Ok...finally done.
Looks like I have a bit more work to do in order to get everything gone...arggg.
(and I will be doing the virus protect software now thanks!)
The good news is, google and yahoo are not redirecting anymore! Thanks!
Here are the new files posts.
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, May 04, 2008 6:19:36 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 4/05/2008
Kaspersky Anti-Virus database records: 739304
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 313659
Number of viruses found: 31
Number of infected objects: 144
Number of suspicious objects: 13
Duration of the scan process: 03:19:58
Infected Object Name / Virus Name / Last Action
C:\Deckard\System Scanner\20080504122815\backup\DOCUME~1\JON&JA~1\LOCALS~1\Temp\clnDB.tmp Infected: Trojan-Downloader.Win32.Dyfuca.ei skipped
C:\Deckard\System Scanner\20080504122815\backup\DOCUME~1\JON&JA~1\LOCALS~1\Temp\E8CD0.tmp/PMTInstaller.exe Infected: not-a-virus:AdWare.Win32.MDH.g skipped
C:\Deckard\System Scanner\20080504122815\backup\DOCUME~1\JON&JA~1\LOCALS~1\Temp\E8CD0.tmp CAB: infected - 1 skipped
C:\Deckard\System Scanner\20080504122815\backup\DOCUME~1\JON&JA~1\LOCALS~1\Temp\MediaBar.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Mostofate.aa skipped
C:\Deckard\System Scanner\20080504122815\backup\DOCUME~1\JON&JA~1\LOCALS~1\Temp\MediaBar.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.aa skipped
C:\Deckard\System Scanner\20080504122815\backup\DOCUME~1\JON&JA~1\LOCALS~1\Temp\MediaBar.exe NSIS: infected - 2 skipped
C:\Deckard\System Scanner\20080504122815\backup\DOCUME~1\JON&JA~1\LOCALS~1\Temp\temp.fr2C1A\ACM.dll Infected: not-a-virus:AdTool.Win32.WhenU.g skipped
C:\Deckard\System Scanner\20080504122815\backup\DOCUME~1\JON&JA~1\LOCALS~1\Temp\temp.fr2F7B\ACM.dll Infected: not-a-virus:AdTool.Win32.WhenU.g skipped
C:\Deckard\System Scanner\20080504122815\backup\DOCUME~1\JON&JA~1\LOCALS~1\Temp\temp.fr4BD7\ACM.dll Infected: not-a-virus:AdTool.Win32.WhenU.g skipped
C:\Deckard\System Scanner\20080504122815\backup\DOCUME~1\JON&JA~1\LOCALS~1\Temp\temp.frAEDA\ACM.dll Infected: not-a-virus:AdTool.Win32.WhenU.g skipped
C:\Deckard\System Scanner\20080504122815\backup\DOCUME~1\JON&JA~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\69AWY2CM\wbk3F1.tmp Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Deckard\System Scanner\20080504122815\backup\DOCUME~1\JON&JA~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\69AWY2CM\wbk528.tmp Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\All Users\Application Data\ATI MMC\RemoteWonder.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a60b579eefeec4a787de85bbe6973a8a_1dce0e75-1303-433a-bfc1-6b582bd25551 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bc96e4c524e4ea1346c48939a4f9f9d1_1dce0e75-1303-433a-bfc1-6b582bd25551 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Brady\Application Data\Aim\nextrwvd\bhitzws112\cert8.db Object is locked skipped
C:\Documents and Settings\Brady\Application Data\Aim\nextrwvd\bhitzws112\key3.db Object is locked skipped
C:\Documents and Settings\Brady\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped
C:\Documents and Settings\Brady\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt_GTActions.log Object is locked skipped
C:\Documents and Settings\Brady\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\glog.log Object is locked skipped
C:\Documents and Settings\Brady\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-5f5cccb6-43cc2fda.zip/Counter.class Infected: Trojan.Java.Femad skipped
C:\Documents and Settings\Brady\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-5f5cccb6-43cc2fda.zip/VerifierBug.class Infected: Trojan.Java.Femad skipped
C:\Documents and Settings\Brady\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-5f5cccb6-43cc2fda.zip/web.exe Infected: Trojan.Win32.Small.ev skipped
C:\Documents and Settings\Brady\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-5f5cccb6-43cc2fda.zip/Worker.class Infected: Trojan.Java.Femad skipped
C:\Documents and Settings\Brady\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-5f5cccb6-43cc2fda.zip/Xeyond.class Infected: Trojan.Java.Femad skipped
C:\Documents and Settings\Brady\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-5f5cccb6-43cc2fda.zip ZIP: infected - 5 skipped
C:\Documents and Settings\Brady\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Brady\Local Settings\Application Data\ApplicationHistory\cli.exe.c88dbd71.ini.inuse Object is locked skipped
C:\Documents and Settings\Brady\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_219.wmdb Object is locked skipped
C:\Documents and Settings\Brady\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Brady\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Brady\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Brady\Local Settings\Temp\Perflib_Perfdata_181c.dat Object is locked skipped
C:\Documents and Settings\Brady\Local Settings\Temp\Perflib_Perfdata_1f50.dat Object is locked skipped
C:\Documents and Settings\Brady\Local Settings\Temp\Perflib_Perfdata_1f58.dat Object is locked skipped
C:\Documents and Settings\Brady\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Brady\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Brady\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Dustin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-5f5cccb6-756405ea.zip/Counter.class Infected: Trojan.Java.Femad skipped
