Hijack This Log/Need help in solving possible hijack

First of 2 replies because of size limitation on message

 

 

+++++++++++++++++++++++++++++++++
+
+ File Lister
+
+ Version 1.0.1
+
+  By bamajim
+
+++++++++++++++++++++++++++++++++

=== Values under HKLM\~\Run ======

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="\"C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe\""
"SynTPEnh"="\"C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe\""
"TPKMAPHELPER"="\"C:\\Program Files\\ThinkPad\\Utilities\\TpKmapAp.exe\" -helper"
"TpShocks"="TpShocks.exe"
"TPHOTKEY"="C:\\PROGRA~1\\ThinkPad\\PkgMgr\\HOTKEY\\TPHKMGR.exe"
"ControlCenter"="\"C:\\Program Files\\IBM fingerprint software\\ctlcntr.exe\" /startup"
"TP4EX"="tp4ex.exe"
"EZEJMNAP"="C:\\PROGRA~1\\ThinkPad\\UTILIT~1\\EzEjMnAp.Exe"
"SoundMAXPnP"="\"C:\\Program Files\\Analog Devices\\SoundMAX\\SMax4PNP.exe\""
"SoundMAX"="\"C:\\Program Files\\Analog Devices\\SoundMAX\\Smax4.exe\" /tray"
"ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"UpdateManager"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
@=""
"ibmmessages"="\"C:\\Program Files\\IBM\\Messages By IBM\\\\ibmmessages.exe\""
"IBMPRC"="C:\\IBMTOOLS\\UTILS\\ibmprc.exe"
"QCWLICON"="C:\\Program Files\\ThinkPad\\ConnectUtilities\\QCWLICON.EXE"
"PWRMGRTR"="rundll32 C:\\PROGRA~1\\ThinkPad\\UTILIT~1\\PWRMGRTR.DLL,PwrMgrBkGndMonitor"
"BLOG"="rundll32 C:\\PROGRA~1\\ThinkPad\\UTILIT~1\\BatLogEx.DLL,StartBattLog"
"HP SchedIndexer"="\"C:\\Program Files\\Hewlett-Packard\\LaserJet 33xx\\hppschedindexer.exe\""
"HP AutoIndexer"="\"C:\\Program Files\\Hewlett-Packard\\LaserJet 33xx\\hppautoindexer.exe\""
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QCTray"="C:\\PROGRA~1\\ThinkPad\\CONNEC~1\\QCTray.exe"
"SSBkgdUpdate"="\"C:\\Program Files\\Common Files\\Scansoft Shared\\SSBkgdUpdate\\SSBkgdupdate.exe\" -Embedding -boot"
"BitDefender Antiphishing Helper"="\"C:\\Program Files\\BitDefender\\BitDefender 2008\\IEShow.exe\""
"BDAgent"="\"C:\\Program Files\\BitDefender\\BitDefender 2008\\bdagent.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime"
"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""
"SpySweeper"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe\" /startintray"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
@=""

=== Values under HKCU\~\Run ======

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ibmmessages"="C:\\Program Files\\IBM\\Messages By IBM\\ibmmessages.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe\""
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Pando"="\"C:\\Program Files\\Pando Networks\\Pando\\Pando.exe\" /Minimized"
@=""
"updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_9 -reboot 1"

=== Folders and Files from "C:\" and "C:\Windows" Created Last 30 Days ======

4/8/2008 3:15:43 PM    0    C:\Config.Msi
4/27/2008 4:38:49 PM    3579    32    C:\Files.txt
4/8/2008 2:49:46 PM    2440471    C:\WINDOWS\$NtUninstallKB941693$
4/8/2008 2:49:46 PM    596503    C:\WINDOWS\$NtUninstallKB941693$\spuninst
4/8/2008 2:50:07 PM    791632    C:\WINDOWS\$NtUninstallKB945553$
4/8/2008 2:50:07 PM    597584    C:\WINDOWS\$NtUninstallKB945553$\spuninst
4/8/2008 2:51:12 PM    878728    C:\WINDOWS\$NtUninstallKB948590$
4/8/2008 2:51:12 PM    596616    C:\WINDOWS\$NtUninstallKB948590$\spuninst
4/8/2008 2:51:25 PM    686140    C:\WINDOWS\$NtUninstallKB948881$
4/8/2008 2:51:25 PM    596028    C:\WINDOWS\$NtUninstallKB948881$\spuninst
4/8/2008 2:47:30 PM    20255    32    C:\WINDOWS\KB941693.log
4/8/2008 2:47:52 PM    15862    32    C:\WINDOWS\KB945553.log
4/8/2008 2:50:21 PM    23671    32    C:\WINDOWS\KB947864-IE7.log
4/8/2008 2:48:34 PM    30843    32    C:\WINDOWS\KB948590.log
4/8/2008 2:51:23 PM    18969    32    C:\WINDOWS\KB948881.log

=== Files under "\Administrator\Startup" Last 30 Days======

=== Files under "All Users\Startup" Last 30 Days======

=== Folders under "\Program Files" Last 30 Days======

4/26/2008 2:57:20 PM    409957    C:\Program Files\Trend Micro
4/26/2008 2:57:20 PM    409957    C:\Program Files\Trend Micro\HijackThis

