TS

+=+=+=+=+=+=+=+=+=
NMap claimed that 2 ports used by VNC were open on the target machine...... Unfortunately, being in a hurry I didn't save the scan results and I forget the ports. Added to that I had the machine shut down so I can't rerun the scan.
+=+=+=+=+=+=+=+=+=

vnc runs on 5800 and 5900 and can be accessed using a web browser on port 5800. (http://<machinename>:5800) if its password protected you can shut it down with pskill from systernals (pskill <\\machinename) winvnc) then use gencontrol to give'em hell.

BTW it wasn't dropped by a virus if it were it would only be running on 5900 to reduce the number of components it needed