C:\Documents and Settings\Dustin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-5f5cccb6-756405ea.zip/VerifierBug.class Infected: Trojan.Java.Femad skipped
C:\Documents and Settings\Dustin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-5f5cccb6-756405ea.zip/web.exe Infected: Trojan.Win32.Small.ev skipped
C:\Documents and Settings\Dustin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-5f5cccb6-756405ea.zip/Worker.class Infected: Trojan.Java.Femad skipped
C:\Documents and Settings\Dustin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-5f5cccb6-756405ea.zip/Xeyond.class Infected: Trojan.Java.Femad skipped
C:\Documents and Settings\Dustin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-5f5cccb6-756405ea.zip ZIP: infected - 5 skipped
C:\Documents and Settings\Dustin\Local Settings\Temporary Internet Files\Content.IE5\AX8FUTIP\index1[1].htm Infected: Exploit.HTML.Mht skipped
C:\Documents and Settings\Jon & Janet\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive1213.jar-249ec68-3d4b6889.zip/BlackBox.class Infected: Trojan.Java.ClassLoader.ak skipped
C:\Documents and Settings\Jon & Janet\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive1213.jar-249ec68-3d4b6889.zip/VB.class Infected: Trojan.Java.ClassLoader.ak skipped
C:\Documents and Settings\Jon & Janet\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive1213.jar-249ec68-3d4b6889.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.ah skipped
C:\Documents and Settings\Jon & Janet\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive1213.jar-249ec68-3d4b6889.zip ZIP: infected - 3 skipped
C:\Documents and Settings\Jon & Janet\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-414e4909-12b47cdb.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Documents and Settings\Jon & Janet\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-414e4909-12b47cdb.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Jon & Janet\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-414e4909-12b47cdb.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Documents and Settings\Jon & Janet\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-414e4909-12b47cdb.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Documents and Settings\Jon & Janet\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-414e4909-12b47cdb.zip ZIP: infected - 4 skipped
C:\Documents and Settings\Jon & Janet\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-70d7f4b6-2f13198b.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Documents and Settings\Jon & Janet\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-70d7f4b6-2f13198b.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Jon & Janet\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-70d7f4b6-2f13198b.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Documents and Settings\Jon & Janet\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-70d7f4b6-2f13198b.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Documents and Settings\Jon & Janet\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-70d7f4b6-2f13198b.zip ZIP: infected - 4 skipped
C:\Documents and Settings\Jon & Janet\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-5e403f07-27a2c84a.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Jon & Janet\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-5e403f07-27a2c84a.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Jon & Janet\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-5e403f07-27a2c84a.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
C:\Documents and Settings\Jon & Janet\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-5e403f07-27a2c84a.zip ZIP: infected - 3 skipped
C:\Documents and Settings\Jon & Janet\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-57d94963-50617d0a.zip/BaaaaBaa.class Infected: Exploit.Java.Gimsh.a skipped
C:\Documents and Settings\Jon & Janet\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-57d94963-50617d0a.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Jon & Janet\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-29d43e43-693538bc.zip/Counter.class Infected: Trojan.Java.Femad skipped
C:\Documents and Settings\Jon & Janet\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-29d43e43-693538bc.zip/VerifierBug.class Infected: Trojan.Java.Femad skipped
C:\Documents and Settings\Jon & Janet\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-29d43e43-693538bc.zip/web.exe Infected: Trojan.Win32.LowZones.cp skipped
C:\Documents and Settings\Jon & Janet\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-29d43e43-693538bc.zip/Worker.class Infected: Trojan.Java.Femad skipped
C:\Documents and Settings\Jon & Janet\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-29d43e43-693538bc.zip/Xeyond.class Infected: Trojan.Java.Femad skipped
C:\Documents and Settings\Jon & Janet\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-29d43e43-693538bc.zip ZIP: infected - 5 skipped
C:\Documents and Settings\Jon & Janet\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-29defbe1-1924f0b0.zip/Counter.class Infected: Trojan.Java.Femad skipped
C:\Documents and Settings\Jon & Janet\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-29defbe1-1924f0b0.zip/VerifierBug.class Infected: Trojan.Java.Femad skipped