=== Files under "\System32\Drivers" Last 30 Days======

=== Files under "\User\Local Settings\Temp" Last 30 Days======

4/16/2008 1:06:09 AM    0    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\Acr1045.tmp
4/16/2008 9:50:28 AM    0    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\Acr1114.tmp
4/16/2008 6:35:06 PM    0    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\Acr1207.tmp
4/17/2008 3:19:19 AM    0    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\Acr1288.tmp
4/17/2008 12:03:46 PM    0    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\Acr13A5.tmp
4/17/2008 8:48:07 PM    0    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\Acr149F.tmp
4/18/2008 5:32:24 AM    0    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\Acr1560.tmp
4/18/2008 2:16:40 PM    0    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\Acr1635.tmp
4/18/2008 11:00:48 PM    0    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\Acr1687.tmp
4/19/2008 7:45:03 AM    0    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\Acr1756.tmp
4/19/2008 4:29:39 PM    0    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\Acr184E.tmp
4/20/2008 1:13:47 AM    0    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\Acr18FC.tmp
4/20/2008 9:58:04 AM    0    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\Acr19A4.tmp
4/20/2008 6:42:37 PM    0    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\Acr1BA3.tmp
4/21/2008 3:27:06 AM    0    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\Acr1E18.tmp
4/21/2008 12:11:37 PM    0    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\Acr1FF6.tmp
4/21/2008 8:55:58 PM    0    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\Acr20D9.tmp
4/22/2008 5:40:10 AM    0    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\Acr2187.tmp
4/22/2008 2:24:29 PM    0    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\Acr22D2.tmp
4/22/2008 11:08:42 PM    0    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\Acr2394.tmp
4/23/2008 7:52:58 AM    0    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\Acr2474.tmp
4/23/2008 4:37:14 PM    0    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\Acr2579.tmp
4/24/2008 1:21:17 AM    0    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\Acr2648.tmp
4/24/2008 10:05:38 AM    0    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\Acr2730.tmp
4/24/2008 6:50:01 PM    0    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\Acr283C.tmp
4/25/2008 3:34:10 AM    0    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\Acr28CF.tmp
4/25/2008 12:18:21 PM    0    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\Acr2A25.tmp
4/25/2008 9:02:47 PM    0    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\Acr2B3F.tmp
4/26/2008 5:46:52 AM    0    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\Acr2BCC.tmp
4/26/2008 2:31:06 PM    0    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\Acr2E28.tmp
4/26/2008 11:16:37 PM    0    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\Acr2F8C.tmp
4/27/2008 8:03:42 AM    0    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\Acr3059.tmp
4/12/2008 9:42:18 AM    0    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\Acr8B9.tmp
4/12/2008 6:26:40 PM    0    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\Acr96E.tmp
4/13/2008 3:10:59 AM    0    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\Acr9EF.tmp
4/13/2008 11:55:25 AM    0    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\AcrAA5.tmp
4/13/2008 8:39:43 PM    0    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\AcrB64.tmp
4/14/2008 5:24:02 AM    0    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\AcrBDF.tmp
4/12/2008 7:09:59 AM    2048000    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\AcrCA6A.tmp
4/14/2008 2:08:35 PM    0    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\AcrD14.tmp
4/14/2008 10:52:54 PM    0    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\AcrDD2.tmp
4/15/2008 7:37:23 AM    0    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\AcrE9D.tmp
4/15/2008 4:21:50 PM    0    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\AcrFAD.tmp
4/25/2008 4:31:31 PM    578616    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\All Star Nominations 2008.pdf
4/8/2008 3:34:13 PM    1355776    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\asat0001.tmp
4/20/2008 7:18:28 PM    19968    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\Delivery Status Notification (Failure).msg
4/22/2008 9:17:01 AM    38400    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\Kockaya Termination.doc
4/20/2008 7:18:28 PM    20480    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\Mail delivery failed returning message to sender.msg
4/8/2008 12:01:57 PM    47616    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\McCarthy letter 1.doc
4/1/2008 10:27:51 AM    110592    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\McGinnis03-31-08-Memo 1Revised.doc
4/1/2008 11:12:00 AM    119296    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\McGinnis03-31-08-Memo 2Revised.doc
4/17/2008 3:44:34 PM    27648    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\Minkle letter.doc
4/27/2008 4:36:26 PM    145564    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\MRMPJ512.emf
3/31/2008 1:38:18 PM    90112    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\Org Dev Job Description(2).doc
4/23/2008 1:35:26 PM    20992    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\Rescheduling Sunday game.msg
4/26/2008 8:14:31 PM    2201224    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\V2NOTSa06300
4/26/2008 9:31:33 PM    832872    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\V2NOTSb06300
3/31/2008 1:55:20 PM    90112    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\VP Legal-Human Resources (1).doc
4/26/2008 11:06:33 PM    1224704    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\VS0AV3NG.02U
4/8/2008 3:23:12 PM    753    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\{AC76BA86-7AD7-1033-7B44-A81200000003}.ini
4/26/2008 3:30:21 PM    512    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\~DF4F23.tmp
4/25/2008 4:30:41 PM    512    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\~DF6BDC.tmp
4/25/2008 4:30:46 PM    16384    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\~DFA6F2.tmp
4/25/2008 4:30:46 PM    512    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\~DFA717.tmp
4/27/2008 6:59:53 AM    114688    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\~DFB569.tmp

=== Files and Folders under "All Users\Application Data" Last 30 Days======

4/8/2008 3:23:49 PM    752    C:\Documents and Settings\All Users\Application Data\Adobe
4/8/2008 3:23:49 PM    479    C:\Documents and Settings\All Users\Application Data\Adobe\Acrobat
4/8/2008 3:23:49 PM    479    C:\Documents and Settings\All Users\Application Data\Adobe\Acrobat\8.0
4/8/2008 3:23:50 PM    479    C:\Documents and Settings\All Users\Application Data\Adobe\Acrobat\8.0\Replicate
4/8/2008 3:23:50 PM    479    C:\Documents and Settings\All Users\Application Data\Adobe\Acrobat\8.0\Replicate\Security
4/8/2008 3:25:12 PM    273    C:\Documents and Settings\All Users\Application Data\Adobe\Updater5

=== Values under HKLM\Software\microsoft\shared tools\msconfig\startupreg ======

HKLM\Software\microsoft\shared tools\msconfig\startupreg\

=== BHO's under HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects ======

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{38D3FE60-3D53-4F37-BB0E-C7A97A26A156}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}

 

+++++++++++++++++++++++++++++++++
+
+ File Lister
+
+ Version 1.0.1
+
+  By bamajim
+
+++++++++++++++++++++++++++++++++

=== Values under HKLM\~\Run ======

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="\"C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe\""
"SynTPEnh"="\"C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe\""
"TPKMAPHELPER"="\"C:\\Program Files\\ThinkPad\\Utilities\\TpKmapAp.exe\" -helper"
"TpShocks"="TpShocks.exe"
"TPHOTKEY"="C:\\PROGRA~1\\ThinkPad\\PkgMgr\\HOTKEY\\TPHKMGR.exe"
"ControlCenter"="\"C:\\Program Files\\IBM fingerprint software\\ctlcntr.exe\" /startup"
"TP4EX"="tp4ex.exe"
"EZEJMNAP"="C:\\PROGRA~1\\ThinkPad\\UTILIT~1\\EzEjMnAp.Exe"
"SoundMAXPnP"="\"C:\\Program Files\\Analog Devices\\SoundMAX\\SMax4PNP.exe\""
"SoundMAX"="\"C:\\Program Files\\Analog Devices\\SoundMAX\\Smax4.exe\" /tray"
"ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"UpdateManager"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
@=""
"ibmmessages"="\"C:\\Program Files\\IBM\\Messages By IBM\\\\ibmmessages.exe\""
"IBMPRC"="C:\\IBMTOOLS\\UTILS\\ibmprc.exe"
"QCWLICON"="C:\\Program Files\\ThinkPad\\ConnectUtilities\\QCWLICON.EXE"
"PWRMGRTR"="rundll32 C:\\PROGRA~1\\ThinkPad\\UTILIT~1\\PWRMGRTR.DLL,PwrMgrBkGndMonitor"
"BLOG"="rundll32 C:\\PROGRA~1\\ThinkPad\\UTILIT~1\\BatLogEx.DLL,StartBattLog"
"HP SchedIndexer"="\"C:\\Program Files\\Hewlett-Packard\\LaserJet 33xx\\hppschedindexer.exe\""
"HP AutoIndexer"="\"C:\\Program Files\\Hewlett-Packard\\LaserJet 33xx\\hppautoindexer.exe\""
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QCTray"="C:\\PROGRA~1\\ThinkPad\\CONNEC~1\\QCTray.exe"
"SSBkgdUpdate"="\"C:\\Program Files\\Common Files\\Scansoft Shared\\SSBkgdUpdate\\SSBkgdupdate.exe\" -Embedding -boot"
"BitDefender Antiphishing Helper"="\"C:\\Program Files\\BitDefender\\BitDefender 2008\\IEShow.exe\""
"BDAgent"="\"C:\\Program Files\\BitDefender\\BitDefender 2008\\bdagent.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime"
"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""
"SpySweeper"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe\" /startintray"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
@=""

=== Values under HKCU\~\Run ======

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ibmmessages"="C:\\Program Files\\IBM\\Messages By IBM\\ibmmessages.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe\""
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Pando"="\"C:\\Program Files\\Pando Networks\\Pando\\Pando.exe\" /Minimized"
@=""
"updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_9 -reboot 1"

=== Folders and Files from "C:\" and "C:\Windows" Created Last 30 Days ======

4/8/2008 3:15:43 PM    0    C:\Config.Msi
4/27/2008 4:38:49 PM    32160    32    C:\Files.txt
4/8/2008 2:49:46 PM    2440471    C:\WINDOWS\$NtUninstallKB941693$
4/8/2008 2:49:46 PM    596503    C:\WINDOWS\$NtUninstallKB941693$\spuninst
4/8/2008 2:50:07 PM    791632    C:\WINDOWS\$NtUninstallKB945553$
4/8/2008 2:50:07 PM    597584    C:\WINDOWS\$NtUninstallKB945553$\spuninst
4/8/2008 2:51:12 PM    878728    C:\WINDOWS\$NtUninstallKB948590$
4/8/2008 2:51:12 PM    596616    C:\WINDOWS\$NtUninstallKB948590$\spuninst
4/8/2008 2:51:25 PM    686140    C:\WINDOWS\$NtUninstallKB948881$
4/8/2008 2:51:25 PM    596028    C:\WINDOWS\$NtUninstallKB948881$\spuninst
4/8/2008 2:47:30 PM    20255    32    C:\WINDOWS\KB941693.log
4/8/2008 2:47:52 PM    15862    32    C:\WINDOWS\KB945553.log
4/8/2008 2:50:21 PM    23671    32    C:\WINDOWS\KB947864-IE7.log
4/8/2008 2:48:34 PM    30843    32    C:\WINDOWS\KB948590.log
4/8/2008 2:51:23 PM    18969    32    C:\WINDOWS\KB948881.log

