Sponsored By

jmackin

Members
  • Content Count

    13
  • Joined

  • Last visited

About jmackin

  • Rank
    Member
  1. ok this did not show anything - we did uninstall a bunch of toolbars he had and this is when it happened - we thought it was adware or malware but I don't think this showed anything any suggestions you have would be great - also why is everything locked? thanks ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Thursday, March 20, 2008 7:55:17 AM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 20/03/2008 Kaspersky Anti-Virus database records: 643114 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ Scan Statistics: Total number of scanned objects: 59545 Number of viruses found: 0 Number of infected objects: 0 Number of suspicious objects: 0 Duration of the scan process: 00:54:00 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\administrator.VOICETEXT.COM\NTUSER.DAT Object is locked skipped C:\Documents and Settings\administrator.VOICETEXT.COM\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped C:\Documents and Settings\kevin\Application Data\acccore\nss\cert8.db Object is locked skipped C:\Documents and Settings\kevin\Application Data\acccore\nss\key3.db Object is locked skipped C:\Documents and Settings\kevin\Application Data\Microsoft\Templates\Normal.dot Object is locked skipped C:\Documents and Settings\kevin\Application Data\Microsoft\Word\AutoRecovery save of Document1.asd Object is locked skipped C:\Documents and Settings\kevin\Cookies\index.dat Object is locked skipped C:\Documents and Settings\kevin\Local Settings\Application Data\AOL OCP\AIM\Storage\All Users\localStorage\common.cls Object is locked skipped C:\Documents and Settings\kevin\Local Settings\Application Data\AOL OCP\AIM\Storage\data\vtoper5\localStorage\common.cls Object is locked skipped C:\Documents and Settings\kevin\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped C:\Documents and Settings\kevin\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\pending.dat Object is locked skipped C:\Documents and Settings\kevin\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_164C_3CF8_4C3C_D3E9\dfsr.db Object is locked skipped C:\Documents and Settings\kevin\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_164C_3CF8_4C3C_D3E9\fsr.log Object is locked skipped C:\Documents and Settings\kevin\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_164C_3CF8_4C3C_D3E9\fsrtmp.log Object is locked skipped C:\Documents and Settings\kevin\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_164C_3CF8_4C3C_D3E9\tmp.edb Object is locked skipped C:\Documents and Settings\kevin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\kevin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\kevin\Local Settings\Application Data\Microsoft\Windows Live Contacts\[email protected]\real\members.stg Object is locked skipped C:\Documents and Settings\kevin\Local Settings\Application Data\Microsoft\Windows Live Contacts\[email protected]\shadow\members.stg Object is locked skipped C:\Documents and Settings\kevin\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\kevin\Local Settings\Temp\~DF738F.tmp Object is locked skipped C:\Documents and Settings\kevin\Local Settings\Temp\~DF8BA6.tmp Object is locked skipped C:\Documents and Settings\kevin\Local Settings\Temp\~DFA6B9.tmp Object is locked skipped C:\Documents and Settings\kevin\Local Settings\Temp\~DFA6C4.tmp Object is locked skipped C:\Documents and Settings\kevin\Local Settings\Temp\~DFAD88.tmp Object is locked skipped C:\Documents and Settings\kevin\Local Settings\Temp\~DFAD94.tmp Object is locked skipped C:\Documents and Settings\kevin\Local Settings\Temp\~WRD0002.doc Object is locked skipped C:\Documents and Settings\kevin\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\kevin\NTUSER.DAT Object is locked skipped C:\Documents and Settings\kevin\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\sarah\NTUSER.DAT Object is locked skipped C:\Documents and Settings\sarah\ntuser.dat.LOG Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped C:\Program Files\Symantec AntiVirus\SAVRT529NAV~.TMP Object is locked skipped C:\Program Files\Symantec AntiVirus\SAVRT566NAV~.TMP Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\WINDOWS\CSC0000001 Object is locked skipped C:\WINDOWS\Debug\Netlogon.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{781B4C6C-2F8C-4DA4-B36D-5D0DDFAFFF5C}.bin Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\DEFAULT Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SYSTEM Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed.
  2. I am hoping you got the log above ;-) Thanks
  3. WOW and here it is: Here you go. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:38:34 PM, on 3/19/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Symantec AntiVirus\SavRoam.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPNRA.EXE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBOID.EXE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBPRO.EXE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBPRO.EXE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBOID.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\stsystra.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\AIM6\aim6.exe C:\Program Files\Palm\Hotsync.exe C:\Program Files\AIM6\aolsoftware.exe C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\Program Files\Octave\OCIConsole 2.3.2\OCIConsole.exe C:\Program Files\Octave\OCIConsole 2.3.2\OCIConsole.exe C:\Program Files\Octave\OCIConsole\OCIConsole.exe C:\Program Files\Avaya\Bridge Talk\Avaya Bridge Talk.exe C:\Program Files\Avaya\Bridge Talk\jre\bin\javaw.exe C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE C:\Program Files\Microsoft Office\Office10\WINWORD.EXE C:\Program Files\Windows Live\Messenger\msvs.exe C:\Program Files\Windows Live\Messenger\msvs.exe C:\Program Files\Sony\Sound Forge 8.0\Forge80.exe C:\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe C:\Program Files\FileMaker\FileMaker Pro 8.5\FileMaker Pro.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 O4 - HKUS\S-1-5-21-2087260228-25641292-1621235808-1277\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'sarah') O4 - HKUS\S-1-5-21-2087260228-25641292-1621235808-1277\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'sarah') O4 - HKUS\S-1-5-21-2087260228-25641292-1621235808-1277\..\Run: [Aim6] (User 'sarah') O4 - HKUS\S-1-5-21-2087260228-25641292-1621235808-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'administrator') O4 - Startup: Palm Registration.lnk = C:\Program Files\Palm\register.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1203611423422 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL/jre/6u...ows-i586-jc.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = voicetext.com O17 - HKLM\Software\..\Telephony: DomainName = voicetext.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = voicetext.com O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBPRO.EXE O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBOID.EXE O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- End of file - 9432 bytes
  4. Thank you!! I will do this now and post results here?
  5. I need some help a computer of mine currently can't view and web sites it redirects to URL's that are not real as I have tried to open on another computer... I know I need to post a log and move forward so any assistance would be greatly appreciated - I am not very techie so I need someone who can explain it in a child language to ensure I do everything right. Thank you in advance! I also have messenger if anyone would like to make this quicker ;-)
  6. Yes it is muted and if I uncheck mute and hit reply it auto mutes it again...Are you ava via Yahoo Messenger or AOL or MSN ? It would be great if you could help me
  7. There are a lot of sound and video cards and I went thru them all and they all say working properly - Arggg
  8. I am hoping someone can help I have been ALL over the web and would love to be on chat with someone to make this work. I have a XP Pro computer and I can remote into user 1 and have all sounds and programs and if I log in as user 2 I have no sounds and errors even trying to play control panel windows sounds. I have looked all over the web and yes it is set to bring to this computer but the mute is always muted... ANY help would be appreciated - my IM is: [email protected] Thank you in advance!!
