A few days ago norton antivirus started flashing that it found a trojan vundo in my temp. internet files. I've tried to remove it with the remove vundo tool that norton supplies, but it hasn't worked. So far the only malicious effect I've noticed is that pop-ups will appear randomly about once an hour. Here's the DSS scan
Deckard's System Scanner v20071014.68
Run by Eric Reese on 2008-01-18 14:44:01
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
39: 2008-01-18 19:44:09 UTC - RP226 - Deckard's System Scanner Restore Point
38: 2008-01-18 17:18:18 UTC - RP225 - Last known good configuration
37: 2008-01-18 17:18:10 UTC - RP224 - Last known good configuration
36: 2008-01-18 17:18:10 UTC - RP223 - Last known good configuration
35: 2008-01-18 17:18:10 UTC - RP222 - Software Distribution Service 3.0
-- First Restore Point --
1: 2008-01-18 17:18:06 UTC - RP188 - System Checkpoint
Performed disk cleanup.
System Drive C: has 10.57 GiB (less than 15%) free.
-- HijackThis (run as Eric Reese.exe) ------------------------------------------
Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------
Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-01-18 14:48:27
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\MDM.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqste08.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Eric Reese\Desktop\dss.exe
C:\Program Files\Trend Micro\HijackThis\Eric Reese.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://www.google.com/search?q=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about
:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL =
http://www.google.com/ie
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {494A104E-6BC7-4FCA-96F6-145B559CB67E} - C:\WINDOWS\system32\jkkjk.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: (no name) - {FFF29BE4-24AC-4E31-B99B-45238B764111} - C:\WINDOWS\system32\opnnkih.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] c:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SysMetrix] C:\Program Files\SysMetrix\SysMetrix.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) -
http://h50203.www5.hp.com/HPISWeb/Cu...ataManager.CAB
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} (Shockwave ActiveX Control) -
http://fpdownload.macromedia.com/get...irector/sw.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) -
http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) -
http://gamedownload.ijjimax.com/game...Plugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload.macromedia.com/get...sh/swflash.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{1C2124C8-D221-47F9-BF6A-5E341F69D545}: NameServer = 68.87.75.194,68.87.64.146
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: opnnkih - C:\WINDOWS\system32\opnnkih.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: dns cache reader (DNSCacheReader) - Unknown owner - C:\WINDOWS\system32\j1211032.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SavRoam - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
--
End of file - 13669 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 SDbgMsg - c:\windows\system32\drivers\sdbgmsg.sys <Not Verified; Syser Software Corporation; Syser Kernel Debugger for Windows>
R0 SyserBoot - c:\windows\system32\drivers\sysboot.sys <Not Verified; Syser Software Corporation; Syser Kernel Debugger for Windows>
R0 SyserLanguage - c:\windows\system32\drivers\syslang.sys <Not Verified; Syser Software Corporation; Syser Kernel Debugger for Windows>
S0 nmfilter (DriverStudio Device Filter) - c:\windows\system32\drivers\nmfilter.sys (file missing)
S2 npkcrypt - c:\nexon\maplestory\npkcrypt.sys (file missing)