=== Files under "\Administrator\Startup" Last 30 Days======

=== Files under "All Users\Startup" Last 30 Days======

=== Folders under "\Program Files" Last 30 Days======

4/26/2008 2:57:20 PM    409957    C:\Program Files\Trend Micro
4/26/2008 2:57:20 PM    409957    C:\Program Files\Trend Micro\HijackThis

=== Files under "\System32\Drivers" Last 30 Days======

=== Files under "\User\Local Settings\Temp" Last 30 Days======

4/16/2008 1:06:09 AM    0    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\Acr1045.tmp
4/16/2008 9:50:28 AM    0    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\Acr1114.tmp
4/16/2008 6:35:06 PM    0    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\Acr1207.tmp
4/17/2008 3:19:19 AM    0    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\Acr1288.tmp
4/17/2008 12:03:46 PM    0    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\Acr13A5.tmp
4/17/2008 8:48:07 PM    0    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\Acr149F.tmp
4/18/2008 5:32:24 AM    0    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\Acr1560.tmp
4/18/2008 2:16:40 PM    0    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\Acr1635.tmp
4/18/2008 11:00:48 PM    0    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\Acr1687.tmp
4/19/2008 7:45:03 AM    0    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\Acr1756.tmp
4/19/2008 4:29:39 PM    0    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\Acr184E.tmp
4/20/2008 1:13:47 AM    0    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\Acr18FC.tmp
4/20/2008 9:58:04 AM    0    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\Acr19A4.tmp
4/20/2008 6:42:37 PM    0    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\Acr1BA3.tmp
4/21/2008 3:27:06 AM    0    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\Acr1E18.tmp
4/21/2008 12:11:37 PM    0    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\Acr1FF6.tmp
4/21/2008 8:55:58 PM    0    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\Acr20D9.tmp
4/22/2008 5:40:10 AM    0    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\Acr2187.tmp
4/22/2008 2:24:29 PM    0    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\Acr22D2.tmp
4/22/2008 11:08:42 PM    0    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\Acr2394.tmp
4/23/2008 7:52:58 AM    0    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\Acr2474.tmp
4/23/2008 4:37:14 PM    0    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\Acr2579.tmp
4/24/2008 1:21:17 AM    0    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\Acr2648.tmp
4/24/2008 10:05:38 AM    0    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\Acr2730.tmp
4/24/2008 6:50:01 PM    0    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\Acr283C.tmp
4/25/2008 3:34:10 AM    0    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\Acr28CF.tmp
4/25/2008 12:18:21 PM    0    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\Acr2A25.tmp
4/25/2008 9:02:47 PM    0    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\Acr2B3F.tmp
4/26/2008 5:46:52 AM    0    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\Acr2BCC.tmp
4/26/2008 2:31:06 PM    0    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\Acr2E28.tmp
4/26/2008 11:16:37 PM    0    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\Acr2F8C.tmp
4/27/2008 8:03:42 AM    0    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\Acr3059.tmp
4/12/2008 9:42:18 AM    0    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\Acr8B9.tmp
4/12/2008 6:26:40 PM    0    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\Acr96E.tmp
4/13/2008 3:10:59 AM    0    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\Acr9EF.tmp
4/13/2008 11:55:25 AM    0    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\AcrAA5.tmp
4/13/2008 8:39:43 PM    0    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\AcrB64.tmp
4/14/2008 5:24:02 AM    0    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\AcrBDF.tmp
4/12/2008 7:09:59 AM    2048000    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\AcrCA6A.tmp
4/14/2008 2:08:35 PM    0    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\AcrD14.tmp
4/14/2008 10:52:54 PM    0    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\AcrDD2.tmp
4/15/2008 7:37:23 AM    0    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\AcrE9D.tmp
4/15/2008 4:21:50 PM    0    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\AcrFAD.tmp
4/25/2008 4:31:31 PM    578616    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\All Star Nominations 2008.pdf
4/8/2008 3:34:13 PM    1355776    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\asat0001.tmp
4/20/2008 7:18:28 PM    19968    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\Delivery Status Notification (Failure).msg
4/22/2008 9:17:01 AM    38400    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\Kockaya Termination.doc
4/20/2008 7:18:28 PM    20480    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\Mail delivery failed returning message to sender.msg
4/8/2008 12:01:57 PM    47616    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\McCarthy letter 1.doc
4/1/2008 10:27:51 AM    110592    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\McGinnis03-31-08-Memo 1Revised.doc
4/1/2008 11:12:00 AM    119296    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\McGinnis03-31-08-Memo 2Revised.doc
4/17/2008 3:44:34 PM    27648    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\Minkle letter.doc
4/27/2008 4:36:26 PM    145564    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\MRMPJ512.emf
3/31/2008 1:38:18 PM    90112    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\Org Dev Job Description(2).doc
4/23/2008 1:35:26 PM    20992    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\Rescheduling Sunday game.msg
4/26/2008 8:14:31 PM    2201224    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\V2NOTSa06300
4/26/2008 9:31:33 PM    832872    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\V2NOTSb06300
3/31/2008 1:55:20 PM    90112    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\VP Legal-Human Resources (1).doc
4/26/2008 11:06:33 PM    1224704    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\VS0AV3NG.02U
4/8/2008 3:23:12 PM    753    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\{AC76BA86-7AD7-1033-7B44-A81200000003}.ini
4/26/2008 3:30:21 PM    512    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\~DF4F23.tmp
4/25/2008 4:30:41 PM    512    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\~DF6BDC.tmp
4/25/2008 4:30:46 PM    16384    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\~DFA6F2.tmp
4/25/2008 4:30:46 PM    512    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\~DFA717.tmp
4/27/2008 6:59:53 AM    114688    32    C:\Documents and Settings\Michael Maher\Local Settings\Temp\~DFB569.tmp