  9. Ryan, I think I got pretty much everything out by scanning the hell out of it like five million times with five million programs ;-) Thanks for checking on it I will restart when you say - PS I did like your blogs WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
  10. combo below: ComboFix 08-01-23.1C - Jennifer Mackin 2008-01-26 17:48:35.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.369 [GMT -6:00] Running from: C:\Documents and Settings\Jennifer Mackin\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Jennifer Mackin\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE C:\Documents and Settings\Jennifer Mackin\Desktop\IPOD Movies\BitLord_1.1.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Jennifer Mackin\Desktop\IPOD Movies\BitLord_1.1.exe . ((((((((((((((((((((((((( Files Created from 2007-12-26 to 2008-01-26 ))))))))))))))))))))))))))))))) . 2008-01-26 10:14 . 2008-01-26 10:14 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-01-25 09:10 . 2008-01-25 09:10 <DIR> d-------- C:\WINDOWS\LastGood 2008-01-24 20:53 . 2006-10-04 08:06 1,197,294 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb 2008-01-24 20:53 . 2006-10-04 08:06 764,868 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb 2008-01-24 20:53 . 2006-10-04 08:06 217,118 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb 2008-01-24 20:52 . 2008-01-24 20:52 <DIR> d-------- C:\Program Files\Windows Media Connect 2 2008-01-24 20:50 . 2008-01-24 20:50 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2008-01-24 20:50 . 2008-01-24 20:51 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF 2008-01-23 20:18 . 2008-01-23 20:18 <DIR> d-------- C:\Program Files\Common Files\xing shared 2008-01-21 16:49 . 2008-01-21 18:03 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2008-01-21 16:49 . 2008-01-21 16:49 30,590 --a------ C:\WINDOWS\system32\pavas.ico 2008-01-21 16:49 . 2008-01-21 16:49 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico 2008-01-21 16:49 . 2008-01-21 16:49 1,406 --a------ C:\WINDOWS\system32\Help.ico 2008-01-21 16:00 . 2008-01-21 16:00 <DIR> d-------- C:\Program Files\Citrix 2008-01-21 04:56 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-01-21 04:56 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-01-20 22:20 . 2008-01-21 17:54 <DIR> d-------- C:\Program Files\Windows Defender 2008-01-20 22:17 . 2008-01-20 22:23 <DIR> d-------- C:\Program Files\Windows Live Safety Center 2008-01-20 21:41 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-20 19:02 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-01-20 18:54 . 2008-01-26 10:14 <DIR> d-------- C:\WINDOWS\Downloaded Program Files 2008-01-20 18:54 . 2005-07-04 16:03 1,650,688 --a------ C:\WINDOWS\system32\qdiagdwc.ocx 2008-01-20 18:54 . 2004-06-15 15:55 7,882 --a------ C:\WINDOWS\system32\GTKCMOS.sys 2008-01-20 18:54 . 2005-02-08 12:37 7,626 --a------ C:\WINDOWS\system32\GPCIEnum.sys 2008-01-20 18:54 . 2005-02-09 13:08 7,168 --a------ C:\WINDOWS\system32\DLPT64.sys 2008-01-20 18:54 . 2004-06-09 09:29 6,977 --a------ C:\WINDOWS\system32\DDMI2.sys 2008-01-20 18:54 . 2005-03-13 16:54 6,656 --a------ C:\WINDOWS\system32\DLPT2.sys 2008-01-20 18:54 . 2005-02-08 13:04 5,632 --a------ C:\WINDOWS\system32\GPCIEn64.sys 2008-01-20 18:54 . 2005-02-08 15:46 5,120 --a------ C:\WINDOWS\system32\GTKCMO64.sys 2008-01-20 18:54 . 2005-02-07 19:07 4,608 --a------ C:\WINDOWS\system32\DDMI64.sys 2008-01-19 10:49 . 2008-01-19 10:49 <DIR> d-------- C:\Program Files\DellSupport 2008-01-16 17:24 . 2008-01-16 17:24 <DIR> d-------- C:\Program Files\Windows Installer Clean Up 2008-01-16 17:24 . 2008-01-16 17:24 <DIR> d-------- C:\Program Files\MSECACHE 2008-01-15 18:50 . 2008-01-15 18:50 <DIR> d-------- C:\Program Files\iTunes 2008-01-15 18:50 . 2008-01-15 18:50 <DIR> d-------- C:\Program Files\iPod 2008-01-15 18:48 . 2008-01-15 18:49 <DIR> d-------- C:\Program Files\QuickTime 2008-01-13 23:09 . 2008-01-20 21:25 5 --a------ C:\WINDOWS\winload.inf 2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts 2007-12-27 18:45 . 2007-12-27 18:48 <DIR> d-------- C:\Program Files\Picasa2 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-26 23:41 --------- d-----w C:\Program Files\Lx_cats 2008-01-25 12:30 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-01-24 02:18 --------- d-----w C:\Program Files\Real 2008-01-24 02:18 --------- d-----w C:\Program Files\Common Files\Real 2008-01-21 23:52 --------- d-----w C:\Program Files\Norton 360 2008-01-21 23:51 --------- d-----w C:\Program Files\MSN Messenger 2008-01-21 23:51 --------- d-----w C:\Program Files\mIRC 2008-01-21 23:48 --------- d-----w C:\Program Files\Lexmark 5400 Series 2008-01-21 23:45 --------- d-----w C:\Program Files\Google 2008-01-21 22:22 3,506 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2008-01-21 22:21 --------- d-----w C:\Program Files\Common Files\Corel 2008-01-21 16:36 --------- d-----w C:\Program Files\Plaxo 2008-01-21 13:16 --------- d-----w C:\Program Files\RealVNC 2008-01-21 01:02 --------- d-----w C:\Program Files\Java 2008-01-19 16:25 --------- d-----w C:\Program Files\Roxio 2008-01-16 23:37 --------- d-----w C:\Program Files\Dell 2008-01-16 23:35 --------- d-----w C:\Program Files\Kodak 2008-01-16 23:30 --------- d-----w C:\Program Files\Flashation Menu Builder 2008-01-03 23:21 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-25 18:37 --------- d-----w C:\Program Files\Common Files\Kodak 2007-12-14 00:39 --------- d-----w C:\Program Files\Lexmark Toolbar 2007-12-14 00:39 --------- d-----w C:\Program Files\Abbyy FineReader 6.0 Sprint 2007-12-12 12:29 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF 2007-12-12 12:29 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL 2007-12-12 12:29 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-12-12 12:29 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2007-12-12 12:29 --------- d-----w C:\Program Files\Symantec 2007-12-01 05:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys 2007-12-01 05:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys 2007-12-01 05:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys 2007-12-01 05:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat 2007-12-01 05:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat 2007-12-01 05:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat 2007-12-01 05:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf 2007-12-01 05:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf 2007-12-01 05:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf 2007-11-14 07:26 450,560 ------w C:\WINDOWS\system32\dllcache\jscript.dll 2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-11-07 09:26 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll 2007-10-30 16:53 360,832 ------w C:\WINDOWS\system32\dllcache\tcpip.sys 2007-10-30 09:55 3,065,856 ------w C:\WINDOWS\system32\dllcache\mshtml.dll 2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll 2007-10-27 23:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-27 23:40 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll 2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll 2006-08-15 01:18 88 --sh--r C:\WINDOWS\system32\3D9842D320.sys . ((((((((((((((((((((((((((((( [email protected]_21.47.07.10 ))))))))))))))))))))))))))))))))))))))))) . + 2006-10-04 14:05:26 39,424 ------w C:\WINDOWS\AppPatch\acadproc.dll + 2006-08-24 14:28:54 141,424 ----a-w C:\WINDOWS\Downloaded Program Files\asinst.dll + 2007-05-07 22:38:46 500,120 ----a-w C:\WINDOWS\Downloaded Program Files\daas_s.dll + 2002-07-26 00:13:18 24,576 ----a-w C:\WINDOWS\Downloaded Program Files\dwusplay.dll + 2002-07-26 00:13:12 196,608 ----a-w C:\WINDOWS\Downloaded Program Files\dwusplay.exe + 2007-05-07 22:39:00 192,920 ----a-w C:\WINDOWS\Downloaded Program