S2 pciinfo (HP Pci Information) - c:\docume~1\ericre~1\locals~1\temp\hpispz\hpdom\pciinfo.sys (file missing)
S2 zntport (NTPort Library Driver) - c:\windows\system32\zntport.sys (file missing)
S3 catchme - c:\docume~1\ericre~1\locals~1\temp\catchme.sys (file missing)
S3 DADriv1 - c:\documents and settings\eric reese\desktop\things i use\cheat engines\da engine\dak32.sys (file missing)
S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing)
S3 gel90xne - c:\docume~1\ericre~1\locals~1\temp\gel90xne.sys (file missing)
S3 IlvMoneyDRIVER53 - c:\documents and settings\eric reese\desktop\things i use\cheat engines\moonlight\ilvmoney1105.sys (file missing)
S3 puma1 - c:\documents and settings\eric reese\desktop\things i use\puma engine + [2].ct\puma.sys (file missing)
S3 Revolution1 - c:\documents and settings\eric reese\desktop\things i use\cheat engines\rev engine\shak3.sys (file missing)
S3 Sex1 - c:\documents and settings\eric reese\desktop\things i use\cheat engines\sex engine\sex.sys (file missing)
S3 SoRa1 - c:\documents and settings\eric reese\desktop\things i use\cheat engines\sora engine 2.3\sora23.sys (file missing)
S3 sora121 - c:\documents and settings\eric reese\desktop\things i use\cheat engines\sora engine2.90\sora12.sys (file missing)
S3 SPCommand (SPCommand.sys) - c:\windows\system32\drivers\plugin\i386\spcommand.sys <Not Verified; Syser Software Corporation; Syser Kernel Debugger for Windows>
S3 spuce1 - c:\documents and settings\eric reese\desktop\things i use\cheat engines\spuc3 engine\spuce.sys (file missing)
S3 Syser - c:\windows\system32\drivers\syser.sys <Not Verified; Syser Software Corporation; Syser Kernel Debugger for Windows>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 aawservice (Ad-Aware 2007 Service) - "c:\program files\lavasoft\ad-aware 2007\aawservice.exe" <Not Verified; Lavasoft AB; Ad-Aware 2007 Service>
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; >
S2 DNSCacheReader (dns cache reader) - c:\windows\system32\j1211032.exe (file missing)
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA
Class GUID: {4D36E978-E325-11CE-BFC1-08002BE10318}
Description: Printer Port
Device ID: ROOT\PORTS\0000
Manufacturer: (Standard port types)
Name: Printer Port (LPT3)
PNP Device ID: ROOT\PORTS\0000
Service: Parport
-- Scheduled Tasks -------------------------------------------------------------
2008-01-16 20:02:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-01-11 16:13:13 418 --a------ C:\WINDOWS\Tasks\Norton Security Scan.job
-- Files created between 2007-12-18 and 2008-01-18 -----------------------------
2008-01-18 14:45:24 0 d-------- C:\Program Files\Trend Micro
2008-01-18 12:45:19 44928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; Panda® Antivirus>
2008-01-18 12:42:23 8576 --a------ C:\WINDOWS\system32\drivers\qmpjayhdebjt.sys <Not Verified; Panda Software International; RKPavProc Driver>
2008-01-18 12:25:02 0 d-------- C:\WINDOWS\LastGood
2008-01-18 12:08:08 327464 --a------ C:\WINDOWS\system32\mljge.dll
2008-01-17 23:46:13 86592 --a------ C:\WINDOWS\system32\jtpeadgh.dll
2008-01-17 23:40:14 217874 ---hs---- C:\WINDOWS\system32\kjkkj.bak2
2008-01-17 21:22:50 6522 ---hs---- C:\WINDOWS\system32\kjkkj.bak1
2008-01-17 21:22:13 327744 --a------ C:\WINDOWS\system32\jkkjk.dll
2008-01-17 19:47:52 327464 --a------ C:\WINDOWS\system32\jkklm.dll
2008-01-17 19:24:41 327464 --a------ C:\WINDOWS\system32\mljgg.dll
2008-01-17 18:23:55 0 dr------- C:\Documents and Settings\LocalService\My Documents
2008-01-17 10:30:29 0 d-------- C:\Program Files\Web Publish