=== Running Processes ======

System Idle Process   [0]  
System   [4]  
smss.exe   [856]   \SystemRoot\System32\smss.exe
csrss.exe   [948]  
winlogon.exe   [988]   winlogon.exe
services.exe   [1032]   C:\WINDOWS\system32\services.exe
lsass.exe   [1044]   C:\WINDOWS\system32\lsass.exe
vtserver.exe   [1236]   "C:\Program Files\Common Files\Virtual Token\vtserver.exe"
ibmpmsvc.exe   [1252]   C:\WINDOWS\system32\ibmpmsvc.exe
ati2evxx.exe   [1280]   C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe   [1292]   C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe   [1360]  
svchost.exe   [1504]   C:\WINDOWS\System32\svchost.exe -k netsvcs
EvtEng.exe   [1536]   "C:\Program Files\Intel\Wireless\Bin\EvtEng.exe"
S24EvMon.exe   [1672]   "C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe"
svchost.exe   [1736]  
svchost.exe   [1776]  
BRSVC01A.EXE   [448]   C:\WINDOWS\system32\brsvc01a.exe
BRSS01A.EXE   [484]   brss01a.exe
spoolsv.exe   [464]   C:\WINDOWS\system32\spoolsv.exe
btwdins.exe   [656]   "C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe"
rrpcsb.exe   [776]   "C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe"
QBCFMonitorService.exe   [844]   "C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe"
QCONSVC.EXE   [1744]   System32\QCONSVC.EXE
RegSrvc.exe   [1756]   "C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe"
SMAgent.exe   [2024]   "C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe"
TPHDEXLG.exe   [204]   System32\TPHDEXLG.EXE
TpKmpSvc.exe   [224]   C:\WINDOWS\system32\TpKmpSVC.exe
wdfmgr.exe   [272]  
ViewpointService.exe   [308]   "C:\Program Files\Viewpoint\Common\ViewpointService.exe"
SpySweeper.exe   [340]   "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe"
xcommsvr.exe   [1768]   "C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe" /service
ViewMgr.exe   [3536]   "C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe"
alg.exe   [3848]  
ati2evxx.exe   [2536]   Ati2evxx.exe -Client
wscntfy.exe   [1792]   C:\WINDOWS\system32\wscntfy.exe
explorer.exe   [2776]   C:\WINDOWS\Explorer.EXE
SynTPLpr.exe   [3292]   "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
SynTPEnh.exe   [3312]   "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
TpShocks.exe   [3480]   "C:\WINDOWS\system32\TpShocks.exe"
TPHKMGR.exe   [3500]   "C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe"
TPONSCR.exe   [3336]   "C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe"
TpScrex.exe   [1036]   "C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe"
EZEJMNAP.EXE   [3700]   "C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe"
SMax4PNP.exe   [3880]   "C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe"
tfswctrl.exe   [3376]   "C:\WINDOWS\system32\dla\tfswctrl.exe"
ibmmessages.exe   [3896]   "C:\Program Files\IBM\Messages By IBM\ibmmessages.exe"
ibmprc.exe   [4088]   "C:\IBMTOOLS\UTILS\ibmprc.exe"
QCWLICON.EXE   [2020]   "C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE"
rundll32.exe   [260]   "C:\WINDOWS\system32\rundll32.exe" C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
iTunesHelper.exe   [592]   "C:\Program Files\iTunes\iTunesHelper.exe"
QCTRAY.EXE   [668]   "C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe"
bdagent.exe   [752]   "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
iPodService.exe   [892]   "C:\Program Files\iPod\bin\iPodService.exe"
SpySweeperUI.exe   [1452]   "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
msmsgs.exe   [2128]   "C:\Program Files\Messenger\msmsgs.exe" /background
wcescomm.exe   [2836]   "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
ctfmon.exe   [2948]   "C:\WINDOWS\system32\ctfmon.exe"
pando.exe   [432]   "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
BTTray.exe   [4032]   "C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe"
DLG.exe   [4024]   "C:\Program Files\Digital Line Detect\DLG.exe"
rapimgr.exe   [320]   C:\PROGRA~1\MICROS~3\rapimgr.exe -Embedding
qbupdate.exe   [3584]   "C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe"
1XConfig.exe   [324]   C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe -Embedding
QBW32.EXE   [1108]   "C:\Program Files\Intuit\QuickBooks 2008\qbw32.exe" /Fpro -TickCount=418968 /NoShowLoadingQBWnd
axlbridge.exe   [2344]   "C:\Program Files\Common Files\Intuit\QuickBooks\axlbridge.exe" -Embedding
QBDBMgr.exe   [2788]   C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgr.exe -n QB_data_engine_18 -qs -gd ALL -gk all -gp 4096 -gu all -ch 64M -ti 0 -c 32M -x none -ct- -qi -qw  -tl 120 -oe "C:\Documents and Settings\Michael Maher\Local Settings\Application Data\Intuit\QuickBooks\Log\DBStartup.log"
AcroRd32.exe   [6812]   "C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe" /o /eo /l /b
vsserv.exe   [1356]   "C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service
svchost.exe   [2092]   C:\WINDOWS\System32\svchost.exe -kbdx
livesrv.exe   [7352]   "C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe" /service
OUTLOOK.EXE   [11156]   "C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE" /recycle
WINWORD.EXE   [9596]   "C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE" -Embedding
ssu.exe   [9472]   "C:\Program Files\Webroot\Spy Sweeper\SSU.EXE" 4198969143
HijackThis.exe   [6732]   "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe"
notepad.exe   [2384]   "C:\WINDOWS\system32\NOTEPAD.EXE" C:\Program Files\Trend Micro\HijackThis\hijackthis.log
iexplore.exe   [5508]   "C:\Program Files\Internet Explorer\IEXPLORE.EXE"  -nohome
wscript.exe   [9396]   "C:\WINDOWS\System32\WScript.exe" "C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\Temporary Directory 1 for FileLister.zip\FileLister.vbe"
wmiprvse.exe   [8332]  
wmiprvse.exe   [696]  

=== Uninstall List From Registry ======

ATI - Software Uninstall Utility
ATI Display Driver
Brother 1440
Brownie
IBM Integrated 56K Modem
HijackThis 2.0.2
hp LaserJet 3300 Uninstaller
Microsoft Internationalized Domain Names Mitigation APIs
Windows Internet Explorer 7
iTunes
PC-Doctor for Windows
IBM 32-bit Runtime Environment for Java 2, v1.4.2
InterActual Player
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883517
Windows XP Hotfix - KB883523
Windows XP Hotfix - KB884020
Windows XP Hotfix - KB884868
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885894
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB889315
Windows XP Hotfix - KB889673
Security Update for Windows XP (KB890046)
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows Genuine Advantage Validation Tool (KB892130)
Windows XP Hotfix - KB893086
Security Update for Windows XP (KB893756)
Windows Installer 3.1 (KB893803)
Update for Windows XP (KB894391)
Windows Media Player 10 Hotfix - KB894476
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Step By Step Interactive Training (KB898458)
Update for Windows XP (KB898461)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Update for Windows XP (KB900485)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Update for Windows XP (KB904942)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Hotfix for Windows XP (KB909394)
Update for Windows XP (KB910437)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Security Update for Windows XP (KB916281)
Update for Windows XP (KB916595)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Update for Windows XP (KB920872)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Update for Windows XP (KB922582)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Update for Windows XP (KB927891)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Update for Windows XP (KB929338)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows XP (KB930178)
Update for Windows XP (KB930916)
Security Update for Windows XP (KB931261)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows XP (KB931784)
Update for Windows XP (KB931836)
Security Update for CAPICOM (KB931906)
Security Update for Windows XP (KB932168)
Update for Windows XP (KB933360)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Update for Windows XP (KB936357)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows Internet Explorer 7 (KB938127)
Update for Windows XP (KB938828)
Security Update for Windows XP (KB938829)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows Internet Explorer 7 (KB942615)
Update for Windows XP (KB942763)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Hotfix for Windows Internet Explorer 7 (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
Nintendo DS - GBA Max Drive
Microsoft National Language Support Downlevel APIs
OverniteShip Desktop
IBM ThinkPad Power Management Driver
IBM ThinkPad Presentation Director
Intel(R) PROSet/Wireless Software
Adobe Flash Player 9 ActiveX
IBM ThinkPad UltraNav Driver
ThinkPad FullScreen Magnifier
Software Installer
HouseCall 6.6
TurboTax Business 2005
TurboTax Business 2006
TurboTax Home & Business 2006
TurboTax Premier 2005
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Notifications (KB905474)
Windows Media Connect
Windows Media Format Runtime
Windows Media Player 10
Yahoo! Toolbar
IBM SATA Power Management Driver
Sonic Update Manager
ATI Control Panel
Security Update for CAPICOM (KB931906)
IBM ThinkVantage Technologies Welcome Message
IBM Rescue and Recovery with Rapid Restore
IBM DLA
IBM ThinkPad EasyEject Utility
IBM ThinkPad Keyboard Customizer Utility
IBM Access Connections
mProSafe
mDriver
InterVideo WinDVD Creator
WebFldrs XP
MSXML 4.0 SP2 (KB927978)
ATI HYDRAVISION
BitDefender Antivirus 2008
iTunes
SupportSoft Assisted Service
Windows Genuine Advantage v1.3.0254.0
IBM Themes
mCore
MSXML 4.0 SP2 Parser and SDK
IBM Active Protection System
Spy Sweeper
IBM ThinkPad UltraNav Wizard
mPfMgr
QuickBooks Pro 2008
PC-Doctor for Windows
ThinkPad Integrated Bluetooth IV Software
InterVideo WinDVD
Microsoft Office Small Business Edition 2003
IBM RecordNow!
mXML
IBM ThinkPad Power Manager
MSXML 4.0 SP2 (KB925672)
Adobe Reader 8.1.2
TurboTax ItsDeductible 2006
Microsoft ActiveSync 4.0
Lenovo Battery Program
Microsoft .NET Framework 2.0 Service Pack 1
Apple Software Update
QuickTime
MSXML 4.0 SP2 (KB936181)
Pando
Timeslips v11
Microsoft .NET Framework 1.1
Dragon NaturallySpeaking 8
IBM fingerprint software 4.5.5
IBM 32-bit Runtime Environment for Java 2, v1.4.2
WexTech AnswerWorks
IBM TrackPoint Accessibility Features
Access IBM
SoundMAX
mMHouse
Wallpapers
Access IBM Message Center
Windows Media Connect
IBM ThinkPad Configuration
mWlsSafe