Files\fsauc.dll + 2007-05-07 22:39:24 254,360 ----a-w C:\WINDOWS\Downloaded Program Files\fscax.dll + 2005-06-10 16:44:02 417,792 ----a-w C:\WINDOWS\Downloaded Program Files\isusweb.dll + 2007-10-15 16:02:14 465,472 ----a-w C:\WINDOWS\Downloaded Program Files\wlscBase.dll - 2008-01-21 03:43:13 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT + 2008-01-26 23:48:16 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT - 2008-01-21 03:43:13 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat + 2008-01-26 23:48:17 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat - 2008-01-21 03:43:13 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT + 2008-01-26 23:48:17 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT - 2008-01-21 03:43:13 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat + 2008-01-26 23:48:17 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat - 2008-01-21 03:43:13 5,513,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT + 2008-01-26 23:48:17 6,144,000 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT - 2008-01-21 03:43:13 155,648 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat + 2008-01-26 23:48:17 217,088 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat - 2004-09-15 17:27:54 192,512 ----a-w C:\WINDOWS\inf\unregmp2.exe + 2007-06-27 04:10:26 317,440 ----a-w C:\WINDOWS\inf\unregmp2.exe - 2006-06-13 02:47:01 22,486 ----a-r C:\WINDOWS\Installer\{8A9B8148-DDD7-448F-BD6C-358386D32354}\ARPPRODUCTICON.exe + 2008-01-21 22:21:36 22,486 ----a-r C:\WINDOWS\Installer\{8A9B8148-DDD7-448F-BD6C-358386D32354}\ARPPRODUCTICON.exe - 2006-06-13 02:47:01 22,486 ----a-r C:\WINDOWS\Installer\{8A9B8148-DDD7-448F-BD6C-358386D32354}\NewShortcut2_8A9B8148DDD7448FBD6C358386D32354.exe + 2008-01-21 22:21:36 22,486 ----a-r C:\WINDOWS\Installer\{8A9B8148-DDD7-448F-BD6C-358386D32354}\NewShortcut2_8A9B8148DDD7448FBD6C358386D32354.exe - 2006-06-13 02:47:01 22,486 ----a-r C:\WINDOWS\Installer\{8A9B8148-DDD7-448F-BD6C-358386D32354}\NewShortcut3_928F762215294C13AD31D1888867DB93.exe + 2008-01-21 22:21:36 22,486 ----a-r C:\WINDOWS\Installer\{8A9B8148-DDD7-448F-BD6C-358386D32354}\NewShortcut3_928F762215294C13AD31D1888867DB93.exe - 2006-06-13 02:47:01 61,440 ----a-r C:\WINDOWS\Installer\{8A9B8148-DDD7-448F-BD6C-358386D32354}\NewShortcut7_8A9B8148DDD7448FBD6C358386D32354.exe + 2008-01-21 22:21:36 61,440 ----a-r C:\WINDOWS\Installer\{8A9B8148-DDD7-448F-BD6C-358386D32354}\NewShortcut7_8A9B8148DDD7448FBD6C358386D32354.exe - 2006-06-13 02:47:01 65,536 ----a-r C:\WINDOWS\Installer\{8A9B8148-DDD7-448F-BD6C-358386D32354}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe + 2008-01-21 22:21:36 65,536 ----a-r C:\WINDOWS\Installer\{8A9B8148-DDD7-448F-BD6C-358386D32354}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe + 2007-03-29 15:20:50 110,592 ----a-w C:\WINDOWS\system32\ActiveScan\as.dll + 2006-10-05 22:15:26 233,472 ----a-w C:\WINDOWS\system32\ActiveScan\ascontrol.dll + 2005-06-03 20:03:18 96,256 ----a-w C:\WINDOWS\system32\ActiveScan\asmdat.dll + 2003-08-01 17:00:16 36,864 ----a-w C:\WINDOWS\system32\ActiveScan\certdll.dll + 2005-05-20 19:42:44 86,016 ----a-w C:\WINDOWS\system32\ActiveScan\instlsp.dll + 2007-11-12 15:46:18 26,112 ----a-w C:\WINDOWS\system32\ActiveScan\JID.dll + 2006-02-17 00:20:20 4,608 ----a-w C:\WINDOWS\system32\ActiveScan\memvfile.dll + 2005-10-26 00:08:32 348,160 ----a-w C:\WINDOWS\system32\ActiveScan\msvcr71.dll + 2007-11-26 17:10:36 61,440 ----a-w C:\WINDOWS\system32\ActiveScan\NanoWrapper.dll + 2004-05-04 21:01:02 139,264 ----a-w C:\WINDOWS\system32\ActiveScan\pavaleas.dll + 2006-07-14 19:04:10 45,056 ----a-w C:\WINDOWS\system32\ActiveScan\pavdr.exe + 2006-04-10 16:50:02 159,832 ----a-w C:\WINDOWS\system32\ActiveScan\pavexcom.dll + 2006-02-14 19:05:38 94,208 ----a-w C:\WINDOWS\system32\ActiveScan\pavinas.dll + 2006-02-17 00:35:38 180,224 ----a-w C:\WINDOWS\system32\ActiveScan\pavoe.dll + 2006-10-05 22:15:38 122,880 ----a-w C:\WINDOWS\system32\ActiveScan\pavpz.dll + 2007-06-04 17:31:52 57,344 ----a-w C:\WINDOWS\system32\ActiveScan\pavsddl.dll + 2006-06-30 20:13:38 8,704 ----a-w C:\WINDOWS\system32\ActiveScan\pfdnnt.exe + 2004-02-04 20:08:42 49,152 ----a-w C:\WINDOWS\system32\ActiveScan\port32.dll + 2007-10-30 16:04:14 36,864 ----a-w C:\WINDOWS\system32\ActiveScan\Prescan.dll + 2006-08-01 19:23:10 69,632 ----a-w C:\WINDOWS\system32\ActiveScan\pscpu.dll + 2007-11-21 16:00:06 376,832 ----a-w C:\WINDOWS\system32\ActiveScan\pskahk.dll + 2007-10-31 19:05:06 32,768 ----a-w C:\WINDOWS\system32\ActiveScan\PSKAHKPRESCAN.dll + 2006-08-17 17:38:14 10,752 ----a-w C:\WINDOWS\system32\ActiveScan\pskalloc.dll + 2006-09-04 17:49:54 61,440 ----a-w C:\WINDOWS\system32\ActiveScan\pskas.dll + 2006-08-18 14:46:18 779,264 ----a-w C:\WINDOWS\system32\ActiveScan\pskavs.dll + 2007-03-26 20:25:34 417,792 ----a-w C:\WINDOWS\system32\ActiveScan\pskcmp.dll + 2006-08-09 16:42:24 90,112 ----a-w C:\WINDOWS\system32\ActiveScan\pskfss.dll + 2006-07-19 16:55:58 208,896 ----a-w C:\WINDOWS\system32\ActiveScan\pskhtml.dll + 2006-01-20 22:57:00 9,728 ----a-w C:\WINDOWS\system32\ActiveScan\pskmas.dll + 2006-05-17 15:50:12 14,336 ----a-w C:\WINDOWS\system32\ActiveScan\pskmdfs.dll + 2006-08-16 16:58:12 33,280 ----a-w C:\WINDOWS\system32\ActiveScan\pskpack.dll + 2006-06-30 20:42:36 266,240 ----a-w C:\WINDOWS\system32\ActiveScan\pskscs.dll + 2006-08-17 20:33:14 62,976 ----a-w C:\WINDOWS\system32\ActiveScan\pskutil.dll + 2006-08-08 19:13:10 13,312 ----a-w C:\WINDOWS\system32\ActiveScan\pskvfile.dll + 2006-08-18 14:53:08 69,632 ----a-w C:\WINDOWS\system32\ActiveScan\pskvfs.dll + 2006-08-18 14:49:50 167,936 ----a-w C:\WINDOWS\system32\ActiveScan\pskvm.dll + 2007-10-18 15:30:16 105,472 ----a-w C:\WINDOWS\system32\ActiveScan\psnahk.dll + 2007-11-23 20:29:08 10,752 ----a-w C:\WINDOWS\system32\ActiveScan\psndsk.dll + 2007-10-18 15:30:38 42,496 ----a-w C:\WINDOWS\system32\ActiveScan\psnflg.dll + 2007-10-30 17:19:22 98,304 ----a-w C:\WINDOWS\system32\ActiveScan\psnglknt.dll + 2007-08-22 14:52:00 20,272 ----a-w C:\WINDOWS\system32\ActiveScan\psnhsh.dll + 2007-11-12 21:49:34 11,776 ----a-w C:\WINDOWS\system32\ActiveScan\psnjidsign.dll + 2007-08-22 14:52:04 76,080 ----a-w C:\WINDOWS\system32\ActiveScan\psnkrnl.dll + 2007-08-22 14:52:06 21,296 ----a-w C:\WINDOWS\system32\ActiveScan\psnmem.dll + 2007-10-04 21:26:28 28,672 ----a-w C:\WINDOWS\system32\ActiveScan\PsnPen.dll + 2007-10-23 17:40:10 86,016 ----a-w C:\WINDOWS\system32\ActiveScan\psntuc.dll + 2007-05-24 17:27:36 27,136 ----a-w C:\WINDOWS\system32\ActiveScan\PSNXprs.dll + 2007-04-18 23:16:04 353,840 ----a-w C:\WINDOWS\system32\ActiveScan\psscan.dll + 2007-01-22 20:42:48 35,328 ----a-w C:\WINDOWS\system32\ActiveScan\rawvfile.dll + 2007-06-08 15:44:36 8,576 ----a-w C:\WINDOWS\system32\ActiveScan\RKPavProc.sys + 2007-06-05 16:56:40 44,928 ----a-w C:\WINDOWS\system32\ActiveScan\sdthook.sys + 1997-09-18 12:12:32 9,488 ----a-w C:\WINDOWS\system32\ActiveScan\sporder.dll + 2006-02-28 23:23:40 69,632 ----a-w C:\WINDOWS\system32\ActiveScan\tcpvfile.dll + 2007-09-17 15:14:08 126,976 ----a-w C:\WINDOWS\system32\ActiveScan\Tucan.dll - 2004-09-15 17:28:06 8,192 ----a-w C:\WINDOWS\system32\asferror.dll + 2006-10-19 03:47:08 7,168 ----a-w C:\WINDOWS\system32\asferror.dll + 2006-08-02 18:39:06 73,728 ----a-w C:\WINDOWS\system32\asuninst.exe - 2004-09-15 17:28:06 480,768 ----a-w C:\WINDOWS\system32\Audiodev.dll + 2006-10-19 03:47:08 276,992 ----a-w C:\WINDOWS\system32\audiodev.dll - 2005-01-28 18:44:28 294,912 ----a-w C:\WINDOWS\system32\blackbox.dll + 2006-10-19 03:47:10 542,720 ----a-w C:\WINDOWS\system32\blackbox.dll - 2005-01-28 18:44:28 164,864 ----a-w C:\WINDOWS\system32\cewmdm.dll + 2006-10-19 03:47:10 229,376 ----a-w C:\WINDOWS\system32\cewmdm.dll - 2006-02-09 22:41:58 491,520 ----a-w C:\WINDOWS\system32\Corel