Need some expert help...

Status
Not open for further replies.
NOD32 laptop page 6

C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II 022607.zip » ZIP » MQPDPZLE.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II 022607.zip » ZIP » MRITMBHO.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II 022607.zip » ZIP » MSHMFAOQ.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II 022607.zip » ZIP » MWDPGVFE.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II 022607.zip » ZIP » MWTJSNBY.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II 022607.zip » ZIP » MWYEQSYK.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II 022607.zip » ZIP » MZSOGNJM.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II 022607.zip » ZIP » NELOSIEL.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II 022607.zip » ZIP » NJYACNPU.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II 022607.zip » ZIP » NRZMNJON.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II 022607.zip » ZIP » NSQBSYXN.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II 022607.zip » ZIP » NUMKJJQE.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II 022607.zip » ZIP » NWQJYJOV.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II 022607.zip » ZIP » NXRFSOJH.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II 022607.zip » ZIP » NYOKSGSM.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II 022607.zip » ZIP » OKKBPTEG.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II 022607.zip » ZIP » OKQUWNCC.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II 022607.zip » ZIP » OKVBLPQB.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II 022607.zip » ZIP » OLNOSYJU.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II 022607.zip » ZIP » OLVEJNDR.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II 022607.zip » ZIP » OPPAPRFR.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II 022607.zip » ZIP » ORCHISUJ.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II 022607.zip » ZIP » OSKYDNHN.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II 022607.zip » ZIP » OTRAPYYU.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II 022607.zip » ZIP » OUOPKILW.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II 022607.zip » ZIP » PFNGSGCS.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II 022607.zip » ZIP » PNLMLOGA.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II 022607.zip » ZIP » PPKUWCSO.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II 022607.zip » ZIP » PPOQLDNS.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II 022607.zip » ZIP » PVDSDLBN.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II 022607.zip » ZIP » QJUJDWQK.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II 022607.zip » ZIP » QPPOAKRK.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II 022607.zip » ZIP » QPSRRSPJ.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II 022607.zip » ZIP » QQZYMRLQ.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II 022607.zip » ZIP » QRIMXBXG.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II 022607.zip » ZIP » QRRFCKVO.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II 022607.zip » ZIP » QSOQMALX.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II 022607.zip » ZIP » QZYEKPBN.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II 022607.zip » ZIP » RFBJONXN.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II 022607.zip » ZIP » RMKQPKKM.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II 022607.zip » ZIP » RNNQEQON.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II 022607.zip » ZIP » RRKLRNSL.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II 022607.zip » ZIP » RRWXHRMG.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II 022607.zip » ZIP » RVJXRBTG.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II 022607.zip » ZIP » SKMIVILK.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II 022607.zip » ZIP » SKNZVPBL.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II 022607.zip » ZIP » SLJTKLEX.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II 022607.zip » ZIP » SWPBHXUR.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II 022607.zip » ZIP » SXEEMLVR.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II 022607.zip » ZIP » SYYLZHIH.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II 022607.zip » ZIP » TKKVPWYK.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II 022607.zip » ZIP » TLPQKNNZ.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II 022607.zip » ZIP » TXKFKRQJ.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II 022607.zip » ZIP » UMEPHRHS.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II 022607.zip » ZIP » UWTMJHAO.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II 022607.zip » ZIP » UYBNTPRA.ima » MIME - is OK (internal scanning not performed)
 