 

=== Files and Folders under "All Users\Application Data" Last 30 Days======

4/8/2008 3:23:49 PM    752    C:\Documents and Settings\All Users\Application Data\Adobe
4/8/2008 3:23:49 PM    479    C:\Documents and Settings\All Users\Application Data\Adobe\Acrobat
4/8/2008 3:23:49 PM    479    C:\Documents and Settings\All Users\Application Data\Adobe\Acrobat\8.0
4/8/2008 3:23:50 PM    479    C:\Documents and Settings\All Users\Application Data\Adobe\Acrobat\8.0\Replicate
4/8/2008 3:23:50 PM    479    C:\Documents and Settings\All Users\Application Data\Adobe\Acrobat\8.0\Replicate\Security
4/8/2008 3:25:12 PM    273    C:\Documents and Settings\All Users\Application Data\Adobe\Updater5

=== Values under HKLM\Software\microsoft\shared tools\msconfig\startupreg ======

HKLM\Software\microsoft\shared tools\msconfig\startupreg\

=== BHO's under HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects ======

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{38D3FE60-3D53-4F37-BB0E-C7A97A26A156}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}

 

=== Running Processes ======

System Idle Process   [0]  
System   [4]  
smss.exe   [856]   \SystemRoot\System32\smss.exe
csrss.exe   [948]  
winlogon.exe   [988]   winlogon.exe
services.exe   [1032]   C:\WINDOWS\system32\services.exe
lsass.exe   [1044]   C:\WINDOWS\system32\lsass.exe
vtserver.exe   [1236]   "C:\Program Files\Common Files\Virtual Token\vtserver.exe"
ibmpmsvc.exe   [1252]   C:\WINDOWS\system32\ibmpmsvc.exe
ati2evxx.exe   [1280]   C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe   [1292]   C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe   [1360]  
svchost.exe   [1504]   C:\WINDOWS\System32\svchost.exe -k netsvcs
EvtEng.exe   [1536]   "C:\Program Files\Intel\Wireless\Bin\EvtEng.exe"
S24EvMon.exe   [1672]   "C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe"
svchost.exe   [1736]  
svchost.exe   [1776]  
BRSVC01A.EXE   [448]   C:\WINDOWS\system32\brsvc01a.exe
BRSS01A.EXE   [484]   brss01a.exe
spoolsv.exe   [464]   C:\WINDOWS\system32\spoolsv.exe
btwdins.exe   [656]   "C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe"
rrpcsb.exe   [776]   "C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe"
QBCFMonitorService.exe   [844]   "C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe"
QCONSVC.EXE   [1744]   System32\QCONSVC.EXE
RegSrvc.exe   [1756]   "C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe"
SMAgent.exe   [2024]   "C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe"
TPHDEXLG.exe   [204]   System32\TPHDEXLG.EXE
TpKmpSvc.exe   [224]   C:\WINDOWS\system32\TpKmpSVC.exe
wdfmgr.exe   [272]  
ViewpointService.exe   [308]   "C:\Program Files\Viewpoint\Common\ViewpointService.exe"
SpySweeper.exe   [340]   "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe"
xcommsvr.exe   [1768]   "C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe" /service
ViewMgr.exe   [3536]   "C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe"
alg.exe   [3848]  
ati2evxx.exe   [2536]   Ati2evxx.exe -Client
wscntfy.exe   [1792]   C:\WINDOWS\system32\wscntfy.exe
explorer.exe   [2776]   C:\WINDOWS\Explorer.EXE
SynTPLpr.exe   [3292]   "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
SynTPEnh.exe   [3312]   "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
TpShocks.exe   [3480]   "C:\WINDOWS\system32\TpShocks.exe"
TPHKMGR.exe   [3500]   "C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe"
TPONSCR.exe   [3336]   "C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe"
TpScrex.exe   [1036]   "C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe"
EZEJMNAP.EXE   [3700]   "C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe"
SMax4PNP.exe   [3880]   "C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe"
tfswctrl.exe   [3376]   "C:\WINDOWS\system32\dla\tfswctrl.exe"
ibmmessages.exe   [3896]   "C:\Program Files\IBM\Messages By IBM\ibmmessages.exe"
ibmprc.exe   [4088]   "C:\IBMTOOLS\UTILS\ibmprc.exe"
QCWLICON.EXE   [2020]   "C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE"
rundll32.exe   [260]   "C:\WINDOWS\system32\rundll32.exe" C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
iTunesHelper.exe   [592]   "C:\Program Files\iTunes\iTunesHelper.exe"
QCTRAY.EXE   [668]   "C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe"
bdagent.exe   [752]   "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
iPodService.exe   [892]   "C:\Program Files\iPod\bin\iPodService.exe"
SpySweeperUI.exe   [1452]   "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
msmsgs.exe   [2128]   "C:\Program Files\Messenger\msmsgs.exe" /background
wcescomm.exe   [2836]   "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
ctfmon.exe   [2948]   "C:\WINDOWS\system32\ctfmon.exe"
pando.exe   [432]   "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
BTTray.exe   [4032]   "C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe"
DLG.exe   [4024]   "C:\Program Files\Digital Line Detect\DLG.exe"
rapimgr.exe   [320]   C:\PROGRA~1\MICROS~3\rapimgr.exe -Embedding
qbupdate.exe   [3584]   "C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe"
1XConfig.exe   [324]   C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe -Embedding
QBW32.EXE   [1108]   "C:\Program Files\Intuit\QuickBooks 2008\qbw32.exe" /Fpro -TickCount=418968 /NoShowLoadingQBWnd
axlbridge.exe   [2344]   "C:\Program Files\Common Files\Intuit\QuickBooks\axlbridge.exe" -Embedding
QBDBMgr.exe   [2788]   C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgr.exe -n QB_data_engine_18 -qs -gd ALL -gk all -gp 4096 -gu all -ch 64M -ti 0 -c 32M -x none -ct- -qi -qw  -tl 120 -oe "C:\Documents and Settings\Michael Maher\Local Settings\Application Data\Intuit\QuickBooks\Log\DBStartup.log"
AcroRd32.exe   [6812]   "C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe" /o /eo /l /b
vsserv.exe   [1356]   "C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service
svchost.exe   [2092]   C:\WINDOWS\System32\svchost.exe -kbdx
livesrv.exe   [7352]   "C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe" /service
OUTLOOK.EXE   [11156]   "C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE" /recycle
WINWORD.EXE   [9596]   "C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE" -Embedding
ssu.exe   [9472]   "C:\Program Files\Webroot\Spy Sweeper\SSU.EXE" 4198969143
HijackThis.exe   [6732]   "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe"
notepad.exe   [2384]   "C:\WINDOWS\system32\NOTEPAD.EXE" C:\Program Files\Trend Micro\HijackThis\hijackthis.log
iexplore.exe   [5508]   "C:\Program Files\Internet Explorer\IEXPLORE.EXE"  -nohome
NOTEPAD.EXE   [9772]   "C:\WINDOWS\notepad.exe" C:\Files.txt
wscript.exe   [6464]   "C:\WINDOWS\System32\WScript.exe" "C:\Documents and Settings\Michael Maher\Desktop\FileLister\FileLister.vbe"
wmiprvse.exe   [1888]  
wmiprvse.exe   [9296]  

