jmackin

Members
  • Content Count

    13
  • Joined

  • Last visited

Posts posted by jmackin

  1. ok this did not show anything - we did uninstall a bunch of toolbars he had and this is when it happened - we thought it was adware or malware but I don't think this showed anything any suggestions you have would be great - also why is everything locked?

    thanks

    -------------------------------------------------------------------------------

    KASPERSKY ONLINE SCANNER REPORT

    Thursday, March 20, 2008 7:55:17 AM

    Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)

    Kaspersky Online Scanner version: 5.0.98.0

    Kaspersky Anti-Virus database last update: 20/03/2008

    Kaspersky Anti-Virus database records: 643114

    -------------------------------------------------------------------------------

    Scan Settings:

    Scan using the following antivirus database: extended

    Scan Archives: true

    Scan Mail Bases: true

    Scan Target - My Computer:

    A:\

    C:\

    D:\

    Scan Statistics:

    Total number of scanned objects: 59545

    Number of viruses found: 0

    Number of infected objects: 0

    Number of suspicious objects: 0

    Duration of the scan process: 00:54:00

    Infected Object Name / Virus Name / Last Action

    C:\Documents and Settings\administrator.VOICETEXT.COM\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\administrator.VOICETEXT.COM\ntuser.dat.LOG Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped

    C:\Documents and Settings\kevin\Application Data\acccore\nss\cert8.db Object is locked skipped

    C:\Documents and Settings\kevin\Application Data\acccore\nss\key3.db Object is locked skipped

    C:\Documents and Settings\kevin\Application Data\Microsoft\Templates\Normal.dot Object is locked skipped

    C:\Documents and Settings\kevin\Application Data\Microsoft\Word\AutoRecovery save of Document1.asd Object is locked skipped

    C:\Documents and Settings\kevin\Cookies\index.dat Object is locked skipped

    C:\Documents and Settings\kevin\Local Settings\Application Data\AOL OCP\AIM\Storage\All Users\localStorage\common.cls Object is locked skipped

    C:\Documents and Settings\kevin\Local Settings\Application Data\AOL OCP\AIM\Storage\data\vtoper5\localStorage\common.cls Object is locked skipped

    C:\Documents and Settings\kevin\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped

    C:\Documents and Settings\kevin\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\pending.dat Object is locked skipped

    C:\Documents and Settings\kevin\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_164C_3CF8_4C3C_D3E9\dfsr.db Object is locked skipped

    C:\Documents and Settings\kevin\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_164C_3CF8_4C3C_D3E9\fsr.log Object is locked skipped

    C:\Documents and Settings\kevin\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_164C_3CF8_4C3C_D3E9\fsrtmp.log Object is locked skipped

    C:\Documents and Settings\kevin\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_164C_3CF8_4C3C_D3E9\tmp.edb Object is locked skipped

    C:\Documents and Settings\kevin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\kevin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\kevin\Local Settings\Application Data\Microsoft\Windows Live Contacts\[email protected]\real\members.stg Object is locked skipped

    C:\Documents and Settings\kevin\Local Settings\Application Data\Microsoft\Windows Live Contacts\[email protected]\shadow\members.stg Object is locked skipped

    C:\Documents and Settings\kevin\Local Settings\History\History.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\kevin\Local Settings\Temp\~DF738F.tmp Object is locked skipped

    C:\Documents and Settings\kevin\Local Settings\Temp\~DF8BA6.tmp Object is locked skipped

    C:\Documents and Settings\kevin\Local Settings\Temp\~DFA6B9.tmp Object is locked skipped

    C:\Documents and Settings\kevin\Local Settings\Temp\~DFA6C4.tmp Object is locked skipped

    C:\Documents and Settings\kevin\Local Settings\Temp\~DFAD88.tmp Object is locked skipped

    C:\Documents and Settings\kevin\Local Settings\Temp\~DFAD94.tmp Object is locked skipped

    C:\Documents and Settings\kevin\Local Settings\Temp\~WRD0002.doc Object is locked skipped

    C:\Documents and Settings\kevin\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\kevin\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\kevin\ntuser.dat.LOG Object is locked skipped

    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

    C:\Documents and Settings\sarah\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\sarah\ntuser.dat.LOG Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped

    C:\Program Files\Symantec AntiVirus\SAVRT529NAV~.TMP Object is locked skipped

    C:\Program Files\Symantec AntiVirus\SAVRT566NAV~.TMP Object is locked skipped

    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

    C:\WINDOWS\CSC0000001 Object is locked skipped

    C:\WINDOWS\Debug\Netlogon.log Object is locked skipped

    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

    C:\WINDOWS\SchedLgU.Txt Object is locked skipped

    C:\WINDOWS\SoftwareDistribution\EventCache\{781B4C6C-2F8C-4DA4-B36D-5D0DDFAFFF5C}.bin Object is locked skipped

    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

    C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

    C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

    C:\WINDOWS\system32\config\DEFAULT Object is locked skipped

    C:\WINDOWS\system32\config\default.LOG Object is locked skipped

    C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

    C:\WINDOWS\system32\config\SAM Object is locked skipped

    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

    C:\WINDOWS\system32\config\SECURITY Object is locked skipped

    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

    C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped

    C:\WINDOWS\system32\config\software.LOG Object is locked skipped

    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

    C:\WINDOWS\system32\config\SYSTEM Object is locked skipped

    C:\WINDOWS\system32\config\system.LOG Object is locked skipped

    C:\WINDOWS\system32\h323log.txt Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

    C:\WINDOWS\WindowsUpdate.log Object is locked skipped

    Scan process completed.

  2. WOW and here it is:

    Here you go.

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 12:38:34 PM, on 3/19/2008

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16608)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\Symantec AntiVirus\DefWatch.exe

    C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

    C:\WINDOWS\system32\nvsvc32.exe

    C:\Program Files\Symantec AntiVirus\SavRoam.exe

    C:\Program Files\Symantec AntiVirus\Rtvscan.exe

    C:\Program Files\Windows Live\Messenger\usnsvc.exe

    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPNRA.EXE

    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBOID.EXE

    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBPRO.EXE

    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBPRO.EXE

    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBOID.EXE

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\stsystra.exe

    C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

    C:\Program Files\Common Files\Symantec Shared\ccApp.exe

    C:\PROGRA~1\SYMANT~1\VPTray.exe

    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

    C:\Program Files\AIM6\aim6.exe

    C:\Program Files\Palm\Hotsync.exe

    C:\Program Files\AIM6\aolsoftware.exe

    C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe

    C:\Program Files\Octave\OCIConsole 2.3.2\OCIConsole.exe

    C:\Program Files\Octave\OCIConsole 2.3.2\OCIConsole.exe

    C:\Program Files\Octave\OCIConsole\OCIConsole.exe

    C:\Program Files\Avaya\Bridge Talk\Avaya Bridge Talk.exe

    C:\Program Files\Avaya\Bridge Talk\jre\bin\javaw.exe

    C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE

    C:\Program Files\Microsoft Office\Office10\WINWORD.EXE

    C:\Program Files\Windows Live\Messenger\msvs.exe

    C:\Program Files\Windows Live\Messenger\msvs.exe

    C:\Program Files\Sony\Sound Forge 8.0\Forge80.exe

    C:\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe

    C:\Program Files\FileMaker\FileMaker Pro 8.5\FileMaker Pro.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

    O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1

    O4 - HKUS\S-1-5-21-2087260228-25641292-1621235808-1277\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'sarah')

    O4 - HKUS\S-1-5-21-2087260228-25641292-1621235808-1277\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'sarah')

    O4 - HKUS\S-1-5-21-2087260228-25641292-1621235808-1277\..\Run: [Aim6] (User 'sarah')

    O4 - HKUS\S-1-5-21-2087260228-25641292-1621235808-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'administrator')

    O4 - Startup: Palm Registration.lnk = C:\Program Files\Palm\register.exe

    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe

    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB

    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1203611423422

    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL/jre/6u...ows-i586-jc.cab

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = voicetext.com

    O17 - HKLM\Software\..\Telephony: DomainName = voicetext.com

    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = voicetext.com

    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

    O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBPRO.EXE

    O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBOID.EXE

    O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

    --

    End of file - 9432 bytes

  3. I need some help a computer of mine currently can't view and web sites it redirects to URL's that are not real as I have tried to open on another computer...

    I know I need to post a log and move forward so any assistance would be greatly appreciated - I am not very techie so I need someone who can explain it in a child language to ensure I do everything right.

    Thank you in advance!

    I also have messenger if anyone would like to make this quicker ;-)

  4. When you log on as user 2 go to Device manager and see if the sound card is listed. If it is with a yellow or red ! next to it then you can just install the drivers for it. You can install them anyway just to see if it works. Just double click on the Sound card and then click on driver and then update driver. Choose from the INTERNET and let it find it for you. Might do that since it will look for the newest driver for you instead of the one the PC came with.

    There are a lot of sound and video cards and I went thru them all and they all say working properly - Arggg

  5. I am hoping someone can help I have been ALL over the web and would love to be on chat with someone to make this work. I have a XP Pro computer and I can remote into user 1 and have all sounds and programs and if I log in as user 2 I have no sounds and errors even trying to play control panel windows sounds.

    I have looked all over the web and yes it is set to bring to this computer but the mute is always muted... :angry2:

    ANY help would be appreciated - my IM is: [email protected]

    Thank you in advance!!

  6. Ryan,

    I think I got pretty much everything out by scanning the hell out of it like five million times with five million programs ;-)

    Thanks for checking on it

    I will restart when you say - PS I did like your blogs

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

    [boot loader]

    timeout=2

    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

    [operating systems]

    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

    C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

  7. combo below:

    ComboFix 08-01-23.1C - Jennifer Mackin 2008-01-26 17:48:35.2 - NTFSx86

    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.369 [GMT -6:00]

    Running from: C:\Documents and Settings\Jennifer Mackin\Desktop\ComboFix.exe

    Command switches used :: C:\Documents and Settings\Jennifer Mackin\Desktop\CFScript.txt

    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    FILE

    C:\Documents and Settings\Jennifer Mackin\Desktop\IPOD Movies\BitLord_1.1.exe

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    C:\Documents and Settings\Jennifer Mackin\Desktop\IPOD Movies\BitLord_1.1.exe

    .

    ((((((((((((((((((((((((( Files Created from 2007-12-26 to 2008-01-26 )))))))))))))))))))))))))))))))

    .