NOD32 laptop page 7

C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II 022607.zip » ZIP » WKNMOPPM.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II 022607.zip » ZIP » WMTJGPXD.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II 022607.zip » ZIP » XJOSLUFM.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II 022607.zip » ZIP » XLRSJOZR.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II 022607.zip » ZIP » YLQGSCGQ.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II 022607.zip » ZIP » YRNWPMLI.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II 022607.zip » ZIP » YSBXOFJU.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II 022607.zip » ZIP » ZBYVYHPG.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II 022607.zip » ZIP » ZDPQKPJV.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II 022607.zip » ZIP » ZOWSHOAL.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » AQLOERKT.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » BAORIDFM.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » BERMLLJB.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » BQDMTSNR.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » BQMSFZPJ.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » BYGPJLLR.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » CBRQROVC.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » CQXQSJAF.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » DKEZKXBA.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » DKXLSNNE.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » DLCNLXQT.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » DPISNXDI.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » EKPRTNMR.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » EWQMYDKO.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » EWULCNUK.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » FIFGRPBP.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » FJMTKJRS.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » FQJORORS.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » FSAIHYYN.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » FTBPXXMG.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » FXNDPKNS.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » GARQDNMQ.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » GHBPUNYV.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » GJLLMKXZ.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » GPYPLIXN.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » HWKGLQPD.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » IORMNSYM.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » IVNSKNRP.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » IYABOAPL.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » IZSLBCQP.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » JFZOIJGK.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » JHCSQWKN.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » JHMIORUL.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » JJSLPKQQ.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » JNESARET.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » JRORLOYH.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » JSSPZWYQ.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » JWSDINJO.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » KBPCSLUM.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » KDMYFTZB.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » KJFXVKWA.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » KKMNNMPN.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » KLRQXBTF.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » KNWFGOPD.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » KQEJENJQ.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » KRCNTHOB.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » KSBJLOTZ.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » KSWITWOV.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » LBJLSQPR.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » LBRYRJCX.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » LGMOOKIJ.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » LIJGRKMH.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » LMKKMLSJ.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » LNJLNEIL.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » LOQRWIIY.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » LPSBRIUV.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » LQMPAUBW.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » LQWQSBEV.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » LRQYMMJS.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » LRWQNPSN.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » MFQUKVQW.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » MKXBOPNO.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » MLKLRHTK.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » MNWPSNAT.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » MOIHARDN.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » MPHHPRVD.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » MQPDPZLE.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » MRITMBHO.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » MSHMFAOQ.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » MWDPGVFE.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » MWTJSNBY.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » MWYEQSYK.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » MZSOGNJM.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » NELOSIEL.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » NJYACNPU.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » NRZMNJON.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » NSQBSYXN.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » NUMKJJQE.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » NWQJYJOV.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » NXRFSOJH.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » NYOKSGSM.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » OKKBPTEG.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » OKQUWNCC.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » OKVBLPQB.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » OLNOSYJU.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » OLVEJNDR.ima » MIME - is OK (internal scanning not performed)
 
NOD32 laptop page 8

C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » OPPAPRFR.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » ORCHISUJ.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » OSKYDNHN.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » OTRAPYYU.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » OUOPKILW.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » PFNGSGCS.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » PNLMLOGA.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » PPKUWCSO.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » PPOQLDNS.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » PVDSDLBN.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » QJUJDWQK.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » QPPOAKRK.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » QPSRRSPJ.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » QQZYMRLQ.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » QRIMXBXG.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » QRRFCKVO.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » QSOQMALX.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » QZYEKPBN.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » RFBJONXN.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » RMKQPKKM.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » RNNQEQON.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » RRKLRNSL.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » RRWXHRMG.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » RVJXRBTG.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » SKMIVILK.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » SKNZVPBL.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » SLJTKLEX.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » SWPBHXUR.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » SXEEMLVR.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » SYYLZHIH.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » TKKVPWYK.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » TLPQKNNZ.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » TXKFKRQJ.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » UMEPHRHS.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » UWTMJHAO.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » UYBNTPRA.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » WKNMOPPM.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » WMTJGPXD.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » XJOSLUFM.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » XLRSJOZR.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » YLQGSCGQ.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » YRNWPMLI.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » YSBXOFJU.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » ZBYVYHPG.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » ZDPQKPJV.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\Backup\Judy Diamond Prospects II.zip » ZIP » ZOWSHOAL.ima » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\NetLinks\Interact\OfflinePages\00000000.mht » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT6\NetLinks\Interact\OfflinePages\00000001.mht » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT - error opening [4]
C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG - error opening [4]
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - error opening [4]
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - error opening [4]
C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT - error opening [4]
C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.LOG - error opening [4]
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - error opening [4]
 