=== Uninstall List From Registry ======

ATI - Software Uninstall Utility
ATI Display Driver
Brother 1440
Brownie
IBM Integrated 56K Modem
HijackThis 2.0.2
hp LaserJet 3300 Uninstaller
Microsoft Internationalized Domain Names Mitigation APIs
Windows Internet Explorer 7
iTunes
PC-Doctor for Windows
IBM 32-bit Runtime Environment for Java 2, v1.4.2
InterActual Player
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883517
Windows XP Hotfix - KB883523
Windows XP Hotfix - KB884020
Windows XP Hotfix - KB884868
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885894
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB889315
Windows XP Hotfix - KB889673
Security Update for Windows XP (KB890046)
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows Genuine Advantage Validation Tool (KB892130)
Windows XP Hotfix - KB893086
Security Update for Windows XP (KB893756)
Windows Installer 3.1 (KB893803)
Update for Windows XP (KB894391)
Windows Media Player 10 Hotfix - KB894476
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Step By Step Interactive Training (KB898458)
Update for Windows XP (KB898461)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Update for Windows XP (KB900485)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Update for Windows XP (KB904942)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Hotfix for Windows XP (KB909394)
Update for Windows XP (KB910437)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Security Update for Windows XP (KB916281)
Update for Windows XP (KB916595)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Update for Windows XP (KB920872)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Update for Windows XP (KB922582)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Update for Windows XP (KB927891)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Update for Windows XP (KB929338)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows XP (KB930178)
Update for Windows XP (KB930916)
Security Update for Windows XP (KB931261)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows XP (KB931784)
Update for Windows XP (KB931836)
Security Update for CAPICOM (KB931906)
Security Update for Windows XP (KB932168)
Update for Windows XP (KB933360)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Update for Windows XP (KB936357)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows Internet Explorer 7 (KB938127)
Update for Windows XP (KB938828)
Security Update for Windows XP (KB938829)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows Internet Explorer 7 (KB942615)
Update for Windows XP (KB942763)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Hotfix for Windows Internet Explorer 7 (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
Nintendo DS - GBA Max Drive
Microsoft National Language Support Downlevel APIs
OverniteShip Desktop
IBM ThinkPad Power Management Driver
IBM ThinkPad Presentation Director
Intel(R) PROSet/Wireless Software
Adobe Flash Player 9 ActiveX
IBM ThinkPad UltraNav Driver
ThinkPad FullScreen Magnifier
Software Installer
HouseCall 6.6
TurboTax Business 2005
TurboTax Business 2006
TurboTax Home & Business 2006
TurboTax Premier 2005
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Notifications (KB905474)
Windows Media Connect
Windows Media Format Runtime
Windows Media Player 10
Yahoo! Toolbar
IBM SATA Power Management Driver
Sonic Update Manager
ATI Control Panel
Security Update for CAPICOM (KB931906)
IBM ThinkVantage Technologies Welcome Message
IBM Rescue and Recovery with Rapid Restore
IBM DLA
IBM ThinkPad EasyEject Utility
IBM ThinkPad Keyboard Customizer Utility
IBM Access Connections
mProSafe
mDriver
InterVideo WinDVD Creator
WebFldrs XP
MSXML 4.0 SP2 (KB927978)
ATI HYDRAVISION
BitDefender Antivirus 2008
iTunes
SupportSoft Assisted Service
Windows Genuine Advantage v1.3.0254.0
IBM Themes
mCore
MSXML 4.0 SP2 Parser and SDK
IBM Active Protection System
Spy Sweeper
IBM ThinkPad UltraNav Wizard
mPfMgr
QuickBooks Pro 2008
PC-Doctor for Windows
ThinkPad Integrated Bluetooth IV Software
InterVideo WinDVD
Microsoft Office Small Business Edition 2003
IBM RecordNow!
mXML
IBM ThinkPad Power Manager
MSXML 4.0 SP2 (KB925672)
Adobe Reader 8.1.2
TurboTax ItsDeductible 2006
Microsoft ActiveSync 4.0
Lenovo Battery Program
Microsoft .NET Framework 2.0 Service Pack 1
Apple Software Update
QuickTime
MSXML 4.0 SP2 (KB936181)
Pando
Timeslips v11
Microsoft .NET Framework 1.1
Dragon NaturallySpeaking 8
IBM fingerprint software 4.5.5
IBM 32-bit Runtime Environment for Java 2, v1.4.2
WexTech AnswerWorks
IBM TrackPoint Accessibility Features
Access IBM
SoundMAX
mMHouse
Wallpapers
Access IBM Message Center
Windows Media Connect
IBM ThinkPad Configuration
mWlsSafe

Thank you for you help. I installed and ran CCLEANER and Kaspersky. Here is the log--in multiple parts because of size:

 