Photo Album 6.scr + 2006-02-09 23:41:58 491,520 ----a-w C:\WINDOWS\system32\Corel Photo Album 6.scr - 2006-02-09 22:36:18 225,280 ----a-w C:\WINDOWS\system32\cpascrrc6.dll + 2006-02-09 23:36:18 225,280 ----a-w C:\WINDOWS\system32\cpascrrc6.dll - 2004-09-15 17:28:06 8,192 ----a-w C:\WINDOWS\system32\dllcache\asferror.dll + 2006-10-19 03:47:08 7,168 ----a-w C:\WINDOWS\system32\dllcache\asferror.dll - 2005-01-28 18:44:28 294,912 ----a-w C:\WINDOWS\system32\dllcache\blackbox.dll + 2006-10-19 03:47:10 542,720 ----a-w C:\WINDOWS\system32\dllcache\blackbox.dll - 2005-01-28 18:44:28 164,864 ----a-w C:\WINDOWS\system32\dllcache\cewmdm.dll + 2006-10-19 03:47:10 229,376 ----a-w C:\WINDOWS\system32\dllcache\cewmdm.dll - 2005-01-28 18:44:28 502,272 ----a-w C:\WINDOWS\system32\dllcache\drmv2clt.dll + 2006-10-19 03:47:10 991,744 ----a-w C:\WINDOWS\system32\dllcache\drmv2clt.dll - 2005-01-28 18:44:28 6,656 ----a-w C:\WINDOWS\system32\dllcache\laprxy.dll + 2006-10-19 03:47:14 11,264 ----a-w C:\WINDOWS\system32\dllcache\LAPRXY.dll - 2005-01-28 18:44:28 96,768 ----a-w C:\WINDOWS\system32\dllcache\logagent.exe + 2006-10-19 02:03:58 100,864 ----a-w C:\WINDOWS\system32\dllcache\logagent.exe - 2004-09-15 17:27:52 344,064 ----a-w C:\WINDOWS\system32\dllcache\mpvis.dll + 2006-10-19 03:47:14 243,712 ----a-w C:\WINDOWS\system32\dllcache\mpvis.dll - 2005-01-28 18:44:28 142,336 ----a-w C:\WINDOWS\system32\dllcache\msnetobj.dll + 2006-10-19 03:47:16 179,712 ----a-w C:\WINDOWS\system32\dllcache\msnetobj.dll - 2005-01-28 18:44:28 25,088 ----a-w C:\WINDOWS\system32\dllcache\mspmsnsv.dll + 2006-10-19 03:47:16 27,136 ----a-w C:\WINDOWS\system32\dllcache\mspmsnsv.dll - 2005-01-28 18:44:28 173,568 ----a-w C:\WINDOWS\system32\dllcache\mspmsp.dll + 2006-10-19 03:47:16 175,616 ----a-w C:\WINDOWS\system32\dllcache\mspmsp.dll - 2005-01-28 18:44:28 364,784 ----a-w C:\WINDOWS\system32\dllcache\msscp.dll + 2006-12-04 22:21:50 414,720 ----a-w C:\WINDOWS\system32\dllcache\msscp.dll - 2005-01-28 18:44:28 315,904 ----a-w C:\WINDOWS\system32\dllcache\mswmdm.dll + 2006-10-19 03:47:16 321,536 ----a-w C:\WINDOWS\system32\dllcache\mswmdm.dll - 2005-01-28 18:44:28 221,184 ----a-w C:\WINDOWS\system32\dllcache\qasf.dll + 2006-10-19 03:47:18 211,456 ----a-w C:\WINDOWS\system32\dllcache\qasf.dll - 2004-09-15 17:27:54 819,200 ----a-w C:\WINDOWS\system32\dllcache\setup_wm.exe + 2006-11-02 00:31:38 1,669,120 ----a-w C:\WINDOWS\system32\dllcache\setup_wm.exe - 2004-09-15 17:27:54 192,512 ----a-w C:\WINDOWS\system32\dllcache\unregmp2.exe + 2007-06-27 04:10:26 317,440 ----a-w C:\WINDOWS\system32\dllcache\unregmp2.exe - 2005-01-28 18:44:28 396,528 ----a-w C:\WINDOWS\system32\dllcache\wmadmod.dll + 2006-10-19 03:47:18 757,248 ----a-w C:\WINDOWS\system32\dllcache\WMADMOD.dll - 2005-01-28 18:44:28 716,288 ----a-w C:\WINDOWS\system32\dllcache\wmadmoe.dll + 2006-10-19 03:47:18 1,117,696 ----a-w C:\WINDOWS\system32\dllcache\WMADMOE.dll - 2005-01-28 18:44:28 28,160 ----a-w C:\WINDOWS\system32\dllcache\wmdmlog.dll + 2006-10-19 03:47:18 33,792 ----a-w C:\WINDOWS\system32\dllcache\wmdmlog.dll - 2005-01-28 18:44:28 33,792 ----a-w C:\WINDOWS\system32\dllcache\wmdmps.dll + 2006-10-19 03:47:18 37,376 ----a-w C:\WINDOWS\system32\dllcache\wmdmps.dll - 2004-09-15 17:27:54 189,440 ----a-w C:\WINDOWS\system32\dllcache\wmerror.dll + 2006-10-19 03:47:20 227,328 ----a-w C:\WINDOWS\system32\dllcache\wmerror.dll - 2005-01-28 18:44:28 150,016 ----a-w C:\WINDOWS\system32\dllcache\wmidx.dll + 2006-10-19 03:47:20 157,184 ----a-w C:\WINDOWS\system32\dllcache\wmidx.dll - 2005-01-28 18:44:28 1,027,072 ----a-w C:\WINDOWS\system32\dllcache\wmnetmgr.dll + 2006-10-19 03:47:20 937,984 ----a-w C:\WINDOWS\system32\dllcache\WMNetMgr.dll - 2007-04-30 13:20:24 5,537,792 ----a-w C:\WINDOWS\system32\dllcache\wmp.dll + 2007-06-12 05:51:12 10,834,944 ----a-w C:\WINDOWS\system32\dllcache\wmp.dll - 2004-09-15 17:28:00 135,168 ----a-w C:\WINDOWS\system32\dllcache\wmpasf.dll + 2006-10-19 03:47:20 242,688 ----a-w C:\WINDOWS\system32\dllcache\wmpasf.dll - 2004-09-15 17:28:00 77,824 ----a-w C:\WINDOWS\system32\dllcache\wmpband.dll + 2006-10-19 03:47:20 96,256 ----a-w C:\WINDOWS\system32\dllcache\wmpband.dll - 2004-09-15 17:28:00 282,624 ----a-w C:\WINDOWS\system32\dllcache\wmpdxm.dll + 2006-10-19 03:47:20 314,880 ----a-w C:\WINDOWS\system32\dllcache\wmpdxm.dll - 2004-09-15 17:28:00 73,728 ----a-w C:\WINDOWS\system32\dllcache\wmplayer.exe + 2006-10-19 03:46:20 64,000 ----a-w C:\WINDOWS\system32\dllcache\wmplayer.exe - 2004-09-15 17:28:00 3,371,008 ----a-w C:\WINDOWS\system32\dllcache\wmploc.dll + 2006-10-19 03:47:20 8,231,936 ----a-w C:\WINDOWS\system32\dllcache\wmploc.dll - 2004-09-15 17:28:00 86,016 ----a-w C:\WINDOWS\system32\dllcache\wmpshell.dll + 2006-10-19 03:47:20 99,840 ----a-w C:\WINDOWS\system32\dllcache\wmpshell.dll - 2005-01-28 18:44:28 774,904 ----a-w C:\WINDOWS\system32\dllcache\wmsdmod.dll + 2006-10-19 03:47:22 4,096 ----a-w C:\WINDOWS\system32\dllcache\wmsdmod.dll - 2005-01-28 18:44:28 1,119,744 ----a-w C:\WINDOWS\system32\dllcache\wmsdmoe2.dll + 2006-10-19 03:47:22 4,096 ----a-w C:\WINDOWS\system32\dllcache\wmsdmoe2.dll - 2005-01-28 18:44:28 413,944 ----a-w C:\WINDOWS\system32\dllcache\wmspdmod.dll + 2006-10-19 03:47:22 603,648 ----a-w C:\WINDOWS\system32\dllcache\WMSPDMOD.dll - 2005-01-28 18:44:28 940,544 ----a-w C:\WINDOWS\system32\dllcache\wmspdmoe.dll + 2006-10-19 03:47:22 1,329,152 ----a-w C:\WINDOWS\system32\dllcache\WMSPDMOE.dll - 2006-12-07 05:29:34 2,374,472 ----a-w C:\WINDOWS\system32\dllcache\wmvcore.dll + 2006-10-19 03:47:22 2,450,944 ----a-w C:\WINDOWS\system32\dllcache\wmvcore.dll - 2005-01-28 18:44:28 895,736 ----a-w C:\WINDOWS\system32\dllcache\wmvdmod.dll + 2006-10-19 03:47:22 4,096 ----a-w C:\WINDOWS\system32\dllcache\wmvdmod.dll - 2005-01-28 18:44:28 1,003,008 ----a-w C:\WINDOWS\system32\dllcache\wmvdmoe2.dll + 2006-10-19 03:47:22 4,096 ----a-w C:\WINDOWS\system32\dllcache\wmvdmoe2.dll + 2006-10-19 03:47:22 671,232 ------w C:\WINDOWS\system32\drivers\UMDF\wpdmtpdr.dll - 2005-01-28 18:44:28 18,944 ----a-w C:\WINDOWS\system32\drivers\wpdusb.sys + 2006-10-19 02:00:00 38,528 ----a-w C:\WINDOWS\system32\drivers\wpdusb.sys + 2006-09-29 00:55:50 77,568 ------w C:\WINDOWS\system32\drivers\WudfPf.sys + 2006-09-29 01:00:34 82,944 ------w C:\WINDOWS\system32\drivers\WudfRd.sys + 2006-10-19 02:00:46 249,856 ------w C:\WINDOWS\system32\drmupgds.exe - 2005-01-28 18:44:28 502,272 ----a-w C:\WINDOWS\system32\drmv2clt.dll + 2006-10-19 03:47:10 991,744 ----a-w C:\WINDOWS\system32\drmv2clt.dll + 2005-05-24 18:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll + 2007-08-29 21:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe + 2007-08-29 21:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll - 2005-01-28 18:44:28 6,656 ----a-w C:\WINDOWS\system32\laprxy.dll + 2006-10-19 03:47:14 11,264 ----a-w C:\WINDOWS\system32\LAPRXY.dll - 2005-01-28 18:44:28 96,768 ----a-w C:\WINDOWS\system32\logagent.exe + 2006-10-19 02:03:58 100,864 ----a-w C:\WINDOWS\system32\logagent.exe + 2006-10-19 03:47:14 212,992 ------w C:\WINDOWS\system32\MFPLAT.dll + 2006-10-19 03:47:14 259,072 ------w C:\WINDOWS\system32\MP43DECD.dll - 2004-08-04 10:00:00 310,272 ----a-w C:\WINDOWS\system32\mp43dmod.dll + 2006-10-19 03:47:14 4,096 ----a-w C:\WINDOWS\system32\MP43DMOD.dll + 2006-10-19 03:47:14 317,440 ------w C:\WINDOWS\system32\MP4SDECD.dll - 2004-08-04 10:00:00 384,512 ----a-w C:\WINDOWS\system32\mp4sdmod.dll + 2006-10-19 03:47:14 4,096 ----a-w C:\WINDOWS\system32\MP4SDMOD.dll + 2006-10-19 03:47:14 259,072 ------w C:\WINDOWS\system32\MPG4DECD.dll - 2004-08-04 10:00:00 240,640 ----a-w C:\WINDOWS\system32\mpg4dmod.dll + 2006-10-19 03:47:14 4,096 ----a-w C:\WINDOWS\system32\MPG4DMOD.dll - 2008-01-02 18:21:36 17,642,616 ----a-w C:\WINDOWS\system32\MRT.exe + 