NOD32 laptop page 9

C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - error opening [4]
C:\Documents and Settings\Owner.LAPTOP\NTUSER.DAT - error opening [4]
C:\Documents and Settings\Owner.LAPTOP\NTUSER.DAT.LOG - error opening [4]
C:\Documents and Settings\Owner.LAPTOP\Application Data\Symantec\NPMDataStore\CIMStore.xml - error opening [4]
C:\Documents and Settings\Owner.LAPTOP\Desktop\WebUpdater_241.exe » ZIP » FRA/EULA.txt » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Owner.LAPTOP\Desktop\WebUpdater_241.exe » ZIP » ITA/EULA.txt » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Owner.LAPTOP\Desktop\WebUpdater_241.exe » ZIP » PTG/EULA.txt » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Owner.LAPTOP\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - error opening [4]
C:\Documents and Settings\Owner.LAPTOP\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - error opening [4]
C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\YS561401.CAB » CAB » VIDEO.MHT_1033 » MIME - is OK (internal scanning not performed)
C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\YS561405.CAB » CAB » VIDEO.MHT_1033 » MIME - is OK (internal scanning not performed)
C:\Program Files\America Online 8.0\Jiti\Viewpoint.exe » NSIS - error - unknown compression method
C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\core3.zip » ZIP » lib/deploy/ffjcext.zip » ZIP » {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}/chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\core3.zip » ZIP » lib/resources.jar » ZIP » com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\core3.zip » ZIP » lib/resources.jar » ZIP » com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\core3.zip » ZIP » lib/resources.jar » ZIP » javax/xml/bind/Messages.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\supportsoft\bin\ssrc.exe » ZIP » META-INF/ - archive damaged
C:\Program Files\Java\jre1.6.0_02\lib\resources.jar » ZIP » com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre1.6.0_02\lib\resources.jar » ZIP » com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre1.6.0_02\lib\resources.jar » ZIP » javax/xml/bind/Messages.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre1.6.0_02\lib\deploy\ffjcext.zip » ZIP » {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}/chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre1.6.0_03\lib\resources.jar » ZIP » com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre1.6.0_03\lib\resources.jar » ZIP » com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre1.6.0_03\lib\resources.jar » ZIP » javax/xml/bind/Messages.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre1.6.0_03\lib\deploy\ffjcext.zip » ZIP » {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}/chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Microsoft CAPICOM 2.1.0.2\License\license.mht » MIME - is OK (internal scanning not performed)