Tuesday, April 29, 2008 6:54:04 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 29/04/2008
Kaspersky Anti-Virus database records: 729371
  Scan Settings Scan using the following antivirus database extended Scan Archives true Scan Mail Bases true   Scan Target My Computer C:\
D:\
E:\
F:\   Scan Statistics Total number of scanned objects 136512 Number of viruses found 0 Number of infected objects 0 Number of suspicious objects 0 Duration of the scan process 03:23:09
Infected Object Name Virus Name Last Action C:\Documents and Settings\All Users\Application Data\ibm\messages\logs\lf000.log Object is locked skipped   C:\Documents and Settings\All Users\Application Data\Intuit\QuickBooks\qbsdklog.txt Object is locked skipped   C:\Documents and Settings\All Users\Documents\Intuit\QuickBooks\Company Files\Maher & Maher 2008.QBW Object is locked skipped   C:\Documents and Settings\All Users\Documents\Intuit\QuickBooks\Company Files\Maher & Maher 2008.QBW.TLG Object is locked skipped   C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped   C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS01420810-52C4-49B3-8452-B77D8E0D28BD.tmp Object is locked skipped   C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS03E4F34B-C9C8-491A-B12D-1A4597C04867.tmp Object is locked skipped   C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS04D5D383-AAE1-473E-8677-7FBC48C0A2E7.tmp Object is locked skipped   C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS0B026564-7E4F-4B41-9842-C75D0656EA4E.tmp Object is locked skipped   C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS0BC15FAF-16BF-4262-B56E-37A738BA35A9.tmp Object is locked skipped   C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS0D662CE3-5CC2-4438-8118-759693E0FD7A.tmp Object is locked skipped   C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS0D8F8BD8-AC39-4477-B4AD-68E27D96EFBE.tmp Object is locked skipped   C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS0EE13DEA-3098-4756-84C3-5E418C1E9709.tmp Object is locked skipped   C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS11706E15-8F1F-4946-8C43-42256FB38308.tmp Object is locked skipped   C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS14737CE7-CC0E-41D2-BCB8-D2835B579C38.tmp Object is locked skipped   C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS28DB7B97-9926-4F3C-AC5F-FB71D7488D28.tmp Object is locked skipped   C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS32220589-7A0E-411A-A82B-2A14D2A107BE.tmp Object is locked skipped   C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS33F72009-0F83-4E21-B442-D36C38847FB6.tmp Object is locked skipped   C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS342BC03F-CCB5-44CF-A23B-547C922BA8D6.tmp Object is locked skipped   C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS346D9E90-4041-4C27-B228-5C334CBD113A.tmp Object is locked skipped   C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS385986B7-4274-431C-B1D1-18AA1C9640B1.tmp Object is locked skipped   C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS39549389-8F05-49AD-AE1A-3C162B6EE74C.tmp Object is locked skipped   C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS3B9B2832-0BE7-40CC-A344-EA2973C6FCEF.tmp Object is locked skipped   C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS3BEFABE1-76A1-4066-8011-4E62854DF490.tmp Object is locked skipped   C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS3D951648-876C-49F8-B058-052C75B1C72A.tmp Object is locked skipped   C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS3FF26253-EDA4-4107-8AB6-819EA1106603.tmp Object is locked skipped   C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS40A882DA-B085-4A4F-868C-AFCC6F7F67AC.tmp Object is locked skipped   C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS416D06C6-0F72-4E41-8952-5413F3F1E580.tmp Object is locked skipped   C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS41BC5DC6-D4E5-4DCA-8343-38EAC286226B.tmp Object is locked skipped   C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS4531409D-148C-42B9-96CD-21D59A9815C1.tmp Object is locked skipped   C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS46E0E51B-D8B4-47A0-B365-38C43218F1D2.tmp Object is locked skipped   C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS472845DE-1150-44B5-B792-F66B9F86816B.tmp Object is locked skipped   C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS483F09A8-AA14-4BFD-A0A5-5852EF71706F.tmp Object is locked skipped   C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS4CCE27EC-10D9-44DA-BBD2-466711238C64.tmp Object is locked skipped   C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS4D5908AD-8F8C-49F4-A412-FB79C66B825C.tmp Object is locked skipped   C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS50E5D4B9-E814-4CCF-9BB1-8877EDACDB0A.tmp Object is locked skipped   C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS553D877F-289C-4450-89C7-AD385261CDA5.tmp Object is locked skipped   C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS55B3B9F3-74F9-4AC9-ADB5-1A321A09DCD5.tmp Object is locked skipped   C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS5859078E-E96B-432C-9295-292C09862765.tmp Object is locked skipped   C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS60B45CC8-C603-4B5C-B495-46D0CAB7BFA6.tmp Object is locked skipped   C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS64E2F5B3-5753-444E-B46B-6D9D1A4714B2.tmp Object is locked skipped   C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS65D79A58-5B8D-4EF1-903B-A82EA70F159F.tmp Object is locked skipped   C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS6668B550-911A-4164-8E0D-9B9D59E2FABA.tmp Object is locked skipped   C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS6ABF9CF9-DF0A-4B4E-9C93-A3FC5249F84A.tmp Object is locked skipped   C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS6B2D7939-4B55-4C58-B922-784F3F3C1F1A.tmp Object is locked skipped   C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS6EABDA8E-5BE6-412D-9AEC-50603E49FBB9.tmp Object is locked skipped   C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS6FC3291F-5C46-44D1-BC04-479110BE8762.tmp Object is locked skipped   C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS7240A81A-46EB-4BFD-BC81-1A2440323788.tmp Object is locked skipped   C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS76B638FB-B7F0-4734-9635-4BBC1CE5D6CD.tmp Object is locked skipped   C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS78BEB112-6DF9-4EE7-9A2A-7CECB7BE1981.tmp Object is locked skipped   C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS795BDFD8-22BF-4738-B297-F9D9A86588E6.tmp Object is locked skipped   C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS7A64B20F-7D6F-4860-A4A7-A1312E0A6004.tmp Object is locked skipped   C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS870A1C93-DE33-4531-926C-33A66584314C.tmp

:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped   C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped   C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped   C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped   C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped   C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped   C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped   C:\Documents and Settings\Michael Maher\Application Data\$_hpcst$.hpc Object is locked skipped   C:\Documents and Settings\Michael Maher\Application Data\Bitdefender\Desktop\Profiles\asdict.dat Object is locked skipped   C:\Documents and Settings\Michael Maher\Application Data\Microsoft\Outlook\outitems.log Object is locked skipped   C:\Documents and Settings\Michael Maher\Application Data\Microsoft\Outlook\Outlook.NK2 Object is locked skipped   C:\Documents and Settings\Michael Maher\Application Data\Microsoft\Outlook\Outlook.srs Object is locked skipped   C:\Documents and Settings\Michael Maher\Application Data\Microsoft\Templates\Normal.dot Object is locked skipped   C:\Documents and Settings\Michael Maher\Application Data\Microsoft\Word\AutoRecovery save of Normal.as$ Object is locked skipped   C:\Documents and Settings\Michael Maher\Application Data\Webroot\Spy Sweeper\Logs\080408153150.ses Object is locked skipped   C:\Documents and Settings\Michael Maher\Cookies\index.dat Object is locked skipped   C:\Documents and Settings\Michael Maher\Local Settings\Application Data\Adobe\Acrobat\8.0\Updater\updater.log Object is locked skipped   C:\Documents and Settings\Michael Maher\Local Settings\Application Data\Adobe\Updater5\aumLib.log Object is locked skipped   C:\Documents and Settings\Michael Maher\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Object is locked skipped   C:\Documents and Settings\Michael Maher\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped   C:\Documents and Settings\Michael Maher\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped   C:\Documents and Settings\Michael Maher\Local Settings\Application Data\Pando\Pando Files\cert\cert8.db Object is locked skipped   C:\Documents and Settings\Michael Maher\Local Settings\Application Data\Pando\Pando Files\cert\key3.db Object is locked skipped   C:\Documents and Settings\Michael Maher\Local Settings\Application Data\Pando\Pando Files\pando.log Object is locked skipped   C:\Documents and Settings\Michael Maher\Local Settings\History\History.IE5\index.dat Object is locked skipped   C:\Documents and Settings\Michael Maher\Local Settings\Temp\AcrCA6A.tmp Object is locked skipped   C:\Documents and Settings\Michael Maher\Local Settings\Temp\WCESLog.log Object is locked skipped   C:\Documents and Settings\Michael Maher\Local Settings\Temp\~DF3C1F.tmp Object is locked skipped   C:\Documents and Settings\Michael Maher\Local Settings\Temp\~DF624D.tmp Object is locked skipped   C:\Documents and Settings\Michael Maher\Local Settings\Temp\~DF6BDC.tmp Object is locked skipped   C:\Documents and Settings\Michael Maher\Local Settings\Temp\~DFA6F2.tmp Object is locked skipped   C:\Documents and Settings\Michael Maher\Local Settings\Temp\~DFA717.tmp Object is locked skipped   C:\Documents and Settings\Michael Maher\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped   C:\Documents and Settings\Michael Maher\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped   C:\Documents and Settings\Michael Maher\Local Settings\Temporary Internet Files\Content.Word\~WRF3135.tmp Object is locked skipped   C:\Documents and Settings\Michael Maher\Local Settings\Temporary Internet Files\Content.Word\~WRS2126.tmp Object is locked skipped   C:\Documents and Settings\Michael Maher\NTUSER.DAT Object is locked skipped   C:\Documents and Settings\Michael Maher\ntuser.dat.LOG Object is locked skipped   C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped   C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped   C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped   C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped   C:\Program Files\BitDefender\BitDefender 2008\as2core\antispam_sig_10756\aspdict.dat Object is locked skipped