    2008-01-26 10:14 . 2008-01-26 10:14 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab

    2008-01-25 09:10 . 2008-01-25 09:10 <DIR> d-------- C:\WINDOWS\LastGood

    2008-01-24 20:53 . 2006-10-04 08:06 1,197,294 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb

    2008-01-24 20:53 . 2006-10-04 08:06 764,868 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb

    2008-01-24 20:53 . 2006-10-04 08:06 217,118 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb

    2008-01-24 20:52 . 2008-01-24 20:52 <DIR> d-------- C:\Program Files\Windows Media Connect 2

    2008-01-24 20:50 . 2008-01-24 20:50 <DIR> d-------- C:\WINDOWS\system32\LogFiles

    2008-01-24 20:50 . 2008-01-24 20:51 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF

    2008-01-23 20:18 . 2008-01-23 20:18 <DIR> d-------- C:\Program Files\Common Files\xing shared

    2008-01-21 16:49 . 2008-01-21 18:03 <DIR> d-------- C:\WINDOWS\system32\ActiveScan

    2008-01-21 16:49 . 2008-01-21 16:49 30,590 --a------ C:\WINDOWS\system32\pavas.ico

    2008-01-21 16:49 . 2008-01-21 16:49 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico

    2008-01-21 16:49 . 2008-01-21 16:49 1,406 --a------ C:\WINDOWS\system32\Help.ico

    2008-01-21 16:00 . 2008-01-21 16:00 <DIR> d-------- C:\Program Files\Citrix

    2008-01-21 04:56 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

    2008-01-21 04:56 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

    2008-01-20 22:20 . 2008-01-21 17:54 <DIR> d-------- C:\Program Files\Windows Defender

    2008-01-20 22:17 . 2008-01-20 22:23 <DIR> d-------- C:\Program Files\Windows Live Safety Center

    2008-01-20 21:41 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

    2008-01-20 19:02 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

    2008-01-20 18:54 . 2008-01-26 10:14 <DIR> d-------- C:\WINDOWS\Downloaded Program Files

    2008-01-20 18:54 . 2005-07-04 16:03 1,650,688 --a------ C:\WINDOWS\system32\qdiagdwc.ocx

    2008-01-20 18:54 . 2004-06-15 15:55 7,882 --a------ C:\WINDOWS\system32\GTKCMOS.sys

    2008-01-20 18:54 . 2005-02-08 12:37 7,626 --a------ C:\WINDOWS\system32\GPCIEnum.sys

    2008-01-20 18:54 . 2005-02-09 13:08 7,168 --a------ C:\WINDOWS\system32\DLPT64.sys

    2008-01-20 18:54 . 2004-06-09 09:29 6,977 --a------ C:\WINDOWS\system32\DDMI2.sys

    2008-01-20 18:54 . 2005-03-13 16:54 6,656 --a------ C:\WINDOWS\system32\DLPT2.sys

    2008-01-20 18:54 . 2005-02-08 13:04 5,632 --a------ C:\WINDOWS\system32\GPCIEn64.sys

    2008-01-20 18:54 . 2005-02-08 15:46 5,120 --a------ C:\WINDOWS\system32\GTKCMO64.sys

    2008-01-20 18:54 . 2005-02-07 19:07 4,608 --a------ C:\WINDOWS\system32\DDMI64.sys

    2008-01-19 10:49 . 2008-01-19 10:49 <DIR> d-------- C:\Program Files\DellSupport

    2008-01-16 17:24 . 2008-01-16 17:24 <DIR> d-------- C:\Program Files\Windows Installer Clean Up

    2008-01-16 17:24 . 2008-01-16 17:24 <DIR> d-------- C:\Program Files\MSECACHE

    2008-01-15 18:50 . 2008-01-15 18:50 <DIR> d-------- C:\Program Files\iTunes

    2008-01-15 18:50 . 2008-01-15 18:50 <DIR> d-------- C:\Program Files\iPod

    2008-01-15 18:48 . 2008-01-15 18:49 <DIR> d-------- C:\Program Files\QuickTime

    2008-01-13 23:09 . 2008-01-20 21:25 5 --a------ C:\WINDOWS\winload.inf

    2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx

    2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

    2007-12-27 18:45 . 2007-12-27 18:48 <DIR> d-------- C:\Program Files\Picasa2

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2008-01-26 23:41 --------- d-----w C:\Program Files\Lx_cats

    2008-01-25 12:30 --------- d-----w C:\Program Files\Common Files\Symantec Shared

    2008-01-24 02:18 --------- d-----w C:\Program Files\Real

    2008-01-24 02:18 --------- d-----w C:\Program Files\Common Files\Real

    2008-01-21 23:52 --------- d-----w C:\Program Files\Norton 360

    2008-01-21 23:51 --------- d-----w C:\Program Files\MSN Messenger

    2008-01-21 23:51 --------- d-----w C:\Program Files\mIRC

    2008-01-21 23:48 --------- d-----w C:\Program Files\Lexmark 5400 Series

    2008-01-21 23:45 --------- d-----w C:\Program Files\Google

    2008-01-21 22:22 3,506 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

    2008-01-21 22:21 --------- d-----w C:\Program Files\Common Files\Corel

    2008-01-21 16:36 --------- d-----w C:\Program Files\Plaxo

    2008-01-21 13:16 --------- d-----w C:\Program Files\RealVNC

    2008-01-21 01:02 --------- d-----w C:\Program Files\Java

    2008-01-19 16:25 --------- d-----w C:\Program Files\Roxio

    2008-01-16 23:37 --------- d-----w C:\Program Files\Dell

    2008-01-16 23:35 --------- d-----w C:\Program Files\Kodak

    2008-01-16 23:30 --------- d-----w C:\Program Files\Flashation Menu Builder

    2008-01-03 23:21 --------- d--h--w C:\Program Files\InstallShield Installation Information

    2007-12-25 18:37 --------- d-----w C:\Program Files\Common Files\Kodak

    2007-12-14 00:39 --------- d-----w C:\Program Files\Lexmark Toolbar

    2007-12-14 00:39 --------- d-----w C:\Program Files\Abbyy FineReader 6.0 Sprint

    2007-12-12 12:29 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF

    2007-12-12 12:29 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL

    2007-12-12 12:29 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS

    2007-12-12 12:29 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT

    2007-12-12 12:29 --------- d-----w C:\Program Files\Symantec

    2007-12-01 05:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys

    2007-12-01 05:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys

    2007-12-01 05:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys

    2007-12-01 05:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat

    2007-12-01 05:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat

    2007-12-01 05:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat

    2007-12-01 05:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf

    2007-12-01 05:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf

    2007-12-01 05:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf

    2007-11-14 07:26 450,560 ------w C:\WINDOWS\system32\dllcache\jscript.dll

    2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll

    2007-11-07 09:26 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll

    2007-10-30 16:53 360,832 ------w C:\WINDOWS\system32\dllcache\tcpip.sys

    2007-10-30 09:55 3,065,856 ------w C:\WINDOWS\system32\dllcache\mshtml.dll

    2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll

    2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll

    2007-10-27 23:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll

    2007-10-27 23:40 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll

    2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll

    2006-08-15 01:18 88 --sh--r C:\WINDOWS\system32\3D9842D320.sys

    .

    ((((((((((((((((((((((((((((( [email protected]_21.47.07.10 )))))))))))))))))))))))))))))))))))))))))

    .

    + 2006-10-04 14:05:26 39,424 ------w C:\WINDOWS\AppPatch\acadproc.dll

    + 2006-08-24 14:28:54 141,424 ----a-w C:\WINDOWS\Downloaded Program Files\asinst.dll

    + 2007-05-07 22:38:46 500,120 ----a-w C:\WINDOWS\Downloaded Program Files\daas_s.dll

    + 2002-07-26 00:13:18 24,576 ----a-w C:\WINDOWS\Downloaded Program Files\dwusplay.dll

    + 2002-07-26 00:13:12 196,608 ----a-w C:\WINDOWS\Downloaded Program Files\dwusplay.exe

    + 2007-05-07 22:39:00 192,920 ----a-w C:\WINDOWS\Downloaded Program Files\fsauc.dll

    + 2007-05-07 22:39:24 254,360 ----a-w C:\WINDOWS\Downloaded Program Files\fscax.dll

    + 2005-06-10 16:44:02 417,792 ----a-w C:\WINDOWS\Downloaded Program Files\isusweb.dll

    + 2007-10-15 16:02:14 465,472 ----a-w C:\WINDOWS\Downloaded Program Files\wlscBase.dll

    - 2008-01-21 03:43:13 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT

    + 2008-01-26 23:48:16 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT

    - 2008-01-21 03:43:13 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat

    + 2008-01-26 23:48:17 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat

    - 2008-01-21 03:43:13 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT

    + 2008-01-26 23:48:17 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT

    - 2008-01-21 03:43:13 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat

    + 2008-01-26 23:48:17 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat

    - 2008-01-21 03:43:13 5,513,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT

    + 2008-01-26 23:48:17 6,144,000 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT

    - 2008-01-21 03:43:13 155,648 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat

    + 2008-01-26 23:48:17 217,088 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat

    - 2004-09-15 17:27:54 192,512 ----a-w C:\WINDOWS\inf\unregmp2.exe

    + 2007-06-27 04:10:26 317,440 ----a-w C:\WINDOWS\inf\unregmp2.exe

    - 2006-06-13 02:47:01 22,486 ----a-r C:\WINDOWS\Installer\{8A9B8148-DDD7-448F-BD6C-358386D32354}\ARPPRODUCTICON.exe

    + 2008-01-21 22:21:36 22,486 ----a-r C:\WINDOWS\Installer\{8A9B8148-DDD7-448F-BD6C-358386D32354}\ARPPRODUCTICON.exe

    - 2006-06-13 02:47:01 22,486 ----a-r C:\WINDOWS\Installer\{8A9B8148-DDD7-448F-BD6C-358386D32354}\NewShortcut2_8A9B8148DDD7448FBD6C358386D32354.exe

    + 2008-01-21 22:21:36 22,486 ----a-r C:\WINDOWS\Installer\{8A9B8148-DDD7-448F-BD6C-358386D32354}\NewShortcut2_8A9B8148DDD7448FBD6C358386D32354.exe

    - 2006-06-13 02:47:01 22,486 ----a-r C:\WINDOWS\Installer\{8A9B8148-DDD7-448F-BD6C-358386D32354}\NewShortcut3_928F762215294C13AD31D1888867DB93.exe

    + 2008-01-21 22:21:36 22,486 ----a-r C:\WINDOWS\Installer\{8A9B8148-DDD7-448F-BD6C-358386D32354}\NewShortcut3_928F762215294C13AD31D1888867DB93.exe

    - 2006-06-13 02:47:01 61,440 ----a-r C:\WINDOWS\Installer\{8A9B8148-DDD7-448F-BD6C-358386D32354}\NewShortcut7_8A9B8148DDD7448FBD6C358386D32354.exe