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Data\master.mdf - error opening [4]
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Data\mastlog.ldf - error opening [4]
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Data\model.mdf - error opening [4]
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Data\modellog.ldf - error opening [4]
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Data\tempdb.mdf - error opening [4]
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Data\templog.ldf - error opening [4]
C:\WINDOWS\SoftwareDistribution\EventCache\{16639CEB-9971-4DAE-AD49-9CE070398DD7}.bin - error opening [4]
C:\WINDOWS\system32\CatRoot2\edb.log - error opening [4]
C:\WINDOWS\system32\CatRoot2\tmp.edb - error opening [4]
C:\WINDOWS\system32\config\default - error opening [4]
C:\WINDOWS\system32\config\default.LOG - error opening [4]
C:\WINDOWS\system32\config\SAM - error opening [4]
C:\WINDOWS\system32\config\SAM.LOG - error opening [4]
C:\WINDOWS\system32\config\SECURITY - error opening [4]
C:\WINDOWS\system32\config\SECURITY.LOG - error opening [4]
C:\WINDOWS\system32\config\software - error opening [4]
C:\WINDOWS\system32\config\software.LOG - error opening [4]
C:\WINDOWS\system32\config\system - error opening [4]
C:\WINDOWS\system32\config\system.LOG - error opening [4]
C:\WINDOWS\Temp\JET9EEF.tmp - error opening [4]
C:\WORKSSETUP\REDIST\IE6\IENT_S1.CAB » CAB » IENT_1.CAB » CAB » MSHTML.DLL - next archive volume not found
C:\WORKSSETUP\REDIST\IE6\IENT_S2.CAB » CAB » IENT_2.CAB » CAB - file is not an archive
C:\WORKSSETUP\REDIST\IE6\IENT_S3.CAB » CAB » IENT_3.CAB » CAB - file is not an archive
C:\WORKSSETUP\REDIST\IE6\IENT_S4.CAB » CAB » IENT_4.CAB » CAB - file is not an archive
C:\WORKSSETUP\REDIST\IE6\IENT_S5.CAB » CAB » IENT_5.CAB » CAB - file is not an archive
C:\WORKSSETUP\REDIST\IE6\IENT_S6.CAB » CAB » IENT_6.CAB » CAB - file is not an archive
C:\WORKSSETUP\REDIST\IE6\IE_S1.CAB » CAB » IE_1.CAB » CAB » MSHTML.TLB - next archive volume not found
C:\WORKSSETUP\REDIST\IE6\IE_S2.CAB » CAB » IE_2.CAB » CAB - file is not an archive
C:\WORKSSETUP\REDIST\IE6\IE_S3.CAB » CAB » IE_3.CAB » CAB - file is not an archive
C:\WORKSSETUP\REDIST\IE6\IE_S4.CAB » CAB » IE_4.CAB » CAB - file is not an archive
C:\WORKSSETUP\REDIST\IE6\IE_S5.CAB » CAB » IE_5.CAB » CAB - file is not an archive
C:\WORKSSETUP\REDIST\IE6\IE_S6.CAB » CAB » IE_6.CAB » CAB - file is not an archive
C:\WORKSSETUP\REDIST\IE6\TEMPFILE.CAB » CAB » msoe.chm - archive damaged - the file could not be extracted.
C:\WORKSSETUP\REDIST\IE6\TEMPFILE.CAB » CAB » msoe.hlp - archive damaged - the file could not be extracted.
C:\WORKSSETUP\REDIST\IE6\TEMPFILE.CAB » CAB » msoe50.inf - archive damaged - the file could not be extracted.
C:\WORKSSETUP\REDIST\IE6\TEMPFILE.CAB » CAB » msoe.txt - archive damaged - the file could not be extracted.