C:\Documents and Settings\Jon & Janet\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-29defbe1-1924f0b0.zip/web.exe Infected: Trojan.Win32.Small.ev skipped
C:\Documents and Settings\Jon & Janet\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-29defbe1-1924f0b0.zip/Worker.class Infected: Trojan.Java.Femad skipped
C:\Documents and Settings\Jon & Janet\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-29defbe1-1924f0b0.zip/Xeyond.class Infected: Trojan.Java.Femad skipped
C:\Documents and Settings\Jon & Janet\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-29defbe1-1924f0b0.zip ZIP: infected - 5 skipped
C:\Documents and Settings\Jon & Janet\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\proc.jar-e821fb5-239a7817.zip/Jvb.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Jon & Janet\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\proc.jar-e821fb5-239a7817.zip/MyFunction.class Infected: Trojan-Dropper.Java.Small.c skipped
C:\Documents and Settings\Jon & Janet\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\proc.jar-e821fb5-239a7817.zip/MainApp.class Infected: Trojan.Java.ClassLoader.f skipped
C:\Documents and Settings\Jon & Janet\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\proc.jar-e821fb5-239a7817.zip ZIP: infected - 3 skipped
C:\Documents and Settings\Jon & Janet\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Jon & Janet\Local Settings\Application Data\ApplicationHistory\cli.exe.c88dbd71.ini.inuse Object is locked skipped
C:\Documents and Settings\Jon & Janet\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_219.wmdb Object is locked skipped
C:\Documents and Settings\Jon & Janet\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Deleted Items/15 Oct 2006 18:24 from Washington Mutual:WaMu e-Alert.html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Jon & Janet\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Deleted Items/17 Oct 2006 21:14 from PayPal:Payment confirmation for Starbucks.html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Jon & Janet\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Deleted Items/19 Oct 2006 06:18 from JPMorgan Chase & Co.:Chase Online***.html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Jon & Janet\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Deleted Items/24 Oct 2006 01:09 from eBay Member: gamemaster4u:Re: Question fo.html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Jon & Janet\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Deleted Items/17 Oct 2006 17:39 from PayPal:Payment confirmation for Starbucks.html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Jon & Janet\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Deleted Items/28 Sep 2006 18:59 from eBay:E-Gold , $40 USD worth of egold elec.html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Jon & Janet\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Deleted Items/24 Oct 2006 20:17 from eBay:Confirmation Request - ID CODE: 0091.html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Jon & Janet\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Deleted Items/23 Sep 2006 22:06 from
[email protected]:Change Of Email Notifi.html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Jon & Janet\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Deleted Items/06 Sep 2006 22:42 from PayPal:Please Restore Your Account Access.html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Jon & Janet\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Deleted Items/05 Nov 2006 09:37 from PayPal:PayPal Securiy Measures.html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Jon & Janet\Local Settings\Application Data\Microsoft\Outlook\outlook.pst MailMSMaill: suspicious - 10 skipped
C:\Documents and Settings\Jon & Janet\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Jon & Janet\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Jon & Janet\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Jon & Janet\Local Settings\History\History.IE5\MSHist012008050420080505\index.dat Object is locked skipped
C:\Documents and Settings\Jon & Janet\Local Settings\Temp\Perflib_Perfdata_bcc.dat Object is locked skipped
C:\Documents and Settings\Jon & Janet\Local Settings\Temp\Perflib_Perfdata_e80.dat Object is locked skipped
C:\Documents and Settings\Jon & Janet\Local Settings\Temp\Perflib_Perfdata_e98.dat Object is locked skipped
C:\Documents and Settings\Jon & Janet\Local Settings\Temp\~DFF8E4.tmp Object is locked skipped
C:\Documents and Settings\Jon & Janet\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jon & Janet\My Documents\My Received Files\1ClickDVDCopy4.2.1.5\keygen.exe Infected: Trojan-Clicker.Win32.Small.is skipped
C:\Documents and Settings\Jon & Janet\My Documents\My Received Files\crack.exe/ist1.exe Infected: Trojan-Downloader.Win32.IstBar.is skipped
C:\Documents and Settings\Jon & Janet\My Documents\My Received Files\crack.exe ZIP: infected - 1 skipped
C:\Documents and Settings\Jon & Janet\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Jon & Janet\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Preston\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-5d130aa4-614e08f8.zip/BnnnnBaa.class Infected: Trojan.Java.ClassLoader.as skipped
C:\Documents and Settings\Preston\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-5d130aa4-614e08f8.zip/VaannnaaBaa.class Infected: Trojan.Java.ClassLoader.as skipped