    + 2008-01-21 22:21:36 61,440 ----a-r C:\WINDOWS\Installer\{8A9B8148-DDD7-448F-BD6C-358386D32354}\NewShortcut7_8A9B8148DDD7448FBD6C358386D32354.exe

    - 2006-06-13 02:47:01 65,536 ----a-r C:\WINDOWS\Installer\{8A9B8148-DDD7-448F-BD6C-358386D32354}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe

    + 2008-01-21 22:21:36 65,536 ----a-r C:\WINDOWS\Installer\{8A9B8148-DDD7-448F-BD6C-358386D32354}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe

    + 2007-03-29 15:20:50 110,592 ----a-w C:\WINDOWS\system32\ActiveScan\as.dll

    + 2006-10-05 22:15:26 233,472 ----a-w C:\WINDOWS\system32\ActiveScan\ascontrol.dll

    + 2005-06-03 20:03:18 96,256 ----a-w C:\WINDOWS\system32\ActiveScan\asmdat.dll

    + 2003-08-01 17:00:16 36,864 ----a-w C:\WINDOWS\system32\ActiveScan\certdll.dll

    + 2005-05-20 19:42:44 86,016 ----a-w C:\WINDOWS\system32\ActiveScan\instlsp.dll

    + 2007-11-12 15:46:18 26,112 ----a-w C:\WINDOWS\system32\ActiveScan\JID.dll

    + 2006-02-17 00:20:20 4,608 ----a-w C:\WINDOWS\system32\ActiveScan\memvfile.dll

    + 2005-10-26 00:08:32 348,160 ----a-w C:\WINDOWS\system32\ActiveScan\msvcr71.dll

    + 2007-11-26 17:10:36 61,440 ----a-w C:\WINDOWS\system32\ActiveScan\NanoWrapper.dll

    + 2004-05-04 21:01:02 139,264 ----a-w C:\WINDOWS\system32\ActiveScan\pavaleas.dll

    + 2006-07-14 19:04:10 45,056 ----a-w C:\WINDOWS\system32\ActiveScan\pavdr.exe

    + 2006-04-10 16:50:02 159,832 ----a-w C:\WINDOWS\system32\ActiveScan\pavexcom.dll

    + 2006-02-14 19:05:38 94,208 ----a-w C:\WINDOWS\system32\ActiveScan\pavinas.dll

    + 2006-02-17 00:35:38 180,224 ----a-w C:\WINDOWS\system32\ActiveScan\pavoe.dll

    + 2006-10-05 22:15:38 122,880 ----a-w C:\WINDOWS\system32\ActiveScan\pavpz.dll

    + 2007-06-04 17:31:52 57,344 ----a-w C:\WINDOWS\system32\ActiveScan\pavsddl.dll

    + 2006-06-30 20:13:38 8,704 ----a-w C:\WINDOWS\system32\ActiveScan\pfdnnt.exe

    + 2004-02-04 20:08:42 49,152 ----a-w C:\WINDOWS\system32\ActiveScan\port32.dll

    + 2007-10-30 16:04:14 36,864 ----a-w C:\WINDOWS\system32\ActiveScan\Prescan.dll

    + 2006-08-01 19:23:10 69,632 ----a-w C:\WINDOWS\system32\ActiveScan\pscpu.dll

    + 2007-11-21 16:00:06 376,832 ----a-w C:\WINDOWS\system32\ActiveScan\pskahk.dll

    + 2007-10-31 19:05:06 32,768 ----a-w C:\WINDOWS\system32\ActiveScan\PSKAHKPRESCAN.dll

    + 2006-08-17 17:38:14 10,752 ----a-w C:\WINDOWS\system32\ActiveScan\pskalloc.dll

    + 2006-09-04 17:49:54 61,440 ----a-w C:\WINDOWS\system32\ActiveScan\pskas.dll

    + 2006-08-18 14:46:18 779,264 ----a-w C:\WINDOWS\system32\ActiveScan\pskavs.dll

    + 2007-03-26 20:25:34 417,792 ----a-w C:\WINDOWS\system32\ActiveScan\pskcmp.dll

    + 2006-08-09 16:42:24 90,112 ----a-w C:\WINDOWS\system32\ActiveScan\pskfss.dll

    + 2006-07-19 16:55:58 208,896 ----a-w C:\WINDOWS\system32\ActiveScan\pskhtml.dll

    + 2006-01-20 22:57:00 9,728 ----a-w C:\WINDOWS\system32\ActiveScan\pskmas.dll

    + 2006-05-17 15:50:12 14,336 ----a-w C:\WINDOWS\system32\ActiveScan\pskmdfs.dll

    + 2006-08-16 16:58:12 33,280 ----a-w C:\WINDOWS\system32\ActiveScan\pskpack.dll

    + 2006-06-30 20:42:36 266,240 ----a-w C:\WINDOWS\system32\ActiveScan\pskscs.dll

    + 2006-08-17 20:33:14 62,976 ----a-w C:\WINDOWS\system32\ActiveScan\pskutil.dll

    + 2006-08-08 19:13:10 13,312 ----a-w C:\WINDOWS\system32\ActiveScan\pskvfile.dll

    + 2006-08-18 14:53:08 69,632 ----a-w C:\WINDOWS\system32\ActiveScan\pskvfs.dll

    + 2006-08-18 14:49:50 167,936 ----a-w C:\WINDOWS\system32\ActiveScan\pskvm.dll

    + 2007-10-18 15:30:16 105,472 ----a-w C:\WINDOWS\system32\ActiveScan\psnahk.dll

    + 2007-11-23 20:29:08 10,752 ----a-w C:\WINDOWS\system32\ActiveScan\psndsk.dll

    + 2007-10-18 15:30:38 42,496 ----a-w C:\WINDOWS\system32\ActiveScan\psnflg.dll

    + 2007-10-30 17:19:22 98,304 ----a-w C:\WINDOWS\system32\ActiveScan\psnglknt.dll

    + 2007-08-22 14:52:00 20,272 ----a-w C:\WINDOWS\system32\ActiveScan\psnhsh.dll

    + 2007-11-12 21:49:34 11,776 ----a-w C:\WINDOWS\system32\ActiveScan\psnjidsign.dll

    + 2007-08-22 14:52:04 76,080 ----a-w C:\WINDOWS\system32\ActiveScan\psnkrnl.dll

    + 2007-08-22 14:52:06 21,296 ----a-w C:\WINDOWS\system32\ActiveScan\psnmem.dll

    + 2007-10-04 21:26:28 28,672 ----a-w C:\WINDOWS\system32\ActiveScan\PsnPen.dll

    + 2007-10-23 17:40:10 86,016 ----a-w C:\WINDOWS\system32\ActiveScan\psntuc.dll

    + 2007-05-24 17:27:36 27,136 ----a-w C:\WINDOWS\system32\ActiveScan\PSNXprs.dll

    + 2007-04-18 23:16:04 353,840 ----a-w C:\WINDOWS\system32\ActiveScan\psscan.dll

    + 2007-01-22 20:42:48 35,328 ----a-w C:\WINDOWS\system32\ActiveScan\rawvfile.dll

    + 2007-06-08 15:44:36 8,576 ----a-w C:\WINDOWS\system32\ActiveScan\RKPavProc.sys

    + 2007-06-05 16:56:40 44,928 ----a-w C:\WINDOWS\system32\ActiveScan\sdthook.sys

    + 1997-09-18 12:12:32 9,488 ----a-w C:\WINDOWS\system32\ActiveScan\sporder.dll

    + 2006-02-28 23:23:40 69,632 ----a-w C:\WINDOWS\system32\ActiveScan\tcpvfile.dll

    + 2007-09-17 15:14:08 126,976 ----a-w C:\WINDOWS\system32\ActiveScan\Tucan.dll

    - 2004-09-15 17:28:06 8,192 ----a-w C:\WINDOWS\system32\asferror.dll

    + 2006-10-19 03:47:08 7,168 ----a-w C:\WINDOWS\system32\asferror.dll

    + 2006-08-02 18:39:06 73,728 ----a-w C:\WINDOWS\system32\asuninst.exe

    - 2004-09-15 17:28:06 480,768 ----a-w C:\WINDOWS\system32\Audiodev.dll

    + 2006-10-19 03:47:08 276,992 ----a-w C:\WINDOWS\system32\audiodev.dll

    - 2005-01-28 18:44:28 294,912 ----a-w C:\WINDOWS\system32\blackbox.dll

    + 2006-10-19 03:47:10 542,720 ----a-w C:\WINDOWS\system32\blackbox.dll

    - 2005-01-28 18:44:28 164,864 ----a-w C:\WINDOWS\system32\cewmdm.dll

    + 2006-10-19 03:47:10 229,376 ----a-w C:\WINDOWS\system32\cewmdm.dll

    - 2006-02-09 22:41:58 491,520 ----a-w C:\WINDOWS\system32\Corel Photo Album 6.scr

    + 2006-02-09 23:41:58 491,520 ----a-w C:\WINDOWS\system32\Corel Photo Album 6.scr