C:\WORKSSETUP\REDIST\IE6\TEMPFILE.CAB » CAB » aleabanr.gif - archive damaged - the file could not be extracted.
C:\WORKSSETUP\REDIST\IE6\TEMPFILE.CAB » CAB » amaizrul.gif - archive damaged - the file could not be extracted.
C:\WORKSSETUP\REDIST\IE6\TEMPFILE.CAB » CAB » anabnr2.gif - archive damaged - the file could not be extracted.
C:\WORKSSETUP\REDIST\IE6\TEMPFILE.CAB » CAB » aswrule.gif - archive damaged - the file could not be extracted.
C:\WORKSSETUP\REDIST\IE6\TEMPFILE.CAB » CAB » blank.htm - archive damaged - the file could not be extracted.
C:\WORKSSETUP\REDIST\IE6\TEMPFILE.CAB » CAB » blankbkg.gif - archive damaged - the file could not be extracted.
C:\WORKSSETUP\REDIST\IE6\TEMPFILE.CAB » CAB » btzhsepa.gif - archive damaged - the file could not be extracted.
C:\WORKSSETUP\REDIST\IE6\TEMPFILE.CAB » CAB » citbanna.gif - archive damaged - the file could not be extracted.
C:\WORKSSETUP\REDIST\IE6\TEMPFILE.CAB » CAB » citrbkg.gif - archive damaged - the file could not be extracted.
C:\WORKSSETUP\REDIST\IE6\TEMPFILE.CAB » CAB » citrpun.htm - archive damaged - the file could not be extracted.
C:\WORKSSETUP\REDIST\IE6\TEMPFILE.CAB » CAB » clearday.htm - archive damaged - the file could not be extracted.
C:\WORKSSETUP\REDIST\IE6\TEMPFILE.CAB » CAB » clrdaybg.jpg - archive damaged - the file could not be extracted.
C:\WORKSSETUP\REDIST\IE6\TEMPFILE.CAB » CAB » fieruld.gif - archive damaged - the file could not be extracted.
C:\WORKSSETUP\REDIST\IE6\TEMPFILE.CAB » CAB » fiesta.htm - archive damaged - the file could not be extracted.
C:\WORKSSETUP\REDIST\IE6\TEMPFILE.CAB » CAB » fiestabg.jpg - archive damaged - the file could not be extracted.
C:\WORKSSETUP\REDIST\IE6\TEMPFILE.CAB » CAB » glacier.htm - archive damaged - the file could not be extracted.
C:\WORKSSETUP\REDIST\IE6\TEMPFILE.CAB » CAB » glacrbkg.jpg - archive damaged - the file could not be extracted.
C:\WORKSSETUP\REDIST\IE6\TEMPFILE.CAB » CAB » ivy.gif - archive damaged - the file could not be extracted.
C:\WORKSSETUP\REDIST\IE6\TEMPFILE.CAB » CAB » ivy.htm - archive damaged - the file could not be extracted.
C:\WORKSSETUP\REDIST\IE6\TEMPFILE.CAB » CAB » leaves.htm - archive damaged - the file could not be extracted.
C:\WORKSSETUP\REDIST\IE6\TEMPFILE.CAB » CAB » leavesbg.jpg - archive damaged - the file could not be extracted.
C:\WORKSSETUP\REDIST\IE6\TEMPFILE.CAB » CAB » maize.htm - archive damaged - the file could not be extracted.
C:\WORKSSETUP\REDIST\IE6\TEMPFILE.CAB » CAB » maizebkg.jpg - archive damaged - the file could not be extracted.
C:\WORKSSETUP\REDIST\IE6\TEMPFILE.CAB » CAB » nature.htm - archive damaged - the file could not be extracted.
C:\WORKSSETUP\REDIST\IE6\TEMPFILE.CAB » CAB » naturebg.jpg - archive damaged - the file could not be extracted.
