ComboFix Log:ComboFix 08-04-18.3 - (name removed)2008-04-20 1:11:34.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.434 [GMT -5:00]
Running from: C:\Documents and Settings\(name removed)\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\(name removed)\Desktop\CFScript.txt
* Created a new restore point
FILE ::
C:\WINDOWS\IMG-0126.zip
C:\WINDOWS\IMG-3165.zip
C:\WINDOWS\IMG-4048.zip
C:\WINDOWS\IMG-8939.zip
C:\WINDOWS\system32\drivers\lvuvc.hs
C:\WINDOWS\SYSTEM32\ipbuoi.exe
C:\WINDOWS\SYSTEM32\jpbdxihf.ini
C:\WINDOWS\SYSTEM32\qhralyng.ini
C:\WINDOWS\SYSTEM32\qplxlyjf.ini
C:\WINDOWS\SYSTEM32\uqkesutk.ini
C:\WINDOWS\SYSTEM32\xegsbgxl.ini
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\Fonts\acrsecI.fon
C:\WINDOWS\IMG-0126.zip
C:\WINDOWS\IMG-3165.zip
C:\WINDOWS\IMG-4048.zip
C:\WINDOWS\IMG-8939.zip
C:\WINDOWS\system32\drivers\lvuvc.hs
C:\WINDOWS\SYSTEM32\ipbuoi.exe
C:\WINDOWS\SYSTEM32\jpbdxihf.ini
C:\WINDOWS\SYSTEM32\qhralyng.ini
C:\WINDOWS\SYSTEM32\qplxlyjf.ini
C:\WINDOWS\SYSTEM32\uqkesutk.ini
C:\WINDOWS\SYSTEM32\xegsbgxl.ini
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_O1394BUL
-------\Service_o1394bul
((((((((((((((((((((((((( Files Created from 2008-03-20 to 2008-04-20 )))))))))))))))))))))))))))))))
.
2008-04-12 16:56 . 2008-04-20 01:24 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-12 16:56 . 2008-04-20 01:18 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-12 16:38 . 2008-04-17 18:32 96,645 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\klin.dat
2008-04-12 16:38 . 2008-04-17 18:32 87,941 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\klick.dat
2008-04-12 16:37 . 2008-04-12 16:37 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-04-12 16:37 . 2008-04-20 01:25 7,965,472 --ahs---- C:\WINDOWS\SYSTEM32\DRIVERS\fidbox.dat
2008-04-12 16:37 . 2008-04-20 01:19 107,732 --ahs---- C:\WINDOWS\SYSTEM32\DRIVERS\fidbox.idx
2008-04-12 16:37 . 2008-04-20 01:24 47,136 --ahs---- C:\WINDOWS\SYSTEM32\DRIVERS\fidbox2.dat
2008-04-12 16:37 . 2008-04-20 01:19 5,420 --ahs---- C:\WINDOWS\SYSTEM32\DRIVERS\fidbox2.idx
2008-04-10 18:48 . 2008-04-10 18:48 57,344 ---h----- C:\Documents and Settings\(name removed)\bvb.exe
2008-03-21 22:14 . 2008-03-21 22:13 691,545 --a------ C:\WINDOWS\unins000.exe
2008-03-21 22:14 . 2008-03-21 22:14 2,551 --a------ C:\WINDOWS\unins000.dat
2008-03-20 18:18 . 2008-03-20 18:18 <DIR> d-------- C:\kav
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-20 06:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-18 12:34 --------- d-----w C:\Program Files\Common Files\Visioneer Shared
2008-04-12 22:32 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-12 22:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-29 00:45 --------- d-----w C:\Program Files\TrojanHunter 4.0
2008-03-17 03:02 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-17 03:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-15 04:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-15 04:49 --------- d-----w C:\Program Files\Windows Live
2008-03-06 05:28 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-03-06 05:27 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-03-06 05:26 --------- d-----w C:\Program Files\Windows Live Favorites
2008-03-06 05:24 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-06 05:19 --------- d-----w C:\Program Files\MSN Messenger
2007-09-23 07:20 784 ----a-w C:\Documents and Settings\(name removed)\Application Data\mpauth.dat
2007-08-20 05:32 66,576 ----a-w C:\Documents and Settings\(name removed)\Application Data\GDIPFONTCACHEV1.DAT
2003-12-12 12:02 200 ----a-w C:\Documents and Settings\(name removed)\SurfScanInst.exe
2004-10-23 01:57 56 --sh--r C:\WINDOWS\SYSTEM32\4CA635CD65.sys
2004-10-23 01:57 1,682 --sha-w C:\WINDOWS\SYSTEM32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( snapshot@2008-04-19_ 9.37.44.59 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-19 14:17:59 2,048 --s-a-w C:\WINDOWS\BOOTSTAT.DAT
+ 2008-04-20 06:20:39 2,048 --s-a-w C:\WINDOWS\BOOTSTAT.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-01-19 13:49 4670968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell|Alert"="C:\Program Files\Dell\Support\Alert\bin\DAMon.exe" [2002-07-11 15:15 270336]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30 517768]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 00:59 115816]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-05-19 05:44 77824]
"MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2006-01-19 11:06 110592]