2008-01-02 16:21:38 17,642,616 ----a-w C:\WINDOWS\system32\MRT.exe + 2006-10-02 21:28:42 312,128 ------w C:\WINDOWS\system32\msdelta.dll - 2005-01-28 18:44:28 142,336 ----a-w C:\WINDOWS\system32\msnetobj.dll + 2006-10-19 03:47:16 179,712 ----a-w C:\WINDOWS\system32\msnetobj.dll - 2005-01-28 18:44:28 25,088 ----a-w C:\WINDOWS\system32\MsPMSNSv.dll + 2006-10-19 03:47:16 27,136 ----a-w C:\WINDOWS\system32\mspmsnsv.dll - 2005-01-28 18:44:28 173,568 ----a-w C:\WINDOWS\system32\MsPMSP.dll + 2006-10-19 03:47:16 175,616 ----a-w C:\WINDOWS\system32\mspmsp.dll - 2005-01-28 18:44:28 364,784 ----a-w C:\WINDOWS\system32\MSSCP.dll + 2006-12-04 22:21:50 414,720 ----a-w C:\WINDOWS\system32\msscp.dll - 2005-01-28 18:44:28 315,904 ----a-w C:\WINDOWS\system32\MSWMDM.dll + 2006-10-19 03:47:16 321,536 ----a-w C:\WINDOWS\system32\mswmdm.dll - 2008-01-21 03:28:47 54,280 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-01-25 09:10:31 54,280 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-01-21 03:28:47 384,596 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-01-25 09:10:31 384,596 ----a-w C:\WINDOWS\system32\perfh009.dat - 2006-06-13 02:41:12 278,528 ----a-w C:\WINDOWS\system32\pncrt.dll + 2008-01-24 02:18:14 278,528 ----a-w C:\WINDOWS\system32\pncrt.dll - 2006-06-13 02:41:12 6,656 ----a-w C:\WINDOWS\system32\pndx5016.dll + 2008-01-24 02:18:17 6,656 ----a-w C:\WINDOWS\system32\pndx5016.dll - 2006-06-13 02:41:12 5,632 ----a-w C:\WINDOWS\system32\pndx5032.dll + 2008-01-24 02:18:17 5,632 ----a-w C:\WINDOWS\system32\pndx5032.dll + 2006-10-19 03:47:18 284,160 ------w C:\WINDOWS\system32\PortableDeviceApi.dll + 2006-10-19 03:47:18 101,888 ------w C:\WINDOWS\system32\PortableDeviceClassExtension.dll + 2006-10-19 03:47:18 166,912 ------w C:\WINDOWS\system32\PortableDeviceTypes.dll + 2006-10-19 03:47:18 132,096 ------w C:\WINDOWS\system32\PortableDeviceWiaCompat.dll + 2006-10-19 03:47:18 199,168 ------w C:\WINDOWS\system32\PortableDeviceWMDRM.dll - 2006-11-21 18:53:06 158,456 ----a-w C:\WINDOWS\system32\pxwma.dll + 2005-05-05 19:50:56 151,552 ----a-w C:\WINDOWS\system32\pxwma.dll - 2005-01-28 18:44:28 221,184 ----a-w C:\WINDOWS\system32\qasf.dll + 2006-10-19 03:47:18 211,456 ----a-w C:\WINDOWS\system32\qasf.dll - 2006-06-13 02:41:17 157,696 ----a-w C:\WINDOWS\system32\rmoc3260.dll + 2008-01-24 02:18:27 185,944 ----a-w C:\WINDOWS\system32\rmoc3260.dll - 2007-10-08 20:46:18 14,640 ------w C:\WINDOWS\system32\spmsg.dll + 2006-09-25 23:58:48 14,640 ------w C:\WINDOWS\system32\spmsg.dll - 2005-06-28 15:21:34 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe + 2006-09-25 23:58:48 23,856 ----a-w C:\WINDOWS\system32\spupdsvc.exe - 2005-01-28 18:44:28 47,104 ----a-w C:\WINDOWS\system32\uwdf.exe + 2006-10-19 03:58:00 8,704 ----a-w C:\WINDOWS\system32\uwdf.exe - 2005-01-28 18:44:28 15,872 ----a-w C:\WINDOWS\system32\wdfapi.dll + 2006-10-19 03:47:18 4,096 ----a-w C:\WINDOWS\system32\wdfapi.dll - 2005-01-28 18:44:28 38,912 ----a-w C:\WINDOWS\system32\wdfmgr.exe + 2006-10-19 03:58:00 8,704 ----a-w C:\WINDOWS\system32\wdfmgr.exe - 2005-01-28 18:44:28 396,528 ----a-w C:\WINDOWS\system32\wmadmod.dll + 2006-10-19 03:47:18 757,248 ----a-w C:\WINDOWS\system32\wmadmod.dll - 2005-01-28 18:44:28 716,288 ----a-w C:\WINDOWS\system32\wmadmoe.dll + 2006-10-19 03:47:18 1,117,696 ----a-w C:\WINDOWS\system32\WMADMOE.dll - 2005-01-28 18:44:28 28,160 ----a-w C:\WINDOWS\system32\WMDMLOG.dll + 2006-10-19 03:47:18 33,792 ----a-w C:\WINDOWS\system32\wmdmlog.dll - 2005-01-28 18:44:28 33,792 ----a-w C:\WINDOWS\system32\WMDMPS.dll + 2006-10-19 03:47:18 37,376 ----a-w C:\WINDOWS\system32\wmdmps.dll - 2005-01-28 18:44:28 335,872 ----a-w C:\WINDOWS\system32\WMDRMdev.dll + 2006-10-19 03:47:18 429,056 ----a-w C:\WINDOWS\system32\wmdrmdev.dll - 2005-01-28 18:44:28 290,816 ----a-w C:\WINDOWS\system32\WMDRMNet.dll + 2006-10-19 03:47:20 348,672 ----a-w C:\WINDOWS\system32\wmdrmnet.dll + 2006-10-19 03:47:20 535,040 ------w C:\WINDOWS\system32\wmdrmsdk.dll - 2004-09-15 17:27:54 189,440 ----a-w C:\WINDOWS\system32\wmerror.dll + 2006-10-19 03:47:20 227,328 ----a-w C:\WINDOWS\system32\wmerror.dll - 2005-01-28 18:44:28 150,016 ----a-w C:\WINDOWS\system32\wmidx.dll + 2006-10-19 03:47:20 157,184 ----a-w C:\WINDOWS\system32\wmidx.dll - 2005-01-28 18:44:28 1,027,072 ----a-w C:\WINDOWS\system32\wmnetmgr.dll + 2006-10-19 03:47:20 937,984 ----a-w C:\WINDOWS\system32\wmnetmgr.dll - 2007-04-30 13:20:24 5,537,792 ----a-w C:\WINDOWS\system32\wmp.dll + 2007-06-12 05:51:12 10,834,944 ----a-w C:\WINDOWS\system32\wmp.dll - 2004-09-15 17:28:00 135,168 ----a-w C:\WINDOWS\system32\wmpasf.dll + 2006-10-19 03:47:20 242,688 ----a-w C:\WINDOWS\system32\wmpasf.dll - 2004-09-15 17:28:00 282,624 ----a-w C:\WINDOWS\system32\wmpdxm.dll + 2006-10-19 03:47:20 314,880 ----a-w C:\WINDOWS\system32\wmpdxm.dll + 2006-10-19 03:47:20 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll - 2004-09-15 17:28:00 1,589,760 ----a-w C:\WINDOWS\system32\wmpencen.dll + 2006-10-19 03:47:20 1,661,440 ----a-w C:\WINDOWS\system32\wmpencen.dll - 2004-09-15 17:28:00 3,371,008 ----a-w C:\WINDOWS\system32\wmploc.dll + 2006-10-19 03:47:20 8,231,936 ----a-w C:\WINDOWS\system32\wmploc.dll + 2006-10-19 03:47:20 613,376 ------w C:\WINDOWS\system32\wmpmde.dll + 2006-10-19 03:47:20 130,048 ------w C:\WINDOWS\system32\wmpps.dll - 2004-09-15 17:28:00 86,016 ----a-w C:\WINDOWS\system32\wmpshell.dll + 2006-10-19 03:47:20 99,840 ----a-w C:\WINDOWS\system32\wmpshell.dll - 2004-09-15 17:28:00 175,104 ----a-w C:\WINDOWS\system32\wmpsrcwp.dll + 2006-10-19 03:47:20 204,288 ----a-w C:\WINDOWS\system32\wmpsrcwp.dll - 2005-01-28 18:44:28 774,904 ----a-w C:\WINDOWS\system32\wmsdmod.dll + 2006-10-19 03:47:22 4,096 ----a-w C:\WINDOWS\system32\wmsdmod.dll - 2005-01-28 18:44:28 1,119,744 ----a-w C:\WINDOWS\system32\wmsdmoe2.dll + 2006-10-19 03:47:22 4,096 ----a-w C:\WINDOWS\system32\wmsdmoe2.dll - 2005-01-28 18:44:28 413,944 ----a-w C:\WINDOWS\system32\wmspdmod.dll + 2006-10-19 03:47:22 603,648 ----a-w C:\WINDOWS\system32\WMSPDMOD.dll - 2005-01-28 18:44:28 940,544 ----a-w C:\WINDOWS\system32\wmspdmoe.dll + 2006-10-19 03:47:22 1,329,152 ----a-w C:\WINDOWS\system32\WMSPDMOE.dll - 2005-01-28 18:44:28 1,218,808 ----a-w C:\WINDOWS\system32\wmvadvd.dll + 2006-10-19 03:47:22 4,096 ----a-w C:\WINDOWS\system32\WMVADVD.dll - 2005-01-28 18:44:28 1,512,448 ----a-w C:\WINDOWS\system32\WMVADVE.DLL + 2006-10-19 03:47:22 4,096 ----a-w C:\WINDOWS\system32\WMVADVE.DLL - 2006-12-07 05:29:34 2,374,472 ----a-w C:\WINDOWS\system32\wmvcore.dll + 2006-10-19 03:47:22 2,450,944 ----a-w C:\WINDOWS\system32\wmvcore.dll + 2006-10-19 03:47:22 1,543,680 ------w C:\WINDOWS\system32\WMVDECOD.dll - 2005-01-28 18:44:28 895,736 ----a-w C:\WINDOWS\system32\wmvdmod.dll + 2006-10-19 03:47:22 4,096 ----a-w C:\WINDOWS\system32\wmvdmod.dll - 2005-01-28 18:44:28 1,003,008 ----a-w C:\WINDOWS\system32\wmvdmoe2.dll + 2006-10-19 03:47:22 4,096 ----a-w C:\WINDOWS\system32\wmvdmoe2.dll + 2006-10-19 03:47:22 1,574,912 ------w C:\WINDOWS\system32\WMVENCOD.dll + 2006-10-19 03:47:22 1,382,912 ------w C:\WINDOWS\system32\WMVSDECD.dll + 2006-10-19 03:47:22 767,488 ------w C:\WINDOWS\system32\WMVSENCD.dll + 2006-10-19 03:47:22 656,896 ------w C:\WINDOWS\system32\WMVXENCD.dll - 2005-01-28 18:44:28 38,912 ----a-w C:\WINDOWS\system32\wpd_ci.dll + 2006-10-19 03:47:22 629,760 ----a-w C:\WINDOWS\system32\wpd_ci.dll - 2005-01-28 18:44:28 61,952 ----a-w C:\WINDOWS\system32\wpdconns.dll + 2006-10-19 03:47:22 35,840 ----a-w C:\WINDOWS\system32\wpdconns.dll - 2005-01-28 18:44:28 114,176 ----a-w C:\WINDOWS\system32\wpdmtp.dll + 2006-10-19 03:47:22 154,624 ----a-w C:\WINDOWS\system32\wpdmtp.dll - 2005-01-28 18:44:28 66,560 ----a-w C:\WINDOWS\system32\wpdmtpus.dll + 2006-10-19 03:47:22 63,488 ----a-w C:\WINDOWS\system32\wpdmtpus.dll + 2006-10-19 03:47:22 2,603,008 ------w C:\WINDOWS\system32\WpdShext.dll + 2006-10-19 02:00:14 17,408 ------w C:\WINDOWS\system32\wpdshextautoplay.exe + 2006-10-19 03:47:22 38,400 ------w C:\WINDOWS\system32\wpdshextres.dll + 2006-10-19 03:47:22 133,632 ------w C:\WINDOWS\system32\WPDShServiceObj.dll - 2005-01-28 18:44:28 331,264 ----a-w C:\WINDOWS\system32\wpdsp.dll + 2006-10-19 03:47:22 356,352 ----a-w C:\WINDOWS\system32\wpdsp.dll + 2006-09-29 02:13:26 95,344 ------w C:\WINDOWS\system32\WUDFCoinstaller.dll + 2006-09-29 00:56:38 146,432 ------w C:\WINDOWS\system32\WudfHost.exe + 2006-09-29 00:56:16 165,376 ------w C:\WINDOWS\system32\WudfPlatform.dll + 2006-09-29 00:56:14 55,808 ------w C:\WINDOWS\system32\WudfSvc.dll + 2006-09-29 00:56:38 316,416 ------w C:\WINDOWS\system32\WUDFx.dll - 2005-08-31 15:35:40 279,392 ----a-w C:\WINDOWS\system32\XceedFtp.dll + 2006-02-09 23:13:56 279,392 ----a-w C:\WINDOWS\system32\XceedFtp.dll + 2003-03-26 00:53:50 11,776 ----a-w C:\WINDOWS\system32\ZPORT4AS.