    - 2006-02-09 22:36:18 225,280 ----a-w C:\WINDOWS\system32\cpascrrc6.dll

    + 2006-02-09 23:36:18 225,280 ----a-w C:\WINDOWS\system32\cpascrrc6.dll

    - 2004-09-15 17:28:06 8,192 ----a-w C:\WINDOWS\system32\dllcache\asferror.dll

    + 2006-10-19 03:47:08 7,168 ----a-w C:\WINDOWS\system32\dllcache\asferror.dll

    - 2005-01-28 18:44:28 294,912 ----a-w C:\WINDOWS\system32\dllcache\blackbox.dll

    + 2006-10-19 03:47:10 542,720 ----a-w C:\WINDOWS\system32\dllcache\blackbox.dll

    - 2005-01-28 18:44:28 164,864 ----a-w C:\WINDOWS\system32\dllcache\cewmdm.dll

    + 2006-10-19 03:47:10 229,376 ----a-w C:\WINDOWS\system32\dllcache\cewmdm.dll

    - 2005-01-28 18:44:28 502,272 ----a-w C:\WINDOWS\system32\dllcache\drmv2clt.dll

    + 2006-10-19 03:47:10 991,744 ----a-w C:\WINDOWS\system32\dllcache\drmv2clt.dll

    - 2005-01-28 18:44:28 6,656 ----a-w C:\WINDOWS\system32\dllcache\laprxy.dll

    + 2006-10-19 03:47:14 11,264 ----a-w C:\WINDOWS\system32\dllcache\LAPRXY.dll

    - 2005-01-28 18:44:28 96,768 ----a-w C:\WINDOWS\system32\dllcache\logagent.exe

    + 2006-10-19 02:03:58 100,864 ----a-w C:\WINDOWS\system32\dllcache\logagent.exe

    - 2004-09-15 17:27:52 344,064 ----a-w C:\WINDOWS\system32\dllcache\mpvis.dll

    + 2006-10-19 03:47:14 243,712 ----a-w C:\WINDOWS\system32\dllcache\mpvis.dll

    - 2005-01-28 18:44:28 142,336 ----a-w C:\WINDOWS\system32\dllcache\msnetobj.dll

    + 2006-10-19 03:47:16 179,712 ----a-w C:\WINDOWS\system32\dllcache\msnetobj.dll

    - 2005-01-28 18:44:28 25,088 ----a-w C:\WINDOWS\system32\dllcache\mspmsnsv.dll

    + 2006-10-19 03:47:16 27,136 ----a-w C:\WINDOWS\system32\dllcache\mspmsnsv.dll

    - 2005-01-28 18:44:28 173,568 ----a-w C:\WINDOWS\system32\dllcache\mspmsp.dll

    + 2006-10-19 03:47:16 175,616 ----a-w C:\WINDOWS\system32\dllcache\mspmsp.dll

    - 2005-01-28 18:44:28 364,784 ----a-w C:\WINDOWS\system32\dllcache\msscp.dll

    + 2006-12-04 22:21:50 414,720 ----a-w C:\WINDOWS\system32\dllcache\msscp.dll

    - 2005-01-28 18:44:28 315,904 ----a-w C:\WINDOWS\system32\dllcache\mswmdm.dll

    + 2006-10-19 03:47:16 321,536 ----a-w C:\WINDOWS\system32\dllcache\mswmdm.dll

    - 2005-01-28 18:44:28 221,184 ----a-w C:\WINDOWS\system32\dllcache\qasf.dll

    + 2006-10-19 03:47:18 211,456 ----a-w C:\WINDOWS\system32\dllcache\qasf.dll

    - 2004-09-15 17:27:54 819,200 ----a-w C:\WINDOWS\system32\dllcache\setup_wm.exe

    + 2006-11-02 00:31:38 1,669,120 ----a-w C:\WINDOWS\system32\dllcache\setup_wm.exe

    - 2004-09-15 17:27:54 192,512 ----a-w C:\WINDOWS\system32\dllcache\unregmp2.exe

    + 2007-06-27 04:10:26 317,440 ----a-w C:\WINDOWS\system32\dllcache\unregmp2.exe

    - 2005-01-28 18:44:28 396,528 ----a-w C:\WINDOWS\system32\dllcache\wmadmod.dll

    + 2006-10-19 03:47:18 757,248 ----a-w C:\WINDOWS\system32\dllcache\WMADMOD.dll

    - 2005-01-28 18:44:28 716,288 ----a-w C:\WINDOWS\system32\dllcache\wmadmoe.dll

    + 2006-10-19 03:47:18 1,117,696 ----a-w C:\WINDOWS\system32\dllcache\WMADMOE.dll

    - 2005-01-28 18:44:28 28,160 ----a-w C:\WINDOWS\system32\dllcache\wmdmlog.dll

    + 2006-10-19 03:47:18 33,792 ----a-w C:\WINDOWS\system32\dllcache\wmdmlog.dll

    - 2005-01-28 18:44:28 33,792 ----a-w C:\WINDOWS\system32\dllcache\wmdmps.dll

    + 2006-10-19 03:47:18 37,376 ----a-w C:\WINDOWS\system32\dllcache\wmdmps.dll

    - 2004-09-15 17:27:54 189,440 ----a-w C:\WINDOWS\system32\dllcache\wmerror.dll

    + 2006-10-19 03:47:20 227,328 ----a-w C:\WINDOWS\system32\dllcache\wmerror.dll

    - 2005-01-28 18:44:28 150,016 ----a-w C:\WINDOWS\system32\dllcache\wmidx.dll

    + 2006-10-19 03:47:20 157,184 ----a-w C:\WINDOWS\system32\dllcache\wmidx.dll

    - 2005-01-28 18:44:28 1,027,072 ----a-w C:\WINDOWS\system32\dllcache\wmnetmgr.dll

    + 2006-10-19 03:47:20 937,984 ----a-w C:\WINDOWS\system32\dllcache\WMNetMgr.dll

    - 2007-04-30 13:20:24 5,537,792 ----a-w C:\WINDOWS\system32\dllcache\wmp.dll

    + 2007-06-12 05:51:12 10,834,944 ----a-w C:\WINDOWS\system32\dllcache\wmp.dll

    - 2004-09-15 17:28:00 135,168 ----a-w C:\WINDOWS\system32\dllcache\wmpasf.dll

    + 2006-10-19 03:47:20 242,688 ----a-w C:\WINDOWS\system32\dllcache\wmpasf.dll

    - 2004-09-15 17:28:00 77,824 ----a-w C:\WINDOWS\system32\dllcache\wmpband.dll

    + 2006-10-19 03:47:20 96,256 ----a-w C:\WINDOWS\system32\dllcache\wmpband.dll

    - 2004-09-15 17:28:00 282,624 ----a-w C:\WINDOWS\system32\dllcache\wmpdxm.dll

    + 2006-10-19 03:47:20 314,880 ----a-w C:\WINDOWS\system32\dllcache\wmpdxm.dll

    - 2004-09-15 17:28:00 73,728 ----a-w C:\WINDOWS\system32\dllcache\wmplayer.exe

    + 2006-10-19 03:46:20 64,000 ----a-w C:\WINDOWS\system32\dllcache\wmplayer.exe

    - 2004-09-15 17:28:00 3,371,008 ----a-w C:\WINDOWS\system32\dllcache\wmploc.dll

    + 2006-10-19 03:47:20 8,231,936 ----a-w C:\WINDOWS\system32\dllcache\wmploc.dll

    - 2004-09-15 17:28:00 86,016 ----a-w C:\WINDOWS\system32\dllcache\wmpshell.dll

    + 2006-10-19 03:47:20 99,840 ----a-w C:\WINDOWS\system32\dllcache\wmpshell.dll

    - 2005-01-28 18:44:28 774,904 ----a-w C:\WINDOWS\system32\dllcache\wmsdmod.dll

    + 2006-10-19 03:47:22 4,096 ----a-w C:\WINDOWS\system32\dllcache\wmsdmod.dll

    - 2005-01-28 18:44:28 1,119,744 ----a-w C:\WINDOWS\system32\dllcache\wmsdmoe2.dll

    + 2006-10-19 03:47:22 4,096 ----a-w C:\WINDOWS\system32\dllcache\wmsdmoe2.dll

    - 2005-01-28 18:44:28 413,944 ----a-w C:\WINDOWS\system32\dllcache\wmspdmod.dll

    + 2006-10-19 03:47:22 603,648 ----a-w C:\WINDOWS\system32\dllcache\WMSPDMOD.dll

    - 2005-01-28 18:44:28 940,544 ----a-w C:\WINDOWS\system32\dllcache\wmspdmoe.dll

    + 2006-10-19 03:47:22 1,329,152 ----a-w C:\WINDOWS\system32\dllcache\WMSPDMOE.dll

    - 2006-12-07 05:29:34 2,374,472 ----a-w C:\WINDOWS\system32\dllcache\wmvcore.dll

    + 2006-10-19 03:47:22 2,450,944 ----a-w C:\WINDOWS\system32\dllcache\wmvcore.dll

    - 2005-01-28 18:44:28 895,736 ----a-w C:\WINDOWS\system32\dllcache\wmvdmod.dll

    + 2006-10-19 03:47:22 4,096 ----a-w C:\WINDOWS\system32\dllcache\wmvdmod.dll

    - 2005-01-28 18:44:28 1,003,008 ----a-w C:\WINDOWS\system32\dllcache\wmvdmoe2.dll

    + 2006-10-19 03:47:22 4,096 ----a-w C:\WINDOWS\system32\dllcache\wmvdmoe2.dll

    + 2006-10-19 03:47:22 671,232 ------w C:\WINDOWS\system32\drivers\UMDF\wpdmtpdr.dll