"HostManager"="C:\Program Files\Common Files\AOL\1200455721\ee\AOLSoftware.exe" [2006-09-25 19:52 50736]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-06-28 12:51 218376]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Companion.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL Companion.lnk
backup=C:\WINDOWS\pss\AOL Companion.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkvMon.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkvMon.exe.lnk
backup=C:\WINDOWS\pss\NkvMon.exe.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^(name removed)^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=C:\Documents and Settings\(name removed)\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=C:\WINDOWS\pss\HotSync Manager.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
--a------ 2002-04-10 16:44 679936 C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2007-01-10 00:59 115816 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 02:56 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2007-03-15 11:09 460784 C:\Program Files\DellSupport\DSAgnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellTouch]
--a------ 2001-09-05 13:28 163840 C:\WINDOWS\MMKeybd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2007-08-16 08:02 1838592 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2005-01-12 15:54 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-17 00:11 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
--------- 2003-03-04 04:50 19968 C:\WINDOWS\LOGI_MWX.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
--a------ 2007-07-25 16:02 563984 C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2007-07-25 16:06 2027792 C:\Program Files\Logitech\QuickCam\Quickcam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
--a------ 2006-01-19 11:06 11776 C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
--a------ 2006-01-19 11:06 110592 C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyStartUp10.0]
--a------ 2001-07-25 10:00 241714 C:\Program Files\Microsoft Money\System\Activation.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2003-10-06 14:16 5058560 C:\WINDOWS\system32\NvCpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2003-10-06 14:16 49152 C:\WINDOWS\System32\NvMcTray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2003-10-06 14:16 741376 C:\WINDOWS\SYSTEM32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
c:\paprport\pptd40nt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2004-05-19 05:44 77824 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REWARDS NETWORK]
--a------ 2001-11-16 17:38 118784 C:\Program Files\Rewards Network\brntray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2006-07-21 13:06 20036648 C:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 04:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-06-26 22:22 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2004-08-29 21:03 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TraySantaCruz]
--a------ 2002-04-03 15:47 290816 C:\WINDOWS\SYSTEM32\tbctray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-01-19 13:49 4670968 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WANMiniportService"=2 (0x2)
"usnjsvc"=3 (0x3)
"Symantec Core LC"=3 (0x3)
"Pml Driver HPZ12"=3 (0x3)
"NVSvc"=2 (0x2)
"NOTEPAD"=2 (0x2)
"MDM"=2 (0x2)
"LVSrvLauncher"=2 (0x2)
"LVPrcSrv"=2 (0x2)
"LVCOMSer"=2 (0x2)
"LiveUpdate Notice Service"=2 (0x2)
"LiveUpdate Notice Ex"=2 (0x2)
"LiveUpdate"=3 (0x3)
"gusvc"=3 (0x3)
"GoogleDesktopManager"=3 (0x3)
"DSBrokerService"=3 (0x3)
"comHost"=3 (0x3)
"CLTNetCnService"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"CCALib8"=2 (0x2)
"AOL ACS"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Support.com\\bin\\tgcmd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\kav\\kav7\\setup.exe"=
"C:\\Documents and Settings\\(name removed)\\bvb.exe"=
R2 Av363cnb;Av363cnb;C:\WINDOWS\system32\drivers\Av363cnb.sys [1997-09-25 12:45]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
R3 tbcspud;Santa Cruz Driver;C:\WINDOWS\system32\drivers\tbcspud.sys [2002-04-03 15:51]
R3 tbcwdm;Santa Cruz WDM Driver;C:\WINDOWS\system32\drivers\tbcwdm.sys [2002-04-03 15:51]
S3 vtdg46xx;vtdg46xx;C:\PROGRA~1\TURTLE~1\SANTAC~1\CONTRO~1\vtdg46xx.sys [2002-03-21 19:44]
S4 hpt3xx;hpt3xx;C:\WINDOWS\system32\DRIVERS\hpt3xx.sys [2001-08-17 13:52]
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-04-20 06:36:05 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-04-20 01:24:27
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\wanmpsvc.exe
.