2008-01-17 10:17:44 140048 --a------ C:\WINDOWS\system32\jit.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-01-17 10:17:44 135168 --a------ C:\WINDOWS\system32\javaee.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-01-17 10:17:44 313856 --a------ C:\WINDOWS\system32\dx3j.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Java>
2008-01-17 10:17:44 42496 --a------ C:\WINDOWS\setdebug.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-01-17 10:17:44 6550 --a------ C:\WINDOWS\jautoexp.dat
2008-01-17 10:17:39 147456 --a------ C:\WINDOWS\wjview.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-01-17 10:17:39 113 --a------ C:\WINDOWS\system32\zonedon.reg
2008-01-17 10:17:39 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2008-01-17 10:17:39 207872 --a------ C:\WINDOWS\system32\vmhelper.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-01-17 10:17:39 73728 --a------ C:\WINDOWS\system32\msjdbc10.dll <Not Verified; Microsoft Corporation; Microsoft JDBC Bridge>
2008-01-17 10:17:39 843024 --a------ C:\WINDOWS\system32\msjava.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-01-17 10:17:39 155920 --a------ C:\WINDOWS\system32\msawt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-01-17 10:17:39 14848 --a------ C:\WINDOWS\system32\jdbgmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-01-17 10:17:39 361744 --a------ C:\WINDOWS\system32\javart.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-01-17 10:17:39 32528 --a------ C:\WINDOWS\system32\javaprxy.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-01-17 10:17:39 154112 --a------ C:\WINDOWS\jview.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-01-17 10:17:38 209168 --a------ C:\WINDOWS\system32\javacypt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-01-17 10:17:38 44544 --a------ C:\WINDOWS\clspack.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-01-17 10:17:37 103424 --a------ C:\WINDOWS\extrac32.exe <Not Verified; Microsoft Corporation; Microsoft (R) CAB File Extract Utility>
2008-01-17 10:15:18 0 d-------- C:\Program Files\Common Files\SourceTec
2008-01-17 10:15:17 0 d-------- C:\Program Files\SourceTec
2008-01-17 09:15:12 327464 --a------ C:\WINDOWS\system32\mljgf.dll
2008-01-17 08:15:12 327464 --a------ C:\WINDOWS\system32\ssttr.dll
2008-01-17 07:15:10 327464 --a------ C:\WINDOWS\system32\ddcyv.dll
2008-01-17 05:15:08 327464 --a------ C:\WINDOWS\system32\pmnnn.dll
2008-01-17 04:15:08 327464 --a------ C:\WINDOWS\system32\sstts.dll
2008-01-16 23:15:10 326204 --a------ C:\WINDOWS\system32\vtutu.dll
2008-01-16 23:03:42 0 dr-h----- C:\Documents and Settings\Eric Reese\Recent
2008-01-16 22:43:09 327464 --a------ C:\WINDOWS\system32\geebb.dll
2008-01-16 19:55:36 327464 --a------ C:\WINDOWS\system32\vtstr.dll
2008-01-16 17:07:09 327464 --a------ C:\WINDOWS\system32\vturp.dll
2008-01-16 16:22:03 327464 --a------ C:\WINDOWS\system32\awtqq.dll
2008-01-16 16:17:00 40448 --a------ C:\WINDOWS\system32\opnnkih.dll
2008-01-15 23:30:06 933888 --a------ C:\WINDOWS\system32\drivers\Wisp.dat
2008-01-15 23:30:06 401408 --a------ C:\WINDOWS\system32\drivers\Syser.dat
2008-01-15 23:30:05 869376 --a------ C:\WINDOWS\system32\drivers\SysLang.sys <Not Verified; Syser Software Corporation; Syser Kernel Debugger for Windows>
2008-01-15 23:30:05 1229056 --a------ C:\WINDOWS\system32\drivers\Syser.sys <Not Verified; Syser Software Corporation; Syser Kernel Debugger for Windows>
2008-01-15 23:30:05 23936 --a------ C:\WINDOWS\system32\drivers\SysBoot.sys <Not Verified; Syser Software Corporation; Syser Kernel Debugger for Windows>
2008-01-15 23:30:05 11520 --a------ C:\WINDOWS\system32\drivers\SDbgMsg.sys <Not Verified; Syser Software Corporation; Syser Kernel Debugger for Windows>