    - 2005-01-28 18:44:28 18,944 ----a-w C:\WINDOWS\system32\drivers\wpdusb.sys

    + 2006-10-19 02:00:00 38,528 ----a-w C:\WINDOWS\system32\drivers\wpdusb.sys

    + 2006-09-29 00:55:50 77,568 ------w C:\WINDOWS\system32\drivers\WudfPf.sys

    + 2006-09-29 01:00:34 82,944 ------w C:\WINDOWS\system32\drivers\WudfRd.sys

    + 2006-10-19 02:00:46 249,856 ------w C:\WINDOWS\system32\drmupgds.exe

    - 2005-01-28 18:44:28 502,272 ----a-w C:\WINDOWS\system32\drmv2clt.dll

    + 2006-10-19 03:47:10 991,744 ----a-w C:\WINDOWS\system32\drmv2clt.dll

    + 2005-05-24 18:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll

    + 2007-08-29 21:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe

    + 2007-08-29 21:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll

    - 2005-01-28 18:44:28 6,656 ----a-w C:\WINDOWS\system32\laprxy.dll

    + 2006-10-19 03:47:14 11,264 ----a-w C:\WINDOWS\system32\LAPRXY.dll

    - 2005-01-28 18:44:28 96,768 ----a-w C:\WINDOWS\system32\logagent.exe

    + 2006-10-19 02:03:58 100,864 ----a-w C:\WINDOWS\system32\logagent.exe

    + 2006-10-19 03:47:14 212,992 ------w C:\WINDOWS\system32\MFPLAT.dll

    + 2006-10-19 03:47:14 259,072 ------w C:\WINDOWS\system32\MP43DECD.dll

    - 2004-08-04 10:00:00 310,272 ----a-w C:\WINDOWS\system32\mp43dmod.dll

    + 2006-10-19 03:47:14 4,096 ----a-w C:\WINDOWS\system32\MP43DMOD.dll

    + 2006-10-19 03:47:14 317,440 ------w C:\WINDOWS\system32\MP4SDECD.dll

    - 2004-08-04 10:00:00 384,512 ----a-w C:\WINDOWS\system32\mp4sdmod.dll

    + 2006-10-19 03:47:14 4,096 ----a-w C:\WINDOWS\system32\MP4SDMOD.dll

    + 2006-10-19 03:47:14 259,072 ------w C:\WINDOWS\system32\MPG4DECD.dll

    - 2004-08-04 10:00:00 240,640 ----a-w C:\WINDOWS\system32\mpg4dmod.dll

    + 2006-10-19 03:47:14 4,096 ----a-w C:\WINDOWS\system32\MPG4DMOD.dll

    - 2008-01-02 18:21:36 17,642,616 ----a-w C:\WINDOWS\system32\MRT.exe

    + 2008-01-02 16:21:38 17,642,616 ----a-w C:\WINDOWS\system32\MRT.exe

    + 2006-10-02 21:28:42 312,128 ------w C:\WINDOWS\system32\msdelta.dll

    - 2005-01-28 18:44:28 142,336 ----a-w C:\WINDOWS\system32\msnetobj.dll

    + 2006-10-19 03:47:16 179,712 ----a-w C:\WINDOWS\system32\msnetobj.dll

    - 2005-01-28 18:44:28 25,088 ----a-w C:\WINDOWS\system32\MsPMSNSv.dll

    + 2006-10-19 03:47:16 27,136 ----a-w C:\WINDOWS\system32\mspmsnsv.dll

    - 2005-01-28 18:44:28 173,568 ----a-w C:\WINDOWS\system32\MsPMSP.dll

    + 2006-10-19 03:47:16 175,616 ----a-w C:\WINDOWS\system32\mspmsp.dll

    - 2005-01-28 18:44:28 364,784 ----a-w C:\WINDOWS\system32\MSSCP.dll

    + 2006-12-04 22:21:50 414,720 ----a-w C:\WINDOWS\system32\msscp.dll

    - 2005-01-28 18:44:28 315,904 ----a-w C:\WINDOWS\system32\MSWMDM.dll

    + 2006-10-19 03:47:16 321,536 ----a-w C:\WINDOWS\system32\mswmdm.dll

    - 2008-01-21 03:28:47 54,280 ----a-w C:\WINDOWS\system32\perfc009.dat

    + 2008-01-25 09:10:31 54,280 ----a-w C:\WINDOWS\system32\perfc009.dat

    - 2008-01-21 03:28:47 384,596 ----a-w C:\WINDOWS\system32\perfh009.dat

    + 2008-01-25 09:10:31 384,596 ----a-w C:\WINDOWS\system32\perfh009.dat

    - 2006-06-13 02:41:12 278,528 ----a-w C:\WINDOWS\system32\pncrt.dll

    + 2008-01-24 02:18:14 278,528 ----a-w C:\WINDOWS\system32\pncrt.dll

    - 2006-06-13 02:41:12 6,656 ----a-w C:\WINDOWS\system32\pndx5016.dll

    + 2008-01-24 02:18:17 6,656 ----a-w C:\WINDOWS\system32\pndx5016.dll

    - 2006-06-13 02:41:12 5,632 ----a-w C:\WINDOWS\system32\pndx5032.dll

    + 2008-01-24 02:18:17 5,632 ----a-w C:\WINDOWS\system32\pndx5032.dll

    + 2006-10-19 03:47:18 284,160 ------w C:\WINDOWS\system32\PortableDeviceApi.dll

    + 2006-10-19 03:47:18 101,888 ------w C:\WINDOWS\system32\PortableDeviceClassExtension.dll

    + 2006-10-19 03:47:18 166,912 ------w C:\WINDOWS\system32\PortableDeviceTypes.dll

    + 2006-10-19 03:47:18 132,096 ------w C:\WINDOWS\system32\PortableDeviceWiaCompat.dll

    + 2006-10-19 03:47:18 199,168 ------w C:\WINDOWS\system32\PortableDeviceWMDRM.dll