**************************************************************************
.
Completion time: 2008-04-20 1:45:05 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-20 06:44:01
ComboFix2.txt 2008-04-19 14:39:31
Pre-Run: 8,658,735,104 bytes free
Post-Run: 8,748,224,512 bytes free
261 --- E O F --- 2008-04-15 23:03:08
Kaspersky Log:-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, April 20, 2008 3:05:51 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 20/04/2008
Kaspersky Anti-Virus database records: 717145
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
Scan Statistics:
Total number of scanned objects: 222724
Number of viruses found: 21
Number of infected objects: 91
Number of suspicious objects: 37
Duration of the scan process: 02:43:10
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\detected.idx Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\detected.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\eventlog.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\report.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Altnet2.zip/asmend.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Altnet2.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMySearch.zip/bar/1.bin/NPMYSRCH.DLL Infected: not-a-virus:AdWare.Win32.MyWay.f skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMySearch.zip/bar/1.bin/S42NS.EXE Infected: not-a-virus:AdWare.Win32.MyWay.f skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMySearch.zip/bar/1.bin/S4BAR.DLL Infected: not-a-virus:AdWare.Win32.MyWay.f skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMySearch.zip ZIP: infected - 3 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\nCase1.zip/msbb.exe Infected: not-a-virus:AdWare.Win32.180Solutions skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\nCase1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\nCase5.zip/DKQ.exe Infected: not-a-virus:AdWare.Win32.180Solutions skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\nCase5.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\nCase6.zip/ncmyb.dll Infected: not-a-virus:AdWare.Win32.180Solutions skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\nCase6.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkEssentials14.zip/v11/NE.dll Infected: not-a-virus:AdWare.Win32.SmartPops.a skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkEssentials14.zip/v11/NE.exe Infected: not-a-virus:AdWare.Win32.SmartPops.b skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkEssentials14.zip ZIP: infected - 2 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SaveNow.zip/SaveUninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.af skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SaveNow.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SaveNow4.zip/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ae skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SaveNow4.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SaveNow5.zip/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ae skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SaveNow5.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SwimSuitNetwork1.zip/SwimSuitNetwork.exe Infected: not-a-virus:AdWare.Win32.DownloadWare.a skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SwimSuitNetwork1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll.zip/jidgrlaa.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lxl skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll1.zip/pstoghns.dll Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll11.zip/byXOhIbX.dll_old Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll11.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll12.zip/hagkjrdy.dll Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll12.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll13.zip/hagkjrdy.dll_old Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll13.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll14.zip/hsiesgyu.dll Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll14.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll15.zip/rqRIxxyv.dll Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll15.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll16.zip/spbspkhf.dll Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll16.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll17.zip/yfebewnm.dll_old Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll17.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll2.zip/rrowmrha.dll Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll2.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll20.zip/awesfavp.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mvn skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll20.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll21.zip/fhixdbpj.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mwq skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll21.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll22.zip/hsiesgyu.dll_old Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll22.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll23.zip/kfolvxji.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.msm skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll23.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll24.zip/rqRIxxyv.dll_old Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll24.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll25.zip/urqnKbyY.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mxi skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll25.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll28.zip/rqRIxxyv.dll_old Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll28.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll29.zip/urqnKbyY.dll_old Infected: not-a-virus:AdWare.Win32.Virtumonde.mxi skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll29.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll3.zip/vtUlJcYP.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lwx skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll3.