C:\WORKSSETUP\REDIST\IE6\TEMPFILE.CAB » CAB » netblitz.htm - archive damaged - the file could not be extracted.
C:\WORKSSETUP\REDIST\IE6\TEMPFILE.CAB » CAB » netblzbg.gif - archive damaged - the file could not be extracted.
C:\WORKSSETUP\REDIST\IE6\TEMPFILE.CAB » CAB » piechtbg.jpg - archive damaged - the file could not be extracted.
C:\WORKSSETUP\REDIST\IE6\TEMPFILE.CAB » CAB » piechts.htm - archive damaged - the file could not be extracted.
C:\WORKSSETUP\REDIST\IE6\TEMPFILE.CAB » CAB » sunbanna.gif - archive damaged - the file could not be extracted.
C:\WORKSSETUP\REDIST\IE6\TEMPFILE.CAB » CAB » sunfbkg.jpg - archive damaged - the file could not be extracted.
C:\WORKSSETUP\REDIST\IE6\TEMPFILE.CAB » CAB » sunflowr.htm - archive damaged - the file could not be extracted.
C:\WORKSSETUP\REDIST\IE6\TEMPFILE.CAB » CAB » sweets.htm - archive damaged - the file could not be extracted.
C:\WORKSSETUP\REDIST\IE6\TEMPFILE.CAB » CAB » sweetsbg.gif - archive damaged - the file could not be extracted.
C:\WORKSSETUP\REDIST\IE6\TEMPFILE.CAB » CAB » tech.gif - archive damaged - the file could not be extracted.
C:\WORKSSETUP\REDIST\IE6\TEMPFILE.CAB » CAB » tech.htm - archive damaged - the file could not be extracted.
C:\WORKSSETUP\REDIST\IE6\TEMPFILE.CAB » CAB » msoe.dll - archive damaged - the file could not be extracted.
C:\WORKSSETUP\REDIST\IE6\TEMPFILE.CAB » CAB » oemig50.exe - archive damaged - the file could not be extracted.
C:\WORKSSETUP\REDIST\IE6\TEMPFILE.CAB » CAB » oeimport.dll - archive damaged - the file could not be extracted.
C:\WORKSSETUP\REDIST\IE6\TEMPFILE.CAB » CAB » setup50.exe - archive damaged - the file could not be extracted.
C:\WORKSSETUP\REDIST\IE6\TEMPFILE.CAB » CAB » msimn.exe - archive damaged - the file could not be extracted.
C:\WORKSSETUP\REDIST\IE6\TEMPFILE.CAB » CAB » inetcomm.dll - archive damaged - the file could not be extracted.
C:\WORKSSETUP\REDIST\IE6\TEMPFILE.CAB » CAB » mapistub.dll - archive damaged - the file could not be extracted.
C:\WORKSSETUP\REDIST\IE6\TEMPFILE.CAB » CAB » msoeres.dll - archive damaged - the file could not be extracted.
C:\WORKSSETUP\REDIST\IE6\TEMPFILE.CAB » CAB » inetres.dll - archive damaged - the file could not be extracted.
C:\WORKSSETUP\REDIST\IE6\TEMPFILE.CAB » CAB » csapi3t1.dll - archive damaged - the file could not be extracted.
C:\WORKSSETUP\REDIST\IE6\TEMPFILE.CAB » CAB » oemiglib.dll - archive damaged - the file could not be extracted.
C:\WORKSSETUP\REDIST\IE6\TEMPFILE.CAB » CAB » fixmapi.exe - archive damaged - the file could not be extracted.
C:\WORKSSETUP\REDIST\IE6\TEMPFILE.CAB » CAB » directdb.dll - archive damaged - the file could not be extracted.
C:\WORKSSETUP\REDIST\IE6\TEMPFILE.CAB » CAB » 9xmig.dll - archive damaged - the file could not be extracted.
Number of scanned objects: 394314
Number of threats found: 0
Time of completion: 6:41:58 PM Total scanning time: 6882 sec (01:54:42)

