the temp file created must be the sandbox environment. The 1.6gb and 880mb files created are very near to the sizee of a double and single cd dvix avi movie respectively, so seeing that I would say that dll is used in the process of encoding as well as just playing. In this image the folder properties report 160 files, yet EAV has scanned a total of 1593 written files (this scan was a selective only on thunderbird) Now in this image we see that EAV has not stopped responding, but is in fact running and using bucket loads of IO, but utilizing very little CPU time to do its job, I like that, means I can get on with other stuff and not have the CPU tied up in a scan. Now this image is a snip of a Sys Internals filemon log, this log was huge a total of 178023 file read/write operations (I wont post the log it was 12 meg in size) So to sum it up for those out there worried about this. NOD32 is doing its job on a file that looks like it is used to create AVI files of 1.6gb in size, and using very little in the way of resources to do it (nice move eset), that is why it seems to hang, it is not hanging it is grinding away at its job. Just give it time it will complete in time depending on your system specs. My system took just over 4 minutes to do the task and it is no slow box. Hope this helps, If any other have a theory on this it would be good to hear you chim in as well.