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll4.zip/acjudlkm.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lxl skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll4.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll5.zip/byXOhIbX.dll Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll5.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll6.zip/jokukacd.dll Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll6.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll7.zip/vtUlJcYP.dll_old Infected: not-a-virus:AdWare.Win32.Virtumonde.lwx skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll7.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll8.zip/yfebewnm.dll Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll8.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WhenUClockSync3.zip/Uninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WhenUClockSync3.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WhenUClockSync4.zip/Sync.exe Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WhenUClockSync4.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WhenUClockSync7.zip/Sync.exe Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WhenUClockSync7.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WhenUSaveNow2.zip/SNDbMark.dll Infected: not-a-virus:AdWare.Win32.SaveNow.n skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WhenUSaveNow2.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Xupiter14.zip/XTSearch.dll Infected: not-a-virus:AdWare.Win32.Xupiter.d skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Xupiter14.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Xupiter15.zip/XTUpdate.dll Infected: not-a-virus:AdWare.Win32.Xupiter.d skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Xupiter15.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Xupiter16.zip/XupiterToolbar.dll Infected: not-a-virus:AdWare.Win32.Xupiter.d skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Xupiter16.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Xupiter18.zip/Popunder.exe Infected: not-a-virus:AdWare.Win32.Xupiter.f skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Xupiter18.zip/XTCfgLoader.exe Infected: not-a-virus:AdWare.Win32.Xupiter.f skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Xupiter18.zip/XTUpdate.dll Infected: not-a-virus:AdWare.Win32.Xupiter.d skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Xupiter18.zip/XupiterStartup2003.exe Infected: not-a-virus:AdWare.Win32.Xupiter.d skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Xupiter18.zip ZIP: infected - 4 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Xupiter23.zip/XTUpdate.dll Infected: not-a-virus:AdWare.Win32.Xupiter.d skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Xupiter23.zip ZIP: infected - 1 skipped
C:\Documents and Settings\(name removed)\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\(name removed)\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\(name removed)\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\(name removed)\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\(name removed)\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\(name removed)\Local Settings\Application Data\Microsoft\Windows Live Mail\pop-server. a5a\Inbox\363523A6-00001746.eml/[From "(name removed)" <ckirchner@houston.rr.com>][Date thu, 28 jul 2005 19:46:55 -0500]/text/[From ebay inc=20]/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\(name removed)\Local Settings\Application Data\Microsoft\Windows Live Mail\pop-server. a5a\Inbox\363523A6-00001746.eml/[From "(name removed)" <ckirchner@houston.rr.com>][Date thu, 28 jul 2005 19:46:55 -0500]/text Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\(name removed)\Local Settings\Application Data\Microsoft\Windows Live Mail\pop-server. a5a\Inbox\363523A6-00001746.eml Mail: suspicious - 2 skipped
C:\Documents and Settings\(name removed)\Local Settings\Application Data\Microsoft\Windows Live Mail\pop-server. a5a\Inbox\75B83E98-00001794.eml/[From "service@paypal.com" <service@paypal.com>][Date Tue, 09 Aug 2005 05:01:52 -0700]/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\(name removed)\Local Settings\Application Data\Microsoft\Windows Live Mail\pop-server. a5a\Inbox\75B83E98-00001794.eml Mail: suspicious - 1 skipped
C:\Documents and Settings\(name removed)\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Sent Items\084B45F7-000004CC.eml/[From "(name removed)" <ckirchner@houston.rr.com>][Date Mon, 22 Aug 2005 07:25:20 -0500]/UNNAMED/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\(name removed)\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Sent Items\084B45F7-000004CC.eml/[From "(name removed)" <ckirchner@houston.rr.com>][Date Mon, 22 Aug 2005 07:25:20 -0500]/UNNAMED Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\(name removed)\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Sent Items\084B45F7-000004CC.eml Mail: suspicious - 2 skipped
C:\Documents and Settings\(name removed)\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Sent Items\371242EE-000004AB.eml/[From "(name removed)" <ckirchner@houston.rr.com>][Date Mon, 8 Aug 2005 19:52:40 -0500]/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\(name removed)\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Sent Items\371242EE-000004AB.eml Mail: suspicious - 1 skipped
C:\Documents and Settings\(name removed)\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Sent Items\3A18317D-000004AD.eml/[From "(name removed)" <ckirchner@houston.rr.com>][Date Wed, 10 Aug 2005 07:16:41 -0500]/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\(name removed)\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Sent Items\3A18317D-000004AD.eml Mail: suspicious - 1 skipped
C:\Documents and Settings\(name removed)\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Sent Items\3BC908C0-000005F4.eml/[From "(name removed)" <ckirchner@houston.rr.com>][Date Tue, 25 Jul 2006 23:32:20 -0500]/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\(name removed)\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Sent Items\3BC908C0-000005F4.eml Mail: suspicious - 1 skipped