2008-01-15 23:30:05 0 d-------- C:\WINDOWS\system32\drivers\plugin
2008-01-15 23:30:04 0 d-------- C:\Program Files\Syser
2008-01-15 21:50:50 0 d-------- C:\Program Files\NuMega
2008-01-15 18:03:12 0 d-------- C:\Program Files\Chaos SD
2008-01-14 23:20:19 0 d-------- C:\Program Files\Ventrilo
2008-01-14 23:18:34 0 d-------- C:\Program Files\VentSrv
2008-01-13 22:32:13 0 d-------- C:\Documents and Settings\Eric Reese\Application Data\Secret of the Solstice
2008-01-13 20:25:09 1970176 --a------ C:\WINDOWS\system32\d3dx9.dll
2008-01-13 20:25:09 679936 --a------ C:\WINDOWS\system32\D3DX81ab.dll <Not Verified; Generated by JEDI; D3DX81>
2008-01-13 17:51:04 0 d-------- C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2008-01-13 17:50:43 0 d-------- C:\Program Files\Canon
2008-01-13 17:46:56 0 d-------- C:\Program Files\Common Files\Canon
-- Find3M Report ---------------------------------------------------------------
2008-01-18 14:03:52 0 d-------- C:\Program Files\Symantec AntiVirus
2008-01-18 13:46:44 0 d-------- C:\Program Files\iTunes
2008-01-18 13:43:51 0 d-------- C:\Program Files\Google
2008-01-18 13:43:01 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-01-18 13:41:59 0 d-------- C:\Program Files\Common Files\LightScribe
2008-01-18 13:40:30 0 d-------- C:\Program Files\Bonjour
2008-01-18 13:40:11 0 d-------- C:\Program Files\AIM6
2008-01-17 22:19:33 0 d-------- C:\Program Files\Warcraft III
2008-01-17 13:09:00 0 d-------- C:\Program Files\Norton Security Scan
2008-01-17 11:21:23 0 d-------- C:\Program Files\SealOnlineUSA
2008-01-17 10:30:47 0 d-------- C:\Program Files\Common Files
2008-01-17 10:01:09 0 d-------- C:\Documents and Settings\Eric Reese\Application Data\uTorrent
2008-01-16 23:00:40 0 d-------- C:\Program Files\SpywareBlaster
2008-01-16 20:43:59 0 d-------- C:\Program Files\Torrent Episode Downloader
2008-01-16 17:21:52 0 d-------- C:\Documents and Settings\Eric Reese\Application Data\Viewpoint
2008-01-16 17:21:35 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-14 23:21:02 0 d-------- C:\Documents and Settings\Eric Reese\Application Data\Ventrilo
2008-01-13 22:16:44 0 d-------- C:\Program Files\Outspark
2007-12-13 22:29:01 0 d-------- C:\Program Files\Cheat Engine
2007-12-08 04:12:44 0 d-------- C:\Program Files\DivX
2007-12-03 20:33:18 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-12-03 20:33:18 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2007-12-03 20:33:18 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2007-12-03 20:33:16 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2007-11-29 17:30:28 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-11-29 17:28:24 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2007-11-29 17:28:24 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-11-28 16:52:32 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-11-26 00:49:06 0 d-------- C:\Program Files\MSBuild
2007-11-26 00:28:46 0 d-------- C:\Program Files\Common Files\Real
2007-11-26 00:28:34 0 d-------- C:\Documents and Settings\Eric Reese\Application Data\Real
2007-11-25 18:22:36 0 d-------- C:\Documents and Settings\Eric Reese\Application Data\GetRightToGo
2007-11-22 00:21:54 0 d-------- C:\Program Files\iPod
2007-11-22 00:19:18 0 d-------- C:\Program Files\QuickTime
2007-11-21 01:19:02 0 d-------- C:\Documents and Settings\Eric Reese\Application Data\AdobeUM
2007-11-21 00:16:11 65536 --a------ C:\WINDOWS\IFinst27.exe
2007-11-20 13:46:44 0 d-------- C:\Documents and Settings\Eric Reese\Application Data\Adobe
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{494A104E-6BC7-4FCA-96F6-145B559CB67E}]