Notes:
[4] Object cannot be opened. It may be in use by another application or operating system.
 
So sorry...

But I ran Active Scan from the laptop AFTER I cleaned out the network drive...Looks a llittle better, wouldn't you say?
__________________


Incident Status Location

Possible Virus. Not disinfected C:\Program Files\Common Files\aolshare\Coach\Player\AOLNySEV.exe -----------------------
Yes, I placed the cimscare entry in my allowed list.

BTW, Symantec can be configured to scan the entire network.

GB
 
Locked Files

I think you can probably ignore any files pertaining to ACT. They are locked because ACT runs background MSSQL processes. Take those away and the log becomes a bit more manageable.

GB
 
Well that was fun :D:
After having a friend look at it he thinks you may be in the clear.
Can I see a new hijckthis log?

How is the laptop running?
 
HJT Log from Laptop

Eagle;

I can't thank you enough for going through the tedious task of review those logs. Here's the HJT from the laptop. I still have a piece of the "ctfmon.exe" parasite in the log and startup list (I have disabled it in Spybot S&D, but it continues to attempt a registry change on every start up). This seems to be the only thing left on the laptop.

:bigthumb:
------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:03:49 AM, on 1/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\act\act for windows\act.scheduler.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Maxtor\Maxtor Quick Start\msssort.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Lighthouse\uploadservice.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\ACT\ACT for Windows\Act.Scheduler.UI.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Documents and Settings\Owner.LAPTOP\Local Settings\Application Data\SyncToy\SyncToy.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://quotes.nasdaq.com/quote.dll?...&symbol=&symbol=&symbol=&symbol=&selected=wye
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile - {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing)
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [mssSort] C:\Program Files\Maxtor\Maxtor Quick Start\msssort.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ACTSchedulerUI] "C:\Program Files\ACT\ACT for Windows\Act.Scheduler.UI.exe" -Dfalse
O4 - HKLM\..\Run: [Act! Preloader] "C:\Program Files\ACT\ACT for Windows\Act8.exe" -stayrunning
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PartyGammonNet - {42ABEA80-798C-4236-B90C-4091EC0927BA} - C:\Program Files\PartyGaming.net\PartyGammonNet\RunPartyGammonNet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyGammonNet - {42ABEA80-798C-4236-B90C-4091EC0927BA} - C:\Program Files\PartyGaming.net\PartyGammonNet\RunPartyGammonNet.exe (file missing)
O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.cismcare.net
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1190063697265
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1190065209218
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ACT! Scheduler - Sage Software SB, Inc - c:\program files\act\act for windows\act.scheduler.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Inspector Lounge Transfer Service (ILTransferSvc) - Unknown owner - C:\Program Files\Lighthouse\uploadservice.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 10978 bytes
 
Desktop HJT

As with the laptop, the desktop has an "ctfmon.exe" entry. Laptop working great! Desktop may need a bit more work...
----------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:13:17 AM, on 1/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Lighthouse\uploadservice.exe
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Maxtor\Maxtor Quick Start\msssort.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\HPZinw12.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://quotes.nasdaq.com/quote.dll?...&symbol=&symbol=&symbol=&symbol=&selected=wye
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [mssSort] C:\Program Files\Maxtor\Maxtor Quick Start\msssort.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Act! Preloader] "C:\Program Files\ACT\ACT for Windows\Act8.exe" -stayrunning
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PartyGammonNet - {42ABEA80-798C-4236-B90C-4091EC0927BA} - C:\Program Files\PartyGaming.net\PartyGammonNet\RunPartyGammonNet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyGammonNet - {42ABEA80-798C-4236-B90C-4091EC0927BA} - C:\Program Files\PartyGaming.net\PartyGammonNet\RunPartyGammonNet.exe (file missing)
O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E9348280-2D74-4933-BE25-73D946926795} (DeviceEnum Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpbasicdetection3.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: systems.txt
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Inspector Lounge Transfer Service (ILTransferSvc) - Unknown owner - C:\Program Files\Lighthouse\uploadservice.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 9868 bytes
 
I still have a piece of the "ctfmon.exe" parasite in the log and startup list (I have disabled it in Spybot S&D, but it continues to attempt a registry change on every start up). This seems to be the only thing left on the laptop.
Click to expand...

Found in you system32 folder ctfmon.exe is not a virus.
http://www.neuber.com/taskmanager/process/ctfmon.exe.html

Is the last log from the desktop?

-------------------------


Close all programs leaving only HijackThis running. Place a check against each of the following,
O20 - AppInit_DLLs: systems.txt
Click on Fix Checked when finished and exit HijackThis.
 
Done...

Thanks, Eagle.

Last post WAS the HJT from the desktop. Laptop is running better than ever! Desktop is much better, but still a little sluggish...no real complaints. Here's a new HJT from the desktop...any more suggestions?

As far as cftmom.exe, the article you linked was VERY helpful. I had been doing some research myself and decided to eliminate the program...big difference. As a suggestion, I see that this issue has been widely discussed on the SP forums, largely due to the alarming message genereated by the info link on the TeaTimer registry block. Perhaps a revision to the "info" on TeaTimer might be in order to avoid future user panic. It tags cftmon as a variant of CWS and suggests that it is harmful to the system. (my $0.02)