    - 2006-11-21 18:53:06 158,456 ----a-w C:\WINDOWS\system32\pxwma.dll

    + 2005-05-05 19:50:56 151,552 ----a-w C:\WINDOWS\system32\pxwma.dll

    - 2005-01-28 18:44:28 221,184 ----a-w C:\WINDOWS\system32\qasf.dll

    + 2006-10-19 03:47:18 211,456 ----a-w C:\WINDOWS\system32\qasf.dll

    - 2006-06-13 02:41:17 157,696 ----a-w C:\WINDOWS\system32\rmoc3260.dll

    + 2008-01-24 02:18:27 185,944 ----a-w C:\WINDOWS\system32\rmoc3260.dll

    - 2007-10-08 20:46:18 14,640 ------w C:\WINDOWS\system32\spmsg.dll

    + 2006-09-25 23:58:48 14,640 ------w C:\WINDOWS\system32\spmsg.dll

    - 2005-06-28 15:21:34 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe

    + 2006-09-25 23:58:48 23,856 ----a-w C:\WINDOWS\system32\spupdsvc.exe

    - 2005-01-28 18:44:28 47,104 ----a-w C:\WINDOWS\system32\uwdf.exe

    + 2006-10-19 03:58:00 8,704 ----a-w C:\WINDOWS\system32\uwdf.exe

    - 2005-01-28 18:44:28 15,872 ----a-w C:\WINDOWS\system32\wdfapi.dll

    + 2006-10-19 03:47:18 4,096 ----a-w C:\WINDOWS\system32\wdfapi.dll

    - 2005-01-28 18:44:28 38,912 ----a-w C:\WINDOWS\system32\wdfmgr.exe

    + 2006-10-19 03:58:00 8,704 ----a-w C:\WINDOWS\system32\wdfmgr.exe

    - 2005-01-28 18:44:28 396,528 ----a-w C:\WINDOWS\system32\wmadmod.dll

    + 2006-10-19 03:47:18 757,248 ----a-w C:\WINDOWS\system32\wmadmod.dll

    - 2005-01-28 18:44:28 716,288 ----a-w C:\WINDOWS\system32\wmadmoe.dll

    + 2006-10-19 03:47:18 1,117,696 ----a-w C:\WINDOWS\system32\WMADMOE.dll

    - 2005-01-28 18:44:28 28,160 ----a-w C:\WINDOWS\system32\WMDMLOG.dll

    + 2006-10-19 03:47:18 33,792 ----a-w C:\WINDOWS\system32\wmdmlog.dll

    - 2005-01-28 18:44:28 33,792 ----a-w C:\WINDOWS\system32\WMDMPS.dll

    + 2006-10-19 03:47:18 37,376 ----a-w C:\WINDOWS\system32\wmdmps.dll

    - 2005-01-28 18:44:28 335,872 ----a-w C:\WINDOWS\system32\WMDRMdev.dll

    + 2006-10-19 03:47:18 429,056 ----a-w C:\WINDOWS\system32\wmdrmdev.dll

    - 2005-01-28 18:44:28 290,816 ----a-w C:\WINDOWS\system32\WMDRMNet.dll

    + 2006-10-19 03:47:20 348,672 ----a-w C:\WINDOWS\system32\wmdrmnet.dll

    + 2006-10-19 03:47:20 535,040 ------w C:\WINDOWS\system32\wmdrmsdk.dll

    - 2004-09-15 17:27:54 189,440 ----a-w C:\WINDOWS\system32\wmerror.dll

    + 2006-10-19 03:47:20 227,328 ----a-w C:\WINDOWS\system32\wmerror.dll

    - 2005-01-28 18:44:28 150,016 ----a-w C:\WINDOWS\system32\wmidx.dll

    + 2006-10-19 03:47:20 157,184 ----a-w C:\WINDOWS\system32\wmidx.dll

    - 2005-01-28 18:44:28 1,027,072 ----a-w C:\WINDOWS\system32\wmnetmgr.dll

    + 2006-10-19 03:47:20 937,984 ----a-w C:\WINDOWS\system32\wmnetmgr.dll

    - 2007-04-30 13:20:24 5,537,792 ----a-w C:\WINDOWS\system32\wmp.dll

    + 2007-06-12 05:51:12 10,834,944 ----a-w C:\WINDOWS\system32\wmp.dll

    - 2004-09-15 17:28:00 135,168 ----a-w C:\WINDOWS\system32\wmpasf.dll

    + 2006-10-19 03:47:20 242,688 ----a-w C:\WINDOWS\system32\wmpasf.dll

    - 2004-09-15 17:28:00 282,624 ----a-w C:\WINDOWS\system32\wmpdxm.dll

    + 2006-10-19 03:47:20 314,880 ----a-w C:\WINDOWS\system32\wmpdxm.dll

    + 2006-10-19 03:47:20 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll

    - 2004-09-15 17:28:00 1,589,760 ----a-w C:\WINDOWS\system32\wmpencen.dll

    + 2006-10-19 03:47:20 1,661,440 ----a-w C:\WINDOWS\system32\wmpencen.dll

    - 2004-09-15 17:28:00 3,371,008 ----a-w C:\WINDOWS\system32\wmploc.dll

    + 2006-10-19 03:47:20 8,231,936 ----a-w C:\WINDOWS\system32\wmploc.dll

    + 2006-10-19 03:47:20 613,376 ------w C:\WINDOWS\system32\wmpmde.dll

    + 2006-10-19 03:47:20 130,048 ------w C:\WINDOWS\system32\wmpps.dll

    - 2004-09-15 17:28:00 86,016 ----a-w C:\WINDOWS\system32\wmpshell.dll

    + 2006-10-19 03:47:20 99,840 ----a-w C:\WINDOWS\system32\wmpshell.dll

    - 2004-09-15 17:28:00 175,104 ----a-w C:\WINDOWS\system32\wmpsrcwp.dll

    + 2006-10-19 03:47:20 204,288 ----a-w C:\WINDOWS\system32\wmpsrcwp.dll

    - 2005-01-28 18:44:28 774,904 ----a-w C:\WINDOWS\system32\wmsdmod.dll

    + 2006-10-19 03:47:22 4,096 ----a-w C:\WINDOWS\system32\wmsdmod.dll

    - 2005-01-28 18:44:28 1,119,744 ----a-w C:\WINDOWS\system32\wmsdmoe2.dll

    + 2006-10-19 03:47:22 4,096 ----a-w C:\WINDOWS\system32\wmsdmoe2.dll

    - 2005-01-28 18:44:28 413,944 ----a-w C:\WINDOWS\system32\wmspdmod.dll

    + 2006-10-19 03:47:22 603,648 ----a-w C:\WINDOWS\system32\WMSPDMOD.dll

    - 2005-01-28 18:44:28 940,544 ----a-w C:\WINDOWS\system32\wmspdmoe.dll

    + 2006-10-19 03:47:22 1,329,152 ----a-w C:\WINDOWS\system32\WMSPDMOE.dll

    - 2005-01-28 18:44:28 1,218,808 ----a-w C:\WINDOWS\system32\wmvadvd.dll

    + 2006-10-19 03:47:22 4,096 ----a-w C:\WINDOWS\system32\WMVADVD.dll

    - 2005-01-28 18:44:28 1,512,448 ----a-w C:\WINDOWS\system32\WMVADVE.DLL

    + 2006-10-19 03:47:22 4,096 ----a-w C:\WINDOWS\system32\WMVADVE.DLL

    - 2006-12-07 05:29:34 2,374,472 ----a-w C:\WINDOWS\system32\wmvcore.dll

    + 2006-10-19 03:47:22 2,450,944 ----a-w C:\WINDOWS\system32\wmvcore.dll

    + 2006-10-19 03:47:22 1,543,680 ------w C:\WINDOWS\system32\WMVDECOD.dll

    - 2005-01-28 18:44:28 895,736 ----a-w C:\WINDOWS\system32\wmvdmod.dll

    + 2006-10-19 03:47:22 4,096 ----a-w C:\WINDOWS\system32\wmvdmod.dll

    - 2005-01-28 18:44:28 1,003,008 ----a-w C:\WINDOWS\system32\wmvdmoe2.dll

    + 2006-10-19 03:47:22 4,096 ----a-w C:\WINDOWS\system32\wmvdmoe2.dll

    + 2006-10-19 03:47:22 1,574,912 ------w C:\WINDOWS\system32\WMVENCOD.dll

    + 2006-10-19 03:47:22 1,382,912 ------w C:\WINDOWS\system32\WMVSDECD.dll

    + 2006-10-19 03:47:22 767,488 ------w C:\WINDOWS\system32\WMVSENCD.dll

    + 2006-10-19 03:47:22 656,896 ------w C:\WINDOWS\system32\WMVXENCD.dll

    - 2005-01-28 18:44:28 38,912 ----a-w C:\WINDOWS\system32\wpd_ci.dll

    + 2006-10-19 03:47:22 629,760 ----a-w C:\WINDOWS\system32\wpd_ci.dll

    - 2005-01-28 18:44:28 61,952 ----a-w C:\WINDOWS\system32\wpdconns.dll

    + 2006-10-19 03:47:22 35,840 ----a-w C:\WINDOWS\system32\wpdconns.dll

    - 2005-01-28 18:44:28 114,176 ----a-w C:\WINDOWS\system32\wpdmtp.dll

    + 2006-10-19 03:47:22 154,624 ----a-w C:\WINDOWS\system32\wpdmtp.dll

    - 2005-01-28 18:44:28 66,560 ----a-w C:\WINDOWS\system32\wpdmtpus.dll

    + 2006-10-19 03:47:22 63,488 ----a-w C:\WINDOWS\system32\wpdmtpus.dll

    + 2006-10-19 03:47:22 2,603,008 ------w C:\WINDOWS\system32\WpdShext.dll

    + 2006-10-19 02:00:14 17,408 ------w C:\WINDOWS\system32\wpdshextautoplay.exe

    + 2006-10-19 03:47:22 38,400 ------w C:\WINDOWS\system32\wpdshextres.dll

    + 2006-10-19 03:47:22 133,632 ------w C:\WINDOWS\system32\WPDShServiceObj.dll

    - 2005-01-28 18:44:28 331,264 ----a-w C:\WINDOWS\system32\wpdsp.dll

    + 2006-10-19 03:47:22 356,352 ----a-w C:\WINDOWS\system32\wpdsp.dll

    + 2006-09-29 02:13:26 95,344 ------w C:\WINDOWS\system32\WUDFCoinstaller.dll

    + 2006-09-29 00:56:38 146,432 ------w C:\WINDOWS\system32\WudfHost.exe

    + 2006-09-29 00:56:16 165,376 ------w C:\WINDOWS\system32\WudfPlatform.dll

    + 2006-09-29 00:56:14 55,808 ------w C:\WINDOWS\system32\WudfSvc.dll

    + 2006-09-29 00:56:38 316,416 ------w C:\WINDOWS\system32\WUDFx.dll

    - 2005-08-31 15:35:40 279,392 ----a-w C:\WINDOWS\system32\XceedFtp.dll

    + 2006-02-09 23:13:56 279,392 ----a-w C:\WINDOWS\system32\XceedFtp.dll

    + 2003-03-26 00:53:50 11,776 ----a-w C:\WINDOWS\system32\ZPORT4AS.dll

    .

    -- Snapshot reset to current date --

    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 17:23 102400]

    "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-27 14:22 4670968]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 20:05 344064]

    "CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-09-15 08:47 57344]

    "VoiceCenter"="C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" [2005-09-19 06:42 1159168]

    "MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 15:16 1121792]

    "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2003-03-09 14:30 188416]

    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 23:59 115816]

    "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30 517768]

    "lxctmon.exe"="C:\Program Files\Lexmark 5400 Series\lxctmon.exe" [2007-03-19 06:58 291760]

    "Lexmark 5400 Series Fax Server"="C:\Program Files\Lexmark 5400 Series\fm3032.exe" [2007-03-19 06:59 304048]

    "EzPrint"="C:\Program Files\Lexmark 5400 Series\ezprint.exe" [2007-03-19 06:58 82864]

    "LXCTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll" [2006-11-21 06:27 106496]

    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 09:44 81920]

    "ISUSPM Startup"="c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 09:44 249856]

    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]

    "Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [2006-02-09 17:34 106496]

    "WinVNC"="C:\Program Files\RealVNC\WinVNC\WinVNC.exe" [2003-03-05 13:49 335872]

    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-23 20:18 185896]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

    "MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-18 19:47 8720384]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

    hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 00:06:58 28672]

    VPN Client.lnk - C:\WINDOWS\Installer\{B8221906-224A-4494-BB97-55FC63740019}\Icon3E5562ED7.ico [2006-06-16 16:41:59 6144]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]

    C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll 2008-01-21 16:00 10792 C:\Program Files\Citrix\GoToAssist\480\g2awinlogon.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

    "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

    backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]

    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk

    backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Snapfish PictureMover.lnk]

    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Snapfish PictureMover.lnk

    backup=C:\WINDOWS\pss\Snapfish PictureMover.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

    --a------ 2006-06-12 20:50 169472 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]

    --a------ 2006-05-09 18:24 50760 C:\Program Files\Common Files\AOL\1150556000\ee\AOLSoftware.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]

    --a------ 2006-02-17 10:59 124520 C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

    --a------ 2008-01-15 03:22 267048 C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MBMon]

    --a------ 2005-05-19 07:54 1345520 C:\WINDOWS\system32\CTMBHA.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoUpdate]

    --a------ 2007-12-20 09:50 283207 C:\Program Files\Plaxo\3.7.1.2\PlaxoHelper_en.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]

    --a------ 2008-01-23 20:18 214560 C:\Program Files\Real\RealPlayer\RealPlay.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefaultMIDI]

    --a------ 2004-12-22 16:40 24576 C:\WINDOWS\MIDIDEF.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]

    --a------ 2005-03-22 23:20 339968 C:\WINDOWS\stsystra.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

    --a------ 2007-06-18 07:47 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]

    --------- 2000-05-11 00:00 90112 C:\WINDOWS\UpdReg.EXE

    R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 15:38]

    S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2003-12-19 20:15]

    S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys [2004-06-12 04:27]

    S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys [2004-01-10 03:28]

    S3 GoToAssist;GoToAssist;"C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe" Start=service []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83014ce5-c0a3-11dc-8362-00059a3c7800}]

    \Shell\AutoRun\command - J:\LaunchU3.exe -a

    *Newly Created Service* - COMHOST

    .

    Contents of the 'Scheduled Tasks' folder

    "2008-01-23 00:43:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe

    "2008-01-22 18:32:01 C:\WINDOWS\Tasks\EasyShare Registration Task.job"

    - C:\WINDOWS\system32\rundll32.exelC:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.4.20.2.sxt [email protected]

    "2008-01-26 07:37:50 C:\WINDOWS\Tasks\MP Scheduled Scan.job"

    - C:\Program Files\Windows Defender\MpCmdRun.exe

    .

    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2008-01-26 17:50:30

    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    LXCTCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,[email protected]???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

    scanning hidden files ...

    scan completed successfully

    hidden files: 0

    **************************************************************************

    .

    Completion time: 2008-01-26 17:51:12

    ComboFix-quarantined-files.txt 2008-01-26 23:51:09

    ComboFix2.txt 2008-01-21 03:47:29

    .

    2008-01-25 15:13:19 --- E O F ---

    hijack below:

    Logfile of HijackThis v1.99.1

    Scan saved at 5:52:14 PM, on 1/26/2008

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\Windows Defender\MsMpEng.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    C:\WINDOWS\system32\brss01a.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    C:\WINDOWS\system32\CTsvcCDA.exe

    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

    C:\WINDOWS\system32\lxctcoms.exe

    C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\Viewpoint\Common\ViewpointService.exe

    C:\Program Files\Common Files\Symantec Shared\ccApp.exe

    C:\Program Files\RealVNC\WinVNC\WinVNC.exe

    C:\Program Files\Lexmark 5400 Series\lxctmon.exe

    C:\Program Files\Lexmark 5400 Series\ezprint.exe

    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

    C:\Program Files\Windows Defender\MSASCui.exe

    C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe

    C:\WINDOWS\system32\fxssvc.exe

    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    C:\Program Files\Cisco Systems\VPN Client\vpngui.exe

    C:\Program Files\MSN Messenger\msnmsgr.exe

    C:\Program Files\MSN Messenger\usnsvc.exe

    C:\Program Files\Common Files\Real\Update_OB\realsched.exe

    C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

    C:\WINDOWS\explorer.exe

    C:\WINDOWS\system32\notepad.exe

    C:\Program Files\Mozilla Firefox\firefox.exe

    C:\Documents and Settings\Jennifer Mackin\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll

    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll

    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll

    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r

    O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray

    O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall

    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

    O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

    O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"

    O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s

    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe"

    O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,[email protected]

    O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

    O4 - HKLM\..\Run: [iSUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

    O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe

    O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -servicehelper

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

    O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R

    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

    O4 - Global Startup: hpoddt01.exe.lnk = ?

    O4 - Global Startup: VPN Client.lnk = ?