01/17/2008 09:22 PM 327744 --a------ C:\WINDOWS\system32\jkkjk.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFF29BE4-24AC-4E31-B99B-45238B764111}]
01/16/2008 04:17 PM 40448 --a------ C:\WINDOWS\system32\opnnkih.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 03:00 AM]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [03/01/2007 12:18 PM]
"nwiz"="nwiz.exe" [04/15/2006 01:26 PM C:\WINDOWS\system32\nwiz.exe]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [04/18/2006 06:29 AM C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [03/04/2006 12:46 AM]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [04/11/2006 11:54 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [12/15/2005 10:18 AM]
"@"="" []
"ISUSPM Startup"="c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [03/20/2006 05:34 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [03/20/2006 05:34 PM]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [03/06/2007 10:28 AM]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [02/22/2006 10:03 AM]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [03/24/2006 04:14 PM]
"vptray"="c:\PROGRA~1\SYMANT~1\VPTray.exe" [06/15/2006 12:40 AM]
"SysMetrix"="C:\Program Files\SysMetrix\SysMetrix.exe" []
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [03/20/2006 05:34 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [11/14/2007 11:43 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [11/15/2007 01:11 PM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [04/15/2006 01:26 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/08/2007 11:04 AM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [10/04/2007 10:20 AM]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 10:00 AM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 04:45 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [05/31/2005 01:04 AM]
C:\Documents and Settings\Eric Reese\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 7:16:50 PM]
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [10/20/2005 11:04:08 AM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe [12/15/2005 10:40:44 AM]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe [9/24/2005 12:39:30 PM]
VPN Client.lnk - C:\WINDOWS\Installer\{176130BC-99A1-41FE-A78B-56045E33AD70}\Icon3E5562ED7.ico [4/20/2007 3:00:09 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{FFF29BE4-24AC-4E31-B99B-45238B764111}"= C:\WINDOWS\system32\opnnkih.dll [01/16/2008 04:17 PM 40448]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnnkih]
opnnkih.dll 01/16/2008 04:17 PM 40448 C:\WINDOWS\system32\opnnkih.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
*Newly Created Service* - QMPJAYHDEBJT
-- End of Deckard's System Scanner: finished at 2008-01-18 14:49:04 ------------
And the Panda Scan:
Incident Status Location
Adware:Adware/UltimateCleaner Not disinfected C:\Deckard\System Scanner\backup\DOCUME~1\ERICRE~1\LOCALS~1\Temp\looklook.exe
Adware:Adware/UltimateCleaner Not disinfected C:\Deckard\System Scanner\backup\DOCUME~1\ERICRE~1\LOCALS~1\Temp\looksv.exe
Adware:Adware/UltimateCleaner Not disinfected C:\Deckard\System Scanner\backup\DOCUME~1\ERICRE~1\LOCALS~1\Temp\lookwin.exe
Adware:Adware/UltimateCleaner Not disinfected C:\Deckard\System Scanner\backup\DOCUME~1\ERICRE~1\LOCALS~1\Temp\monagent.exe
Adware:Adware/UltimateCleaner Not disinfected C:\Deckard\System Scanner\backup\DOCUME~1\ERICRE~1\LOCALS~1\Temp\monwin.exe
Adware:Adware/UltimateCleaner Not disinfected C:\Deckard\System Scanner\backup\DOCUME~1\ERICRE~1\LOCALS~1\Temp\powersyn.exe
Adware:Adware/UltimateCleaner Not disinfected C:\Deckard\System Scanner\backup\DOCUME~1\ERICRE~1\LOCALS~1\Temp\server16.exe