C:\Documents and Settings\(name removed)\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Sent Items\422410C0-000004A7.eml/[From "(name removed)" <ckirchner@houston.rr.com>][Date Thu, 4 Aug 2005 08:08:17 -0500]/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\(name removed)\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Sent Items\422410C0-000004A7.eml Mail: suspicious - 1 skipped
C:\Documents and Settings\(name removed)\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Sent Items\58DA03A4-000004E2.eml/[From "(name removed)" <ckirchner@houston.rr.com>][Date Fri, 16 Sep 2005 19:36:38 -0500]/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\(name removed)\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Sent Items\58DA03A4-000004E2.eml Mail: suspicious - 1 skipped
C:\Documents and Settings\(name removed)\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Sent Items\58E66517-00000497.eml/[From "(name removed)" <ckirchner@houston.rr.com>][Date Sat, 23 Jul 2005 07:44:54 -0500]/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\(name removed)\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Sent Items\58E66517-00000497.eml Mail: suspicious - 1 skipped
C:\Documents and Settings\(name removed)\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Sent Items\604466E4-00000547.eml/[From "(name removed)" <ckirchner@houston.rr.com>][Date Wed, 1 Feb 2006 08:00:06 -0600]/UNNAMED/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\(name removed)\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Sent Items\604466E4-00000547.eml/[From "(name removed)" <ckirchner@houston.rr.com>][Date Wed, 1 Feb 2006 08:00:06 -0600]/UNNAMED Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\(name removed)\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Sent Items\604466E4-00000547.eml Mail: suspicious - 2 skipped
C:\Documents and Settings\(name removed)\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Sent Items\615A44A8-0000049E.eml/[From "(name removed)" <ckirchner@houston.rr.com>][Date Thu, 28 Jul 2005 19:46:55 -0500]/UNNAMED/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\(name removed)\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Sent Items\615A44A8-0000049E.eml/[From "(name removed)" <ckirchner@houston.rr.com>][Date Thu, 28 Jul 2005 19:46:55 -0500]/UNNAMED Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\(name removed)\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Sent Items\615A44A8-0000049E.eml Mail: suspicious - 2 skipped
C:\Documents and Settings\(name removed)\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Sent Items\6D032EDA-0000046E.eml/[From "(name removed)" <ckirchner@houston.rr.com>][Date Thu, 16 Jun 2005 06:32:42 -0500]/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\(name removed)\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Sent Items\6D032EDA-0000046E.eml Mail: suspicious - 1 skipped
C:\Documents and Settings\(name removed)\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Sent Items\74560F20-000004FE.eml/[From "(name removed)" <ckirchner@houston.rr.com>][Date Fri, 7 Oct 2005 21:42:33 -0500]/UNNAMED/UNNAMED/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\(name removed)\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Sent Items\74560F20-000004FE.eml/[From "(name removed)" <ckirchner@houston.rr.com>][Date Fri, 7 Oct 2005 21:42:33 -0500]/UNNAMED/UNNAMED Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\(name removed)\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Sent Items\74560F20-000004FE.eml/[From "(name removed)" <ckirchner@houston.rr.com>][Date Fri, 7 Oct 2005 21:42:33 -0500]/UNNAMED Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\(name removed)\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Sent Items\74560F20-000004FE.eml Mail: suspicious - 3 skipped
C:\Documents and Settings\(name removed)\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Sent Items\7D5B6DF5-000004D2.eml/[From "(name removed)" <ckirchner@houston.rr.com>][Date Sat, 3 Sep 2005 08:20:58 -0500]/UNNAMED/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\(name removed)\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Sent Items\7D5B6DF5-000004D2.eml/[From "(name removed)" <ckirchner@houston.rr.com>][Date Sat, 3 Sep 2005 08:20:58 -0500]/UNNAMED Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\(name removed)\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Sent Items\7D5B6DF5-000004D2.eml Mail: suspicious - 2 skipped
C:\Documents and Settings\(name removed)\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\(name removed)\Local Settings\Temp\~DFF0BB.tmp Object is locked skipped
C:\Documents and Settings\(name removed)\Local Settings\Temp\~DFF0CE.tmp Object is locked skipped
C:\Documents and Settings\(name removed)\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\(name removed)\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\(name removed)\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\(name removed)\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP1967\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Downloaded Program Files\gsda.dll Infected: not-a-virus:Downloader.Win32.SpyGame skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\DRIVERS\fidbox.dat Object is locked skipped
C:\WINDOWS\SYSTEM32\DRIVERS\fidbox.idx Object is locked skipped
C:\WINDOWS\SYSTEM32\DRIVERS\fidbox2.dat Object is locked skipped
C:\WINDOWS\SYSTEM32\DRIVERS\fidbox2.idx Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
Hijack This Log:Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:06:32 PM, on 4/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\AOL\1200455721\ee\AOLSoftware.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://us.rd.yahoo.com/customize/ie/def ... .yahoo.comR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1200455721\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-21-1244572991-645757453-568730901-1003\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-1244572991-645757453-568730901-1003\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User '?')