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 17:23 102400] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-27 14:22 4670968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 20:05 344064] "CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-09-15 08:47 57344] "VoiceCenter"="C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" [2005-09-19 06:42 1159168] "MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 15:16 1121792] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2003-03-09 14:30 188416] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 23:59 115816] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30 517768] "lxctmon.exe"="C:\Program Files\Lexmark 5400 Series\lxctmon.exe" [2007-03-19 06:58 291760] "Lexmark 5400 Series Fax Server"="C:\Program Files\Lexmark 5400 Series\fm3032.exe" [2007-03-19 06:59 304048] "EzPrint"="C:\Program Files\Lexmark 5400 Series\ezprint.exe" [2007-03-19 06:58 82864] "LXCTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll" [2006-11-21 06:27 106496] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 09:44 81920] "ISUSPM Startup"="c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 09:44 249856] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584] "Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [2006-02-09 17:34 106496] "WinVNC"="C:\Program Files\RealVNC\WinVNC\WinVNC.exe" [2003-03-05 13:49 335872] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-23 20:18 185896] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-18 19:47 8720384] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 00:06:58 28672] VPN Client.lnk - C:\WINDOWS\Installer\{B8221906-224A-4494-BB97-55FC63740019}\Icon3E5562ED7.ico [2006-06-16 16:41:59 6144] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll 2008-01-21 16:00 10792 C:\Program Files\Citrix\GoToAssist\480\g2awinlogon.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Snapfish PictureMover.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Snapfish PictureMover.lnk backup=C:\WINDOWS\pss\Snapfish PictureMover.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] --a------ 2006-06-12 20:50 169472 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager] --a------ 2006-05-09 18:24 50760 C:\Program Files\Common Files\AOL\1150556000\ee\AOLSoftware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend] --a------ 2006-02-17 10:59 124520 C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-01-15 03:22 267048 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MBMon] --a------ 2005-05-19 07:54 1345520 C:\WINDOWS\system32\CTMBHA.DLL [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoUpdate] --a------ 2007-12-20 09:50 283207 C:\Program Files\Plaxo\3.7.1.2\PlaxoHelper_en.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray] --a------ 2008-01-23 20:18 214560 C:\Program Files\Real\RealPlayer\RealPlay.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefaultMIDI] --a------ 2004-12-22 16:40 24576 C:\WINDOWS\MIDIDEF.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp] --a------ 2005-03-22 23:20 339968 C:\WINDOWS\stsystra.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2007-06-18 07:47 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg] --------- 2000-05-11 00:00 90112 C:\WINDOWS\UpdReg.EXE R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 15:38] S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2003-12-19 20:15] S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys [2004-06-12 04:27] S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys [2004-01-10 03:28] S3 GoToAssist;GoToAssist;"C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe" Start=service [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83014ce5-c0a3-11dc-8362-00059a3c7800}] \Shell\AutoRun\command - J:\LaunchU3.exe -a *Newly Created Service* - COMHOST . Contents of the 'Scheduled Tasks' folder "2008-01-23 00:43:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-01-22 18:32:01 C:\WINDOWS\Tasks\EasyShare Registration Task.job" - C:\WINDOWS\system32\rundll32.exelC:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.4.20.2.sxt [email protected] "2008-01-26 07:37:50 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-26 17:50:30 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run LXCTCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,[email protected]??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-26 17:51:12 ComboFix-quarantined-files.txt 2008-01-26 23:51:09 ComboFix2.txt 2008-01-21 03:47:29 . 2008-01-25 15:13:19 --- E O F --- hijack below: Logfile of HijackThis v1.99.1 Scan saved at 5:52:14 PM, on 1/26/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\WINDOWS\system32\lxctcoms.exe C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\RealVNC\WinVNC\WinVNC.exe C:\Program Files\Lexmark 5400 Series\lxctmon.exe C:\Program Files\Lexmark 5400 Series\ezprint.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe C:\WINDOWS\system32\fxssvc.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Cisco Systems\VPN Client\vpngui.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Jennifer Mackin\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe" O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe" O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,[email protected] O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [iSUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -servicehelper O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: VPN Client.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/latest/PlaxoInstall.cab O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1200877146656 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {D1D98C0F-A339-42AB-BD5F-EA0FF5D0E65F} (RockYou Image Uploader Control) - http://rockyou.com/RockYouImageUploader.cab O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/install/gtdownde.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{BCE4E240-4224-4A89-B0AF-EF39C41645AB}: Domain = voicetext.com O17 - HKLM\System\CCS\Services\Tcpip\..\{BCE4E240-4224-4A89-B0AF-EF39C41645AB}: NameServer = 192.168.100.2 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = voicetext.com O17 - HKLM\System\CS1\Services\Tcpip\..\{BCE4E240-4224-4A89-B0AF-EF39C41645AB}: Domain = voicetext.com O17 - HKLM\System\CS1\Services\Tcpip\..\{BCE4E240-4224-4A89-B0AF-EF39C41645AB}: NameServer = 192.168.100.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = voicetext.com O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing) O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: GoToAssist - Unknown owner - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe" Start=service (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing) O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -service (file missing)