Thanks so much for all you've done. Please advise if there's anything else that needs attention.
--------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:08:48 AM, on 1/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Maxtor\Maxtor Quick Start\msssort.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Lighthouse\uploadservice.exe
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://quotes.nasdaq.com/quote.dll?...&symbol=&symbol=&symbol=&symbol=&selected=wye
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [mssSort] C:\Program Files\Maxtor\Maxtor Quick Start\msssort.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Act! Preloader] "C:\Program Files\ACT\ACT for Windows\Act8.exe" -stayrunning
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PartyGammonNet - {42ABEA80-798C-4236-B90C-4091EC0927BA} - C:\Program Files\PartyGaming.net\PartyGammonNet\RunPartyGammonNet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyGammonNet - {42ABEA80-798C-4236-B90C-4091EC0927BA} - C:\Program Files\PartyGaming.net\PartyGammonNet\RunPartyGammonNet.exe (file missing)
O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E9348280-2D74-4933-BE25-73D946926795} (DeviceEnum Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpbasicdetection3.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Inspector Lounge Transfer Service (ILTransferSvc) - Unknown owner - C:\Program Files\Lighthouse\uploadservice.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 9605 bytes
 
I'm afraid I know little about this program
C:\Program Files\Lighthouse\uploadservice.exe

I would like to see a copy of the file in bold.

Click start / then my computer / local disk then follow the process tree.
Or using Windows Explorer, locate the first file you want to zip.
Right click on the file and select Send To and Compressed (zipped) Folder.
This makes a copy it does not delete it.
Please zip the file and upload it here
Or email it to little_eagleATsecurity-central.us

Please include a link to this thread.

-----------------------------------

There are some programs that we could stop at the startup.
 
Lighthouse

Hi Eagle;

Lighthouse is a program that's used to upload and catalog photographs to a secure server. I do some part-time work as an insurance inspector and this is the program used to transfer the files.

Do you have any reason to believe it would be unsafe? If so, I will be happy to send it to you, but I didn't want to waste your time.

GaryB
 
No if you know it's safe I don't need to see it.

These can be fixed using hijackthis if you like they are not necessary

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
 
Done...

Thanks, Eagle. I fixed the entries you noted on the desktop. Here's the most recent HJT from the laptop. Let me know if you see anything that needs attention. Laptop is running GREAT. :wav:
---------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:07:59 AM, on 2/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\act\act for windows\act.scheduler.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Maxtor\Maxtor Quick Start\msssort.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\ACT\ACT for Windows\Act.Scheduler.UI.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Lighthouse\uploadservice.exe
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://quotes.nasdaq.com/quote.dll?...&symbol=&symbol=&symbol=&symbol=&selected=wye
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile - {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing)
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [mssSort] C:\Program Files\Maxtor\Maxtor Quick Start\msssort.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [ACTSchedulerUI] "C:\Program Files\ACT\ACT for Windows\Act.Scheduler.UI.exe" -Dfalse
O4 - HKLM\..\Run: [Act! Preloader] "C:\Program Files\ACT\ACT for Windows\Act8.exe" -stayrunning
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PartyGammonNet - {42ABEA80-798C-4236-B90C-4091EC0927BA} - C:\Program Files\PartyGaming.net\PartyGammonNet\RunPartyGammonNet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyGammonNet - {42ABEA80-798C-4236-B90C-4091EC0927BA} - C:\Program Files\PartyGaming.net\PartyGammonNet\RunPartyGammonNet.exe (file missing)
O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.cismcare.net
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1190063697265
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1190065209218
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ACT! Scheduler - Sage Software SB, Inc - c:\program files\act\act for windows\act.scheduler.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Inspector Lounge Transfer Service (ILTransferSvc) - Unknown owner - C:\Program Files\Lighthouse\uploadservice.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 9873 bytes
 
Close all programs leaving only HijackThis running. Place a check against each of the following,

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile - {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing)
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O15 - Trusted Zone: http://*.cismcare.net

Click on Fix Checked when finished and exit HijackThis.

I see no reason for the 04's to be running.
As far as the 015 I trust none of them.
 
Lookin' Good!

Eagle;

Thanks a million for the help. I also followed the procedures listed in this forum for
"Make Your Internet Explorer More Secure" by installing SpywareBlaster and IE-Spyad along with my versions of AdAware and Spyboy S&D.

If you have any more recommendations, I'll be happy to hear them. If not, THANKS AGAIN!

I won't hesitate to post again if I get into trouble!

With much appreciation,

GaryB927
 
Status
Not open for further replies.
Back
Top