:\Program Files\BitDefender\BitDefender 2008\dbokf.db Object is locked skipped   C:\Program Files\BitDefender\BitDefender 2008\dbokf.db-journal Object is locked skipped   C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak Object is locked skipped   C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped   C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst Object is locked skipped   C:\Program Files\Webroot\Spy Sweeper\Masters.base Object is locked skipped   C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP745\change.log Object is locked skipped   C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped   C:\WINDOWS\SchedLgU.Txt Object is locked skipped   C:\WINDOWS\SoftwareDistribution\EventCache\{DA7A3949-738C-4E57-A82D-813B1DD4B442}.bin Object is locked skipped   C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped   C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped   C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped   C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped   C:\WINDOWS\system32\config\DEFAULT Object is locked skipped   C:\WINDOWS\system32\config\default.LOG Object is locked skipped   C:\WINDOWS\system32\config\Internet.evt Object is locked skipped   C:\WINDOWS\system32\config\SAM Object is locked skipped   C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped   C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped   C:\WINDOWS\system32\config\SECURITY Object is locked skipped   C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped   C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped   C:\WINDOWS\system32\config\software.LOG Object is locked skipped   C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped   C:\WINDOWS\system32\config\SYSTEM Object is locked skipped   C:\WINDOWS\system32\config\system.LOG Object is locked skipped   C:\WINDOWS\system32\h323log.txt Object is locked skipped   C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped   C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped   C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped   C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped   C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped   C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped   C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped   C:\WINDOWS\Temp\tmp00006bec\tmp00000000 Object is locked skipped   C:\WINDOWS\WindowsUpdate.log Object is locked skipped   Scan process completed.

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS89D85FA4-2981-4FE1-97CF-7912D4F00087.tmp Object is locked skipped   C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS8E020C3F-CAD2-4A01-B0B0-2FF06C3BFAB8.tmp Object is locked skipped   C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS8EE3C0FA-4288-4F1D-B0A2-E3954E1B4E9D.tmp Object is locked skipped   C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS916AA31D-20F9-43DB-9E0C-15A2B8EA1696.tmp Object is locked skipped   C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS9336405A-A951-4A64-90C9-5BB70CC25523.tmp Object is locked skipped   C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS93C9CF0D-D4DE-4C48-8B57-2B0CE923BD1C.tmp Object is locked skipped   C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS9B965A0F-9CC9-482E-AF1D-7F6D3312AE8F.tmp Object is locked skipped   C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS9C2375AD-6FF8-45F6-AFCA-FD9F9C18B667.tmp Object is locked skipped   C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS9E2800A8-4290-45E2-AC2D-5926A96CA480.tmp Object is locked skipped   C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA2BEFA3C-BACD-4C4F-A8AE-A06C5EE22A8C.tmp Object is locked skipped   C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA90E7F70-74BC-46ED-A277-225DCC1E819B.tmp Object is locked skipped   C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA9D898CE-D68D-4ADC-8441-E1E972552ACE.tmp Object is locked skipped   C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSABE760F1-57FD-44EE-A698-030FC6C8336D.tmp Object is locked skipped   C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSACD0DDBA-B587-4B2B-9419-DEF11536CEF5.tmp Object is locked skipped   C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSAD4C3406-2060-4015-8946-8E48EA1186E0.tmp Object is locked skipped   C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSB3C9BEE3-8262-46CE-BA02-C8F9B64CAFE5.tmp Object is locked skipped   C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSB97E4628-FA7F-4FBD-ABBA-B8213F574CD0.tmp Object is locked skipped   C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSBC8843D0-C42B-4AB0-9065-90C9E5478792.tmp Object is locked skipped   C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC13D65CC-4E2A-4121-9A67-71342DC904C2.tmp Object is locked skipped   C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC659D983-1E69-4B01-BA09-BB0D252D6AEF.tmp Object is locked skipped   C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSCA045E2F-C805-4ABC-A5E0-82F7A08629F5.tmp Object is locked skipped   C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSCE2BEC0B-9ED9-4838-B8A8-74151533EB3E.tmp Object is locked skipped   C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSCE4D8309-209D-496D-B7B5-AC3E92832B3C.tmp Object is locked skipped   C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSCF5F2541-C218-49DD-A6E1-87AF42F70B32.tmp Object is locked skipped   C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSCFCDD9A1-9F2E-409A-9BE9-8AAFA890BBD5.tmp Object is locked skipped   C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD04668CF-34D4-4707-8ECA-D3EE6186F97B.tmp Object is locked skipped   C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD294D637-9C04-4AD0-A28F-41170286E2FA.tmp Object is locked skipped   C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD40C5304-9879-4B05-9676-762ADA8FB377.tmp Object is locked skipped   C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD94A6A98-89AD-4383-9B80-038F55261A0E.tmp Object is locked skipped   C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSDDA5E649-5214-480D-8FF4-FD537E39A5D2.tmp Object is locked skipped   C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSDE3EA650-7047-4F13-8BBA-8E99AD9E81E1.tmp Object is locked skipped   C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE16E8AB3-62A2-4705-88FB-B35089643238.tmp Object is locked skipped   C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE2120D43-971C-4B21-8A02-2F0D50EFCBBC.tmp Object is locked skipped   C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE561B3B7-9F23-4FCC-B2EC-F3371F21B20D.tmp Object is locked skipped   C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE6B56576-B1B9-4B32-9BAD-E8ACCDA0F825.tmp Object is locked skipped   C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSEA6DD1FC-82A8-45D0-911E-9808ACF9317C.tmp Object is locked skipped   C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSEFD5318A-2162-4E11-8DF5-41DC9830A4B1.tmp Object is locked skipped

mkmaher

 

You are most welcome. The log you posted from the Kaspersky scan is unreadable

 

When you compose and submit your reply, please make sure the box under your text which shows "Automatically convert carriage returns to HTML line breaks" is checked or your reply may not format correctly.

 

Then  repost the Kaspersky log please.

 

 

I am having trouble sending the log. First, I got an error message from the forum that there is an invalid HTML in the message and that it had automatically converted it. Now I am getting an error message that I am flloding the blog with the same post.Is there any way I can fax the log somewhere, or upload it to a file share site. Thanks again.

mkmaher

 

I've managed my way through the logs. It looks good.

 

Post one more fresh Hijackthis log and in your reply tell me how your PC is running now.

 

 

The problem is intermittent. Yesterday I had several hundred "mail delivery error" messages. Today I have had about a dozen. There doesn't seem to be any pattern. Here is the new Hijack This log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:58:38 AM, on 4/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Common Files\Virtual Token\vtserver.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Pando Networks\Pando\Pando.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgr.exe
C:\Documents and Settings\Michael Maher\Application Data\U3\0000187FC5720E85\LaunchPad.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\BitDefender\BitDefender 2008\uiscan.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Intuit\QuickBooks 2008\qbw32.exe
C:\Program Files\Common Files\Intuit\QuickBooks\axlbridge.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [TPKMAPHELPER] "C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [ControlCenter] "C:\Program Files\IBM fingerprint software\ctlcntr.exe" /startup
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe"
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ibmmessages] "C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe"
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [HP SchedIndexer] "C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppschedindexer.exe"
O4 - HKLM\..\Run: [HP AutoIndexer] "C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppautoindexer.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QCTray] C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP LaserJet Director.lnk = C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppdirector.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll
O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/installer.v4/vet_install_premium.pl?1&6&04.00.09.13&premium&unknown&http://www.toyota.com/vehicles/2006/avalon/key_features/int360.html?noreloadredir
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1141203161000
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/chnz/default/mjolauncher.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://zone.msn.com/bingame/dash/default/DinerDash.1.0.0.89.cab
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: Protector Suite Virtual Token (vtserver) - UPEK Inc. - C:\Program Files\Common Files\Virtual Token\vtserver.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 13964 bytes