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/latest/PlaxoInstall.cab

    O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab

    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab

    O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab

    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab

    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1200877146656

    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

    O16 - DPF: {D1D98C0F-A339-42AB-BD5F-EA0FF5D0E65F} (RockYou Image Uploader Control) - http://rockyou.com/RockYouImageUploader.cab

    O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/install/gtdownde.cab

    O17 - HKLM\System\CCS\Services\Tcpip\..\{BCE4E240-4224-4A89-B0AF-EF39C41645AB}: Domain = voicetext.com

    O17 - HKLM\System\CCS\Services\Tcpip\..\{BCE4E240-4224-4A89-B0AF-EF39C41645AB}: NameServer = 192.168.100.2

    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = voicetext.com

    O17 - HKLM\System\CS1\Services\Tcpip\..\{BCE4E240-4224-4A89-B0AF-EF39C41645AB}: Domain = voicetext.com

    O17 - HKLM\System\CS1\Services\Tcpip\..\{BCE4E240-4224-4A89-B0AF-EF39C41645AB}: NameServer = 192.168.100.2

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = voicetext.com

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

    O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll

    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

    O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)

    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe

    O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

    O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

    O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe

    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

    O23 - Service: GoToAssist - Unknown owner - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe" Start=service (file missing)

    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

    O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)

    O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe

    O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -service (file missing)

  8. Thanks Ryan - here is the txt doc

    KASPERSKY ONLINE SCANNER REPORT

    Saturday, January 26, 2008 4:05:00 PM

    Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)

    Kaspersky Online Scanner version: 5.0.98.0

    Kaspersky Anti-Virus database last update: 26/01/2008

    Kaspersky Anti-Virus database records: 533449

    -------------------------------------------------------------------------------

    Scan Settings:

    Scan using the following antivirus database: extended

    Scan Archives: true

    Scan Mail Bases: true

    Scan Target - My Computer:

    C:\

    D:\

    E:\

    F:\

    G:\

    H:\

    I:\

    Scan Statistics:

    Total number of scanned objects: 86162

    Number of viruses found: 6

    Number of infected objects: 28

    Number of suspicious objects: 0

    Duration of the scan process: 01:20:32

    Infected Object Name / Virus Name / Last Action

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_50e417e0-e461-474b-96e2-077b80325612 Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-01202008-222101.log Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\InboxLOG.txt Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\OutboxLOG.txt Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2A231A7B.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.60 skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\index.qbs Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\59DBE3D2.TMP Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped

    C:\Documents and Settings\Jennifer Mackin\Application Data\Mozilla\Firefox\Profiles\7iom7s9m.default\cert8.db Object is locked skipped

    C:\Documents and Settings\Jennifer Mackin\Application Data\Mozilla\Firefox\Profiles\7iom7s9m.default\formhistory.dat Object is locked skipped

    C:\Documents and Settings\Jennifer Mackin\Application Data\Mozilla\Firefox\Profiles\7iom7s9m.default\history.dat Object is locked skipped

    C:\Documents and Settings\Jennifer Mackin\Application Data\Mozilla\Firefox\Profiles\7iom7s9m.default\key3.db Object is locked skipped

    C:\Documents and Settings\Jennifer Mackin\Application Data\Mozilla\Firefox\Profiles\7iom7s9m.default\parent.lock Object is locked skipped

    C:\Documents and Settings\Jennifer Mackin\Application Data\Mozilla\Firefox\Profiles\7iom7s9m.default\search.sqlite Object is locked skipped

    C:\Documents and Settings\Jennifer Mackin\Application Data\Mozilla\Firefox\Profiles\7iom7s9m.default\urlclassifier2.sqlite Object is locked skipped

    C:\Documents and Settings\Jennifer Mackin\Application Data\Sun\Java\Deployment\cache\6.0\58\44eef97a-79f0dd94/vlocal.class Infected: Trojan-Downloader.Java.Agent.f skipped

    C:\Documents and Settings\Jennifer Mackin\Application Data\Sun\Java\Deployment\cache\6.0\58\44eef97a-79f0dd94 ZIP: infected - 1 skipped

    C:\Documents and Settings\Jennifer Mackin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmsecman.jar-69ee0e0e-6707c731.zip/vlocal.class Infected: Trojan-Downloader.Java.Agent.f skipped

    C:\Documents and Settings\Jennifer Mackin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmsecman.jar-69ee0e0e-6707c731.zip ZIP: infected - 1 skipped

    C:\Documents and Settings\Jennifer Mackin\Cookies\index.dat Object is locked skipped

    C:\Documents and Settings\Jennifer Mackin\Desktop\IPOD Movies\BitLord_1.1.exe/file9 Infected: not-a-virus:AdTool.Win32.WhenU.a skipped

    C:\Documents and Settings\Jennifer Mackin\Desktop\IPOD Movies\BitLord_1.1.exe Inno: infected - 1 skipped

    C:\Documents and Settings\Jennifer Mackin\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped

    C:\Documents and Settings\Jennifer Mackin\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\pending.dat Object is locked skipped

    C:\Documents and Settings\Jennifer Mackin\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_1A64_FCBD_64FC_9D27\dfsr.db Object is locked skipped

    C:\Documents and Settings\Jennifer Mackin\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_1A64_FCBD_64FC_9D27\fsr.log Object is locked skipped

    C:\Documents and Settings\Jennifer Mackin\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_1A64_FCBD_64FC_9D27\fsrtmp.log Object is locked skipped

    C:\Documents and Settings\Jennifer Mackin\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_1A64_FCBD_64FC_9D27\tmp.edb Object is locked skipped

    C:\Documents and Settings\Jennifer Mackin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\Jennifer Mackin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\Jennifer Mackin\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{C0839FCD-891E-4022-B1B8-A1D61FB9A338} Object is locked skipped

    C:\Documents and Settings\Jennifer Mackin\Local Settings\Application Data\Microsoft\Windows Live Contacts\[email protected]\real\members.stg Object is locked skipped

    C:\Documents and Settings\Jennifer Mackin\Local Settings\Application Data\Microsoft\Windows Live Contacts\[email protected]\shadow\members.stg Object is locked skipped

    C:\Documents and Settings\Jennifer Mackin\Local Settings\Application Data\Mozilla\Firefox\Profiles\7iom7s9m.default\Cache\_CACHE_001_ Object is locked skipped

    C:\Documents and Settings\Jennifer Mackin\Local Settings\Application Data\Mozilla\Firefox\Profiles\7iom7s9m.default\Cache\_CACHE_002_ Object is locked skipped

    C:\Documents and Settings\Jennifer Mackin\Local Settings\Application Data\Mozilla\Firefox\Profiles\7iom7s9m.default\Cache\_CACHE_003_ Object is locked skipped

    C:\Documents and Settings\Jennifer Mackin\Local Settings\Application Data\Mozilla\Firefox\Profiles\7iom7s9m.default\Cache\_CACHE_MAP_ Object is locked skipped

    C:\Documents and Settings\Jennifer Mackin\Local Settings\History\History.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\Jennifer Mackin\Local Settings\History\History.IE5\MSHist012008012620080127\index.dat Object is locked skipped

    C:\Documents and Settings\Jennifer Mackin\Local Settings\Temp\~DF6346.tmp Object is locked skipped

    C:\Documents and Settings\Jennifer Mackin\Local Settings\Temp\~DF6565.tmp Object is locked skipped

    C:\Documents and Settings\Jennifer Mackin\Local Settings\Temp\~DF8115.tmp Object is locked skipped

    C:\Documents and Settings\Jennifer Mackin\Local Settings\Temp\~DF8130.tmp Object is locked skipped

    C:\Documents and Settings\Jennifer Mackin\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\Jennifer Mackin\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\Jennifer Mackin\ntuser.dat.LOG Object is locked skipped

    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

    C:\Program Files\Cisco Systems\VPN Client\Certificates\CAAAAAAA.CDX Object is locked skipped

    C:\Program Files\Cisco Systems\VPN Client\Certificates\CAAAAAAA.DBF Object is locked skipped

    C:\Program Files\Cisco Systems\VPN Client\Certificates\CAAAAAAA.FPT Object is locked skipped

    C:\Program Files\Cisco Systems\VPN Client\Certificates\CBAAAAAA.CDX Object is locked skipped

    C:\Program Files\Cisco Systems\VPN Client\Certificates\CBAAAAAA.DBF Object is locked skipped

    C:\Program Files\Cisco Systems\VPN Client\Certificates\CBAAAAAA.FPT Object is locked skipped

    C:\Program Files\Cisco Systems\VPN Client\Certificates\CCAAAAAA.CDX Object is locked skipped

    C:\Program Files\Cisco Systems\VPN Client\Certificates\CCAAAAAA.DBF Object is locked skipped

    C:\Program Files\Cisco Systems\VPN Client\Certificates\CCAAAAAA.FPT Object is locked skipped

    C:\Program Files\Cisco Systems\VPN Client\Certificates\CDAAAAAA.CDX Object is locked skipped

    C:\Program Files\Cisco Systems\VPN Client\Certificates\CDAAAAAA.DBF Object is locked skipped

    C:\Program Files\Cisco Systems\VPN Client\Certificates\CDAAAAAA.FPT Object is locked skipped

    C:\Program Files\Cisco Systems\VPN Client\Certificates\PAAAAAAA.CDX Object is locked skipped

    C:\Program Files\Cisco Systems\VPN Client\Certificates\PAAAAAAA.DBF Object is locked skipped

    C:\Program Files\Cisco Systems\VPN Client\Certificates\PAAAAAAA.FPT Object is locked skipped

    C:\Program Files\Cisco Systems\VPN Client\Certificates\PBAAAAAA.CDX Object is locked skipped

    C:\Program Files\Cisco Systems\VPN Client\Certificates\PBAAAAAA.DBF Object is locked skipped

    C:\Program Files\Cisco Systems\VPN Client\Certificates\PBAAAAAA.FPT Object is locked skipped

    C:\Program Files\Cisco Systems\VPN Client\Certificates\PCAAAAAA.CDX Object is locked skipped

    C:\Program Files\Cisco Systems\VPN Client\Certificates\PCAAAAAA.DBF Object is locked skipped

    C:\Program Files\Cisco Systems\VPN Client\Certificates\PCAAAAAA.FPT Object is locked skipped

    C:\Program Files\Cisco Systems\VPN Client\Certificates\PDAAAAAA.CDX Object is locked skipped

    C:\Program Files\Cisco Systems\VPN Client\Certificates\PDAAAAAA.DBF Object is locked skipped

    C:\Program Files\Cisco Systems\VPN Client\Certificates\PDAAAAAA.FPT Object is locked skipped

    C:\Program Files\Cisco Systems\VPN Client\Certificates\RAAAAAAA.CDX Object is locked skipped

    C:\Program Files\Cisco Systems\VPN Client\Certificates\RAAAAAAA.DBF Object is locked skipped

    C:\Program Files\Cisco Systems\VPN Client\Certificates\RAAAAAAA.FPT Object is locked skipped

    C:\Program Files\Cisco Systems\VPN Client\Certificates\RBAAAAAA.CDX Object is locked skipped

    C:\Program Files\Cisco Systems\VPN Client\Certificates\RBAAAAAA.DBF Object is locked skipped

    C:\Program Files\Cisco Systems\VPN Client\Certificates\RBAAAAAA.FPT Object is locked skipped

    C:\Program Files\Cisco Systems\VPN Client\Certificates\RCAAAAAA.CDX Object is locked skipped

    C:\Program Files\Cisco Systems\VPN Client\Certificates\RCAAAAAA.DBF Object is locked skipped

    C:\Program Files\Cisco Systems\VPN Client\Certificates\RCAAAAAA.FPT Object is locked skipped

    C:\Program Files\Cisco Systems\VPN Client\Certificates\RDAAAAAA.CDX Object is locked skipped

    C:\Program Files\Cisco Systems\VPN Client\Certificates\RDAAAAAA.DBF Object is locked skipped

    C:\Program Files\Cisco Systems\VPN Client\Certificates\RDAAAAAA.FPT Object is locked skipped