  11. Ryan, So I am only getting rid of bitlord_1.1 which I do us? that is all that is quoted?
  12. Thanks Ryan - here is the txt doc KASPERSKY ONLINE SCANNER REPORT Saturday, January 26, 2008 4:05:00 PM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 26/01/2008 Kaspersky Anti-Virus database records: 533449 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ E:\ F:\ G:\ H:\ I:\ Scan Statistics: Total number of scanned objects: 86162 Number of viruses found: 6 Number of infected objects: 28 Number of suspicious objects: 0 Duration of the scan process: 01:20:32 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_50e417e0-e461-474b-96e2-077b80325612 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-01202008-222101.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\InboxLOG.txt Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\OutboxLOG.txt Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2A231A7B.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.60 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\index.qbs Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\59DBE3D2.TMP Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped C:\Documents and Settings\Jennifer Mackin\Application Data\Mozilla\Firefox\Profiles\7iom7s9m.default\cert8.db Object is locked skipped C:\Documents and Settings\Jennifer Mackin\Application Data\Mozilla\Firefox\Profiles\7iom7s9m.default\formhistory.dat Object is locked skipped C:\Documents and Settings\Jennifer Mackin\Application Data\Mozilla\Firefox\Profiles\7iom7s9m.default\history.dat Object is locked skipped C:\Documents and Settings\Jennifer Mackin\Application Data\Mozilla\Firefox\Profiles\7iom7s9m.default\key3.db Object is locked skipped C:\Documents and Settings\Jennifer Mackin\Application Data\Mozilla\Firefox\Profiles\7iom7s9m.default\parent.lock Object is locked skipped C:\Documents and Settings\Jennifer Mackin\Application Data\Mozilla\Firefox\Profiles\7iom7s9m.default\search.sqlite Object is locked skipped C:\Documents and Settings\Jennifer Mackin\Application Data\Mozilla\Firefox\Profiles\7iom7s9m.default\urlclassifier2.sqlite Object is locked skipped C:\Documents and Settings\Jennifer Mackin\Application Data\Sun\Java\Deployment\cache\6.0\58\44eef97a-79f0dd94/vlocal.class Infected: Trojan-Downloader.Java.Agent.f skipped C:\Documents and Settings\Jennifer Mackin\Application Data\Sun\Java\Deployment\cache\6.0\58\44eef97a-79f0dd94 ZIP: infected - 1 skipped C:\Documents and Settings\Jennifer Mackin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmsecman.jar-69ee0e0e-6707c731.zip/vlocal.class Infected: Trojan-Downloader.Java.Agent.f skipped C:\Documents and Settings\Jennifer Mackin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmsecman.jar-69ee0e0e-6707c731.zip ZIP: infected - 1 skipped C:\Documents and Settings\Jennifer Mackin\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Jennifer Mackin\Desktop\IPOD Movies\BitLord_1.1.exe/file9 Infected: not-a-virus:AdTool.Win32.WhenU.a skipped C:\Documents and Settings\Jennifer Mackin\Desktop\IPOD Movies\BitLord_1.1.exe Inno: infected - 1 skipped C:\Documents and Settings\Jennifer Mackin\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped C:\Documents and Settings\Jennifer Mackin\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\pending.dat Object is locked skipped C:\Documents and Settings\Jennifer Mackin\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_1A64_FCBD_64FC_9D27\dfsr.db Object is locked skipped C:\Documents and Settings\Jennifer Mackin\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_1A64_FCBD_64FC_9D27\fsr.log Object is locked skipped C:\Documents and Settings\Jennifer Mackin\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_1A64_FCBD_64FC_9D27\fsrtmp.log Object is locked skipped C:\Documents and Settings\Jennifer Mackin\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_1A64_FCBD_64FC_9D27\tmp.edb Object is locked skipped C:\Documents and Settings\Jennifer Mackin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Jennifer Mackin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Jennifer Mackin\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{C0839FCD-891E-4022-B1B8-A1D61FB9A338} Object is locked skipped C:\Documents and Settings\Jennifer Mackin\Local Settings\Application Data\Microsoft\Windows Live Contacts\[email protected]\real\members.stg Object is locked skipped C:\Documents and Settings\Jennifer Mackin\Local Settings\Application Data\Microsoft\Windows Live Contacts\[email protected]\shadow\members.stg Object is locked skipped C:\Documents and Settings\Jennifer Mackin\Local Settings\Application Data\Mozilla\Firefox\Profiles\7iom7s9m.default\Cache\_CACHE_001_ Object is locked skipped C:\Documents and Settings\Jennifer Mackin\Local Settings\Application Data\Mozilla\Firefox\Profiles\7iom7s9m.default\Cache\_CACHE_002_ Object is locked skipped C:\Documents and Settings\Jennifer Mackin\Local Settings\Application Data\Mozilla\Firefox\Profiles\7iom7s9m.default\Cache\_CACHE_003_ Object is locked skipped C:\Documents and Settings\Jennifer Mackin\Local Settings\Application Data\Mozilla\Firefox\Profiles\7iom7s9m.default\Cache\_CACHE_MAP_ Object is locked skipped C:\Documents and Settings\Jennifer Mackin\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Jennifer Mackin\Local Settings\History\History.IE5\MSHist012008012620080127\index.dat Object is locked skipped C:\Documents and Settings\Jennifer Mackin\Local Settings\Temp\~DF6346.tmp Object is locked skipped C:\Documents and Settings\Jennifer Mackin\Local Settings\Temp\~DF6565.tmp Object is locked skipped C:\Documents and Settings\Jennifer Mackin\Local Settings\Temp\~DF8115.tmp Object is locked skipped C:\Documents and Settings\Jennifer Mackin\Local Settings\Temp\~DF8130.tmp Object is locked skipped C:\Documents and Settings\Jennifer Mackin\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Jennifer Mackin\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Jennifer Mackin\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Program Files\Cisco Systems\VPN Client\Certificates\CAAAAAAA.CDX Object is locked skipped C:\Program Files\Cisco Systems\VPN Client\Certificates\CAAAAAAA.DBF Object is locked skipped C:\Program Files\Cisco Systems\VPN Client\Certificates\CAAAAAAA.FPT Object is locked skipped C:\Program Files\Cisco Systems\VPN Client\Certificates\CBAAAAAA.CDX Object is locked skipped C:\Program Files\Cisco Systems\VPN Client\Certificates\CBAAAAAA.DBF Object is locked skipped C:\Program Files\Cisco Systems\VPN Client\Certificates\CBAAAAAA.FPT Object is locked skipped C:\Program Files\Cisco Systems\VPN Client\Certificates\CCAAAAAA.CDX Object is locked skipped C:\Program Files\Cisco Systems\VPN Client\Certificates\CCAAAAAA.DBF Object is locked skipped C:\Program Files\Cisco Systems\VPN Client\Certificates\CCAAAAAA.FPT Object is locked skipped C:\Program Files\Cisco Systems\VPN Client\Certificates\CDAAAAAA.CDX Object is locked skipped C:\Program Files\Cisco Systems\VPN Client\Certificates\CDAAAAAA.DBF Object is locked skipped C:\Program Files\Cisco Systems\VPN Client\Certificates\CDAAAAAA.FPT Object is locked skipped C:\Program Files\Cisco Systems\VPN Client\Certificates\PAAAAAAA.CDX Object is locked skipped C:\Program Files\Cisco Systems\VPN Client\Certificates\PAAAAAAA.DBF Object is locked skipped C:\Program Files\Cisco Systems\VPN Client\Certificates\PAAAAAAA.FPT Object is locked skipped C:\Program Files\Cisco Systems\VPN Client\Certificates\PBAAAAAA.CDX Object is locked skipped C:\Program Files\Cisco Systems\VPN Client\Certificates\PBAAAAAA.DBF Object is locked skipped C:\Program Files\Cisco Systems\VPN Client\Certificates\PBAAAAAA.FPT Object is locked skipped C:\Program Files\Cisco Systems\VPN Client\Certificates\PCAAAAAA.CDX Object is locked skipped C:\Program Files\Cisco Systems\VPN Client\Certificates\PCAAAAAA.DBF Object is locked skipped C:\Program Files\Cisco Systems\VPN Client\Certificates\PCAAAAAA.FPT Object is locked skipped C:\Program Files\Cisco Systems\VPN Client\Certificates\PDAAAAAA.CDX Object is locked skipped C:\Program Files\Cisco Systems\VPN Client\Certificates\PDAAAAAA.DBF Object is locked skipped C:\Program Files\Cisco Systems\VPN Client\Certificates\PDAAAAAA.FPT Object is locked skipped C:\Program Files\Cisco Systems\VPN Client\Certificates\RAAAAAAA.CDX Object is locked skipped C:\Program Files\Cisco Systems\VPN Client\Certificates\RAAAAAAA.DBF Object is locked skipped C:\Program Files\Cisco Systems\VPN Client\Certificates\RAAAAAAA.FPT Object is locked skipped C:\Program Files\Cisco Systems\VPN Client\Certificates\RBAAAAAA.CDX Object is locked skipped C:\Program Files\Cisco Systems\VPN Client\Certificates\RBAAAAAA.DBF Object is locked skipped C:\Program Files\Cisco Systems\VPN Client\Certificates\RBAAAAAA.FPT Object is locked skipped C:\Program Files\Cisco Systems\VPN Client\Certificates\RCAAAAAA.CDX Object is locked skipped C:\Program Files\Cisco Systems\VPN Client\Certificates\RCAAAAAA.DBF Object is locked skipped C:\Program Files\Cisco Systems\VPN Client\Certificates\RCAAAAAA.FPT Object is locked skipped C:\Program Files\Cisco Systems\VPN Client\Certificates\RDAAAAAA.CDX Object is locked skipped C:\Program Files\Cisco Systems\VPN Client\Certificates\RDAAAAAA.DBF Object is locked skipped C:\Program Files\Cisco Systems\VPN Client\Certificates\RDAAAAAA.FPT Object is locked skipped C:\Program Files\Cisco Systems\VPN Client\Certificates\RSADB.CDX Object is locked skipped C:\Program Files\Cisco Systems\VPN Client\Certificates\RSADB.DBF Object is locked skipped C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped C:\Program Files\Common Files\Symantec Shared\coShared\WA\1.5\NCOWAD.dat Object is locked skipped C:\Program Files\Common Files\Symantec Shared\coShared\WA\1.5\NCOWADMT.dat Object is locked skipped C:\Program Files\Common Files\Symantec Shared\coShared\WA\1.5\NCOWAS.dat Object is locked skipped C:\Program Files\Common Files\Symantec Shared\coShared\WA\1.5\NCOWAS.ldb Object is locked skipped C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped C:\Program Files\Norton 360\Log\AutoProtect.log Object is locked skipped C:\Program Files\Norton 360\Log\AVContext.log Object is locked skipped C:\Program Files\Norton 360\Log\AVManual.log Object is locked skipped C:\Program Files\Norton 360\Log\Backup.log Object is locked skipped C:\Program Files\Norton 360\Log\CUInternetPageViewHistory.log Object is locked skipped C:\Program Files\Norton 360\Log\CUInternetSearchHistory.log Object is locked skipped C:\Program Files\Norton 360\Log\CUInternetTempFiles.log Object is locked skipped C:\Program Files\Norton 360\Log\CUWindowsTempFiles.log Object is locked skipped C:\Program Files\Norton 360\Log\EmailScan.log Object is locked skipped C:\Program Files\Norton 360\Log\InternetSecurity.log Object is locked skipped C:\Program Files\Norton 360\Log\ISIntrusionPrevented.log Object is locked skipped C:\Program Files\Norton 360\Log\ISIOTraffic.log Object is locked skipped C:\Program Files\Norton 360\Log\ISNewNetwork.log Object is locked skipped C:\Program Files\Norton 360\Log\LiveUpdate.log Object is locked skipped C:\Program Files\Norton 360\Log\NCO.log Object is locked skipped C:\Program Files\Norton 360\Log\VABrowserSettings.log Object is locked skipped C:\Program Files\Norton 360\Log\VAIPAddresses.log Object is locked skipped C:\Program Files\Norton 360\Log\VAWeakPasswords.log Object is locked skipped C:\Program Files\Norton 360\Log\WDFScanner.log Object is locked skipped C:\Program Files\RealVNC\WinVNC\othread2.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped C:\Program Files\RealVNC\WinVNC\vnchooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped C:\Program Files\RealVNC\WinVNC\winvnc.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped C:\QooBox\Quarantine\C\a.exe.vir Infected: Trojan-Spy.Win32.Banker.fgw skipped C:\QooBox\Quarantine\C\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows32.exe.vir Infected: Trojan-Spy.Win32.Banker.fgw skipped C:\RECYCLER\S-1-5-21-3583174769-1769637256-4123306712-1005\Dc8.exe/data0002 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped C:\RECYCLER\S-1-5-21-3583174769-1769637256-4123306712-1005\Dc8.exe/data0003 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped C:\RECYCLER\S-1-5-21-3583174769-1769637256-4123306712-1005\Dc8.exe/data0004 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped C:\RECYCLER\S-1-5-21-3583174769-1769637256-4123306712-1005\Dc8.exe Inno: infected - 3 skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP601\A0039419.exe Infected: Trojan-Spy.Win32.Banker.fgw skipped C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP602\A0039436.exe/stream/data0001/stream/data0014 Infected: not-a-virus:Client-IRC.Win32.mIRC.63 skipped C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP602\A0039436.exe/stream/data0001/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.63 skipped C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP602\A0039436.exe/stream/data0001 Infected: not-a-virus:Client-IRC.Win32.mIRC.63 skipped C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP602\A0039436.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.63 skipped C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP602\A0039436.exe NSIS: infected - 4 skipped C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP615\A0040360.exe Infected: Trojan-Spy.Win32.Banker.fgw skipped C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP615\A0040361.exe Infected: Trojan-Spy.Win32.Banker.fgw skipped C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP618\A0040420.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP618\A0040421.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP618\A0041339.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP621\A0041534.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.60 skipped C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP629\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{7CA81C9B-7607-4A2C-BB57-E746C405E856}.bin Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\DEFAULT Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SYSTEM Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\Temp\JET8B45.tmp Object is locked skipped C:\WINDOWS\Temp\JET8C9D.tmp Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed.
  13. I have created a Hijacklog because my computer has moved slow and been acting funny - I did the F-Secure scan as well as windows defener and PANDA and I also have Norton 360. I am currently looking for a good spyware program to run but I was hoping someone would review this and make sure everything seems kosher. thanks! Logfile of HijackThis v1.99.1 Scan saved at 4:55:46 PM, on 1/21/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\brss01a.exe C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Lexmark 5400 Series\lxctmon.exe C:\Program Files\Lexmark 5400 Series\ezprint.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\WINDOWS\system32\lxctcoms.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\RealVNC\WinVNC\WinVNC.exe C:\WINDOWS\system32\fxssvc.exe C:\Program Files\Cisco Systems\VPN Client\vpngui.exe C:\WINDOWS\system32\mstsc.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Jennifer Mackin\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe" O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe" O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,[email protected] O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -servicehelper O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: VPN Client.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/latest/PlaxoInstall.cab O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1200877146656 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {D1D98C0F-A339-42AB-BD5F-EA0FF5D0E65F} (RockYou Image Uploader Control) - http://rockyou.com/RockYouImageUploader.cab O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/install/gtdownde.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{BCE4E240-4224-4A89-B0AF-EF39C41645AB}: Domain = voicetext.com O17 - HKLM\System\CCS\Services\Tcpip\..\{BCE4E240-4224-4A89-B0AF-EF39C41645AB}: NameServer = 192.168.100.2 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = voicetext.com O17 - HKLM\System\CS1\Services\Tcpip\..\{BCE4E240-4224-4A89-B0AF-EF39C41645AB}: Domain = voicetext.com O17 - HKLM\System\CS1\Services\Tcpip\..\{BCE4E240-4224-4A89-B0AF-EF39C41645AB}: NameServer = 192.168.100.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = voicetext.com O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing) O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: GoToAssist - Unknown owner - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe" Start=service (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing) O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -service (file missing) **addition**Panda scan log what is really needed to get this gone Incident Status Location Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Jennifer Mackin\Application Data\Mozilla\Firefox\Profiles\7iom7s9m.default\cookies.txt[.doubleclick.net/] Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Jennifer Mackin\Application Data\Mozilla\Firefox\Profiles\7iom7s9m.default\cookies.txt[.trafficmp.com/] Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Jennifer Mackin\Cookies\jennifer [email protected][2].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Jennifer Mackin\Cookies\jennifer [email protected][2].txt Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Jennifer Mackin\Cookies\jennifer [email protected][2].txt Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Jennifer Mackin\Cookies\jennifer [email protected][1].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Jennifer Mackin\Cookies\jennifer [email protected][1].txt Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Jennifer Mackin\Cookies\jennifer [email protected][1].txt Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Jennifer Mackin\Cookies\jennifer [email protected][1].txt Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Jennifer Mackin\Cookies\jennifer [email protected][1].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Jennifer Mackin\Cookies\jennifer [email protected][1].txt Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Jennifer Mackin\Cookies\jennifer [email protected][1].txt Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Jennifer Mackin\Cookies\jennifer [email protected][1].txt Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Jennifer Mackin\Cookies\jennifer [email protected][1].txt Adware:Adware/SaveNow Not disinfected C:\Documents and Settings\Jennifer Mackin\Desktop\IPOD Movies\BitLord_1.1.exe Virus:Trj/Spamtaload.AW Disinfected Personal Folders\Deleted Items\[Norton AntiSpam] Mail Transaction Failed\text.zip[text.log.exe] Virus:Bck/mIRCBased.AW Disinfected C:\Program Files\mIRC\mirc.exe Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\RECYCLER\S-1-5-21-3583174769-1769637256-4123306712-1005\Dc9.exe[nircmd.com] Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\RECYCLER\S-1-5-21-3583174769-1769637256-4123306712-1005\Dc9.exe[nircmd.cfexe] Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\NirCmd.exe