Adware:Adware/UltimateCleaner Not disinfected C:\Deckard\System Scanner\backup\DOCUME~1\ERICRE~1\LOCALS~1\Temp\sv32.exe
Adware:Adware/UltimateCleaner Not disinfected C:\Deckard\System Scanner\backup\DOCUME~1\ERICRE~1\LOCALS~1\Temp\svmon.exe
Adware:Adware/UltimateCleaner Not disinfected C:\Deckard\System Scanner\backup\DOCUME~1\ERICRE~1\LOCALS~1\Temp\synagent.exe
Adware:Adware/UltimateCleaner Not disinfected C:\Deckard\System Scanner\backup\DOCUME~1\ERICRE~1\LOCALS~1\Temp\syshost.exe
Adware:Adware/UltimateCleaner Not disinfected C:\Deckard\System Scanner\backup\DOCUME~1\ERICRE~1\LOCALS~1\Temp\syssyn.exe
Adware:Adware/UltimateCleaner Not disinfected C:\Deckard\System Scanner\backup\DOCUME~1\ERICRE~1\LOCALS~1\Temp\winwin.exe
Virus:Generic Malware Disinfected C:\Deckard\System Scanner\backup\WINDOWS\Downloaded Program Files\HGStart9USA.exe
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Eric Reese\Application Data\Mozilla\Firefox\Profiles\u81vzcq5.default\cookies.txt[.atwola.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Eric Reese\Application Data\Mozilla\Firefox\Profiles\u81vzcq5.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Eric Reese\Application Data\Mozilla\Firefox\Profiles\u81vzcq5.default\cookies.txt[
www.burstbeacon.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Eric Reese\Application Data\Mozilla\Firefox\Profiles\u81vzcq5.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Eric Reese\Application Data\Mozilla\Firefox\Profiles\u81vzcq5.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Eric Reese\Application Data\Mozilla\Firefox\Profiles\u81vzcq5.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Eric Reese\Application Data\Mozilla\Firefox\Profiles\u81vzcq5.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Eric Reese\Application Data\Mozilla\Firefox\Profiles\u81vzcq5.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Eric Reese\Application Data\Mozilla\Firefox\Profiles\u81vzcq5.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Eric Reese\Application Data\Mozilla\Firefox\Profiles\u81vzcq5.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Eric Reese\Cookies\eric_reese@advertising[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Eric Reese\Cookies\eric_reese@advertising[3].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Eric Reese\Cookies\eric_reese@atwola[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Eric Reese\Cookies\eric_reese@atwola[3].txt
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Eric Reese\Desktop\Desktop Folders\Things I never use\ComboFix.exe[nircmd.exe]
Hacktool:Sniffer/WpePro Not disinfected C:\Documents and Settings\Eric Reese\Desktop\Desktop Folders\Things I use\wpe_pro_undectable_326\WpeSpy.dll
Hacktool:Sniffer/WpePro Not disinfected C:\Documents and Settings\Eric Reese\Desktop\Desktop Folders\Things I use\wpe_pro_undectable_326\WPE_PRO.exe
Hacktool:Sniffer/WpePro Not disinfected C:\Documents and Settings\Eric Reese\Desktop\Desktop Folders\Things I use\wpe_pro_undectable_326\wpe_pro_undectable_326.zip[WPE_PRO.exe]
Hacktool:Sniffer/WpePro Not disinfected C:\Documents and Settings\Eric Reese\Desktop\Desktop Folders\Things I use\wpe_pro_undectable_326\wpe_pro_undectable_326.zip[WpeSpy.dll]
Spyware:Spyware/PeoplePC Not disinfected C:\Program Files\Online Services\PeoplePC\ISP5900\Dll\RAS.DLL
Virus:Generic Trojan Disinfected C:\SWSETUP\MedCtrFP\Extras\ESPN\motionsetupmce.exe
Virus:Generic Trojan Disinfected C:\SWSETUP\MedCtrFP\Samples\BonusDVD.msi[unk_0029]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\nircmd.exe
Thanks in advance for helping me out!