O4 - Startup: Konfabulator.lnk = C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: CabBuilder -
http://ak.imgag.com/imgag/kiw/toolbar/d ... ontrol.cabO16 - DPF: DigiChat Applet -
http://host4.digichat.com/DigiChat/Digi ... ent_IE.cabO16 - DPF: Yahoo! NFL GameChannel StatTracker -
http://aud16.sports.sc5.yahoo.com/java/ ... 1010_x.cabO16 - DPF: Yahoo! NFL StatTracker -
http://aud10.sports.yahoo.com/java/y/nflst8252_x.cabO16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
http://messenger.zone.msn.com/binary/ms ... b31267.cabO16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) -
http://www.help.rr.com/Foundrysdccommon ... gctlar.cabO16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) -
http://supportcenter.rr.com/sdccommon/d ... gctlcm.cabO16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky.com/kos/eng/partne ... nicode.cabO16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) -
http://messenger.zone.msn.com/binary/ms ... b56986.cabO16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) -
http://wdownload.weatherbug.com/minibug ... porter.cab?
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
http://security.symantec.com/sscv6/Shar ... vSniff.cabO16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\WidgetEngine\Common\yinsthelper.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
http://a1540.g.akamai.net/7/1540/52/200 ... taller.exeO16 - DPF: {4EBD0320-3FA7-4234-9461-638469C74E25} -
http://www.pinksandsmediagroup.com/exte ... /cab_4.cabO16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
http://207.188.7.150/1935600711f1eec488 ... RdxIE2.cabO16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -
http://cdn.scan.safety.live.com/resourc ... se8460.cabO16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} -
http://download.sidestep.com/get/k00001/sb028.cabO16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.symantec.com/sscv6/Shar ... /cabsa.cabO16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) -
https://webdl.symantec.com/activex/symdlmgr.cabO16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) -
http://216.249.24.140/code/PWActiveXImgCtl.CABO16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) -
https://www.gamespyid.com/alaunch.cabO16 - DPF: {768D513A-C75B-4FAA-8452-E906CDAB6545} (FVLiteLoad Class) -
http://digitalflip.biz/fvlite/fvliteY.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/Me ... b31267.cabO16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) -
http://www.skibanff.com/skicam/AxisCamControl.ocxO16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) -
http://web1.shutterfly.com/downloads/Uploader.cabO16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) -
http://us.dl1.yimg.com/download.yahoo.c ... i_0727.dllO16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) -
http://fdl.msn.com/zone/datafiles/heartbeat.cabO16 - DPF: {B1773A76-5F0E-46C6-B611-FB4E8704D9E9} (PlayBackX Control) -
http://nh1.meadepicerne.com/cab/PlayBackX.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/MsnMe ... loader.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) -
http://messenger.zone.msn.com/binary/ZI ... b56649.cabO16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) -
http://messenger.zone.msn.com/binary/Ba ... b57213.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/Me ... b56907.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/s ... wflash.cabO16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) -
http://messenger.zone.msn.com/binary/WoF.cab57176.cabO16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) -
http://messenger.zone.msn.com/binary/Mi ... b56986.cabO16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) -
http://messenger.zone.msn.com/binary/So ... b31267.cabO20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: (no name) -
http://texags.com/images/forum/icon16.gif--
End of file - 11946 bytes
Everything is running *MUCH* smoother---thanks very much for your help!!!!!