    C:\Program Files\Cisco Systems\VPN Client\Certificates\RSADB.CDX Object is locked skipped

    C:\Program Files\Cisco Systems\VPN Client\Certificates\RSADB.DBF Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\coShared\WA\1.5\NCOWAD.dat Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\coShared\WA\1.5\NCOWADMT.dat Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\coShared\WA\1.5\NCOWAS.dat Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\coShared\WA\1.5\NCOWAS.ldb Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped

    C:\Program Files\Norton 360\Log\AutoProtect.log Object is locked skipped

    C:\Program Files\Norton 360\Log\AVContext.log Object is locked skipped

    C:\Program Files\Norton 360\Log\AVManual.log Object is locked skipped

    C:\Program Files\Norton 360\Log\Backup.log Object is locked skipped

    C:\Program Files\Norton 360\Log\CUInternetPageViewHistory.log Object is locked skipped

    C:\Program Files\Norton 360\Log\CUInternetSearchHistory.log Object is locked skipped

    C:\Program Files\Norton 360\Log\CUInternetTempFiles.log Object is locked skipped

    C:\Program Files\Norton 360\Log\CUWindowsTempFiles.log Object is locked skipped

    C:\Program Files\Norton 360\Log\EmailScan.log Object is locked skipped

    C:\Program Files\Norton 360\Log\InternetSecurity.log Object is locked skipped

    C:\Program Files\Norton 360\Log\ISIntrusionPrevented.log Object is locked skipped

    C:\Program Files\Norton 360\Log\ISIOTraffic.log Object is locked skipped

    C:\Program Files\Norton 360\Log\ISNewNetwork.log Object is locked skipped

    C:\Program Files\Norton 360\Log\LiveUpdate.log Object is locked skipped

    C:\Program Files\Norton 360\Log\NCO.log Object is locked skipped

    C:\Program Files\Norton 360\Log\VABrowserSettings.log Object is locked skipped

    C:\Program Files\Norton 360\Log\VAIPAddresses.log Object is locked skipped

    C:\Program Files\Norton 360\Log\VAWeakPasswords.log Object is locked skipped

    C:\Program Files\Norton 360\Log\WDFScanner.log Object is locked skipped

    C:\Program Files\RealVNC\WinVNC\othread2.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped

    C:\Program Files\RealVNC\WinVNC\vnchooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped

    C:\Program Files\RealVNC\WinVNC\winvnc.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped

    C:\QooBox\Quarantine\C\a.exe.vir Infected: Trojan-Spy.Win32.Banker.fgw skipped

    C:\QooBox\Quarantine\C\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows32.exe.vir Infected: Trojan-Spy.Win32.Banker.fgw skipped

    C:\RECYCLER\S-1-5-21-3583174769-1769637256-4123306712-1005\Dc8.exe/data0002 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped

    C:\RECYCLER\S-1-5-21-3583174769-1769637256-4123306712-1005\Dc8.exe/data0003 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped

    C:\RECYCLER\S-1-5-21-3583174769-1769637256-4123306712-1005\Dc8.exe/data0004 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped

    C:\RECYCLER\S-1-5-21-3583174769-1769637256-4123306712-1005\Dc8.exe Inno: infected - 3 skipped

    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP601\A0039419.exe Infected: Trojan-Spy.Win32.Banker.fgw skipped

    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP602\A0039436.exe/stream/data0001/stream/data0014 Infected: not-a-virus:Client-IRC.Win32.mIRC.63 skipped

    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP602\A0039436.exe/stream/data0001/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.63 skipped

    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP602\A0039436.exe/stream/data0001 Infected: not-a-virus:Client-IRC.Win32.mIRC.63 skipped

    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP602\A0039436.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.63 skipped

    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP602\A0039436.exe NSIS: infected - 4 skipped

    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP615\A0040360.exe Infected: Trojan-Spy.Win32.Banker.fgw skipped

    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP615\A0040361.exe Infected: Trojan-Spy.Win32.Banker.fgw skipped

    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP618\A0040420.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped

    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP618\A0040421.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped

    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP618\A0041339.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped

    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP621\A0041534.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.60 skipped

    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP629\change.log Object is locked skipped

    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

    C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped

    C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt Object is locked skipped

    C:\WINDOWS\SchedLgU.Txt Object is locked skipped

    C:\WINDOWS\SoftwareDistribution\EventCache\{7CA81C9B-7607-4A2C-BB57-E746C405E856}.bin Object is locked skipped

    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

    C:\WINDOWS\Sti_Trace.log Object is locked skipped

    C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

    C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

    C:\WINDOWS\system32\config\DEFAULT Object is locked skipped

    C:\WINDOWS\system32\config\default.LOG Object is locked skipped

    C:\WINDOWS\system32\config\SAM Object is locked skipped

    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

    C:\WINDOWS\system32\config\SECURITY Object is locked skipped

    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

    C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped

    C:\WINDOWS\system32\config\software.LOG Object is locked skipped

    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

    C:\WINDOWS\system32\config\SYSTEM Object is locked skipped

    C:\WINDOWS\system32\config\system.LOG Object is locked skipped

    C:\WINDOWS\system32\h323log.txt Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

    C:\WINDOWS\Temp\JET8B45.tmp Object is locked skipped

    C:\WINDOWS\Temp\JET8C9D.tmp Object is locked skipped

    C:\WINDOWS\wiadebug.log Object is locked skipped

    C:\WINDOWS\wiaservc.log Object is locked skipped

    C:\WINDOWS\WindowsUpdate.log Object is locked skipped

    Scan process completed.

  9. I have created a Hijacklog because my computer has moved slow and been acting funny - I did the F-Secure scan as well as windows defener and PANDA and I also have Norton 360. I am currently looking for a good spyware program to run but I was hoping someone would review this and make sure everything seems kosher.

    thanks!

    Logfile of HijackThis v1.99.1

    Scan saved at 4:55:46 PM, on 1/21/2008

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\Windows Defender\MsMpEng.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\brsvc01a.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\system32\brss01a.exe

    C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe

    C:\Program Files\Common Files\Symantec Shared\ccApp.exe

    C:\Program Files\Lexmark 5400 Series\lxctmon.exe

    C:\Program Files\Lexmark 5400 Series\ezprint.exe

    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

    C:\Program Files\Windows Defender\MSASCui.exe

    C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe

    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

    C:\WINDOWS\system32\CTsvcCDA.exe

    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

    C:\WINDOWS\system32\lxctcoms.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\Viewpoint\Common\ViewpointService.exe

    C:\Program Files\RealVNC\WinVNC\WinVNC.exe

    C:\WINDOWS\system32\fxssvc.exe

    C:\Program Files\Cisco Systems\VPN Client\vpngui.exe

    C:\WINDOWS\system32\mstsc.exe

    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

    C:\Program Files\MSN Messenger\msnmsgr.exe

    C:\Program Files\MSN Messenger\usnsvc.exe

    C:\Program Files\Internet Explorer\IEXPLORE.EXE

    C:\Documents and Settings\Jennifer Mackin\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll

    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll

    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r

    O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray

    O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall

    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

    O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

    O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"

    O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s

    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe"

    O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,[email protected]

    O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

    O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

    O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe

    O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -servicehelper

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

    O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R

    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

    O4 - Global Startup: hpoddt01.exe.lnk = ?

    O4 - Global Startup: VPN Client.lnk = ?

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/latest/PlaxoInstall.cab

    O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab

    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab

    O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab

    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab

    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1200877146656

    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

    O16 - DPF: {D1D98C0F-A339-42AB-BD5F-EA0FF5D0E65F} (RockYou Image Uploader Control) - http://rockyou.com/RockYouImageUploader.cab

    O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/install/gtdownde.cab

    O17 - HKLM\System\CCS\Services\Tcpip\..\{BCE4E240-4224-4A89-B0AF-EF39C41645AB}: Domain = voicetext.com

    O17 - HKLM\System\CCS\Services\Tcpip\..\{BCE4E240-4224-4A89-B0AF-EF39C41645AB}: NameServer = 192.168.100.2

    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = voicetext.com

    O17 - HKLM\System\CS1\Services\Tcpip\..\{BCE4E240-4224-4A89-B0AF-EF39C41645AB}: Domain = voicetext.com

    O17 - HKLM\System\CS1\Services\Tcpip\..\{BCE4E240-4224-4A89-B0AF-EF39C41645AB}: NameServer = 192.168.100.2

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = voicetext.com

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

    O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll

    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

    O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)

    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe

    O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

    O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

    O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe

    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

    O23 - Service: GoToAssist - Unknown owner - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe" Start=service (file missing)

    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

    O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)

    O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe

    O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -service (file missing)

    **addition**Panda scan log what is really needed to get this gone

    Incident Status Location

    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Jennifer Mackin\Application Data\Mozilla\Firefox\Profiles\7iom7s9m.default\cookies.txt[.doubleclick.net/]

    Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Jennifer Mackin\Application Data\Mozilla\Firefox\Profiles\7iom7s9m.default\cookies.txt[.trafficmp.com/]

    Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Jennifer Mackin\Cookies\jennifer [email protected][2].txt

    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Jennifer Mackin\Cookies\jennifer [email protected][2].txt

    Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Jennifer Mackin\Cookies\jennifer [email protected][2].txt

    Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Jennifer Mackin\Cookies\jennifer [email protected][1].txt

    Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Jennifer Mackin\Cookies\jennifer [email protected][1].txt

    Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Jennifer Mackin\Cookies\jennifer [email protected][1].txt

    Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Jennifer Mackin\Cookies\jennifer [email protected][1].txt

    Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Jennifer Mackin\Cookies\jennifer [email protected][1].txt

    Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Jennifer Mackin\Cookies\jennifer [email protected][1].txt

    Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Jennifer Mackin\Cookies\jennifer [email protected][1].txt

    Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Jennifer Mackin\Cookies\jennifer [email protected][1].txt

    Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Jennifer Mackin\Cookies\jennifer [email protected][1].txt

    Adware:Adware/SaveNow Not disinfected C:\Documents and Settings\Jennifer Mackin\Desktop\IPOD Movies\BitLord_1.1.exe

    Virus:Trj/Spamtaload.AW Disinfected Personal Folders\Deleted Items\[Norton AntiSpam] Mail Transaction Failed\text.zip[text.log.exe]

    Virus:Bck/mIRCBased.AW Disinfected C:\Program Files\mIRC\mirc.exe

    Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\RECYCLER\S-1-5-21-3583174769-1769637256-4123306712-1005\Dc9.exe[nircmd.com]

    Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\RECYCLER\S-1-5-21-3583174769-1769637256-4123306712-1005\Dc9.exe[nircmd.cfexe]

    Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\NirCmd.exe