C:\Documents and Settings\Preston\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-5d130aa4-614e08f8.zip/Bnnnnn.class Infected: Trojan.Java.ClassLoader.as skipped
C:\Documents and Settings\Preston\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-5d130aa4-614e08f8.zip ZIP: infected - 3 skipped
C:\Documents and Settings\Ryan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\java.class-4785eec8-3743cdb1.class Infected: Exploit.Java.Gimsh.a skipped
C:\Documents and Settings\Ryan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\a.jar-228d5c98-7d488a18.zip/a.class Infected: Trojan.Java.ClassLoader.b skipped
C:\Documents and Settings\Ryan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\a.jar-228d5c98-7d488a18.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Documents and Settings\Ryan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\a.jar-228d5c98-7d488a18.zip/VerifierBug.class Infected: Trojan.Java.ClassLoader.u skipped
C:\Documents and Settings\Ryan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\a.jar-228d5c98-7d488a18.zip ZIP: infected - 3 skipped
C:\Documents and Settings\Ryan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-94acc9e-297623e6.zip/BnnnnBaa.class Infected: Trojan.Java.ClassLoader.as skipped
C:\Documents and Settings\Ryan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-94acc9e-297623e6.zip/VaannnaaBaa.class Infected: Trojan.Java.ClassLoader.as skipped
C:\Documents and Settings\Ryan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-94acc9e-297623e6.zip/Bnnnnn.class Infected: Trojan.Java.ClassLoader.as skipped
C:\Documents and Settings\Ryan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-94acc9e-297623e6.zip ZIP: infected - 3 skipped
C:\Documents and Settings\Ryan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\counter.jpg-301c72d2-3d2fdc87.zip/Counter.class Infected: Trojan.Java.Femad skipped
C:\Documents and Settings\Ryan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\counter.jpg-301c72d2-3d2fdc87.zip/VerifierBug.class Infected: Trojan.Java.Femad skipped
C:\Documents and Settings\Ryan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\counter.jpg-301c72d2-3d2fdc87.zip/Worker.class Infected: Trojan.Java.Femad skipped
C:\Documents and Settings\Ryan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\counter.jpg-301c72d2-3d2fdc87.zip/Xeyond.class Infected: Trojan.Java.Femad skipped
C:\Documents and Settings\Ryan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\counter.jpg-301c72d2-3d2fdc87.zip/web.exe Infected: Trojan-Downloader.Win32.Small.asy skipped
C:\Documents and Settings\Ryan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\counter.jpg-301c72d2-3d2fdc87.zip ZIP: infected - 5 skipped
C:\Documents and Settings\Ryan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-27406485-1b1c39dd.zip/HiPointInstallShieldRT.class Infected: Trojan-Downloader.Java.OpenConnection.ap skipped
C:\Documents and Settings\Ryan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-27406485-1b1c39dd.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Ryan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-66a471f5-3d8feefa.zip/HiPointInstallShieldRT.class Infected: Trojan-Downloader.Java.OpenConnection.ap skipped
C:\Documents and Settings\Ryan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-66a471f5-3d8feefa.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Ryan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-159a8ce0-23c93cb7.zip/Counter.class Infected: Trojan.Java.Femad skipped
C:\Documents and Settings\Ryan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-159a8ce0-23c93cb7.zip/VerifierBug.class Infected: Trojan.Java.Femad skipped
C:\Documents and Settings\Ryan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-159a8ce0-23c93cb7.zip/web.exe Infected: Trojan.Win32.Small.ev skipped
C:\Documents and Settings\Ryan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-159a8ce0-23c93cb7.zip/Worker.class Infected: Trojan.Java.Femad skipped
C:\Documents and Settings\Ryan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-159a8ce0-23c93cb7.zip/Xeyond.class Infected: Trojan.Java.Femad skipped
C:\Documents and Settings\Ryan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-159a8ce0-23c93cb7.zip ZIP: infected - 5 skipped
C:\Documents and Settings\Ryan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-29defbe1-5e04760c.zip/Counter.class Infected: Trojan.Java.Femad skipped
C:\Documents and Settings\Ryan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-29defbe1-5e04760c.zip/VerifierBug.class Infected: Trojan.Java.Femad skipped
C:\Documents and Settings\Ryan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-29defbe1-5e04760c.zip/web.exe Infected: Trojan.Win32.Small.ev skipped
C:\Documents and Settings\Ryan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-29defbe1-5e04760c.zip/Worker.class Infected: Trojan.Java.Femad skipped
C:\Documents and Settings\Ryan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-29defbe1-5e04760c.zip/Xeyond.class Infected: Trojan.Java.Femad skipped
C:\Documents and Settings\Ryan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-29defbe1-5e04760c.zip ZIP: infected - 5 skipped
C:\Documents and Settings\Ryan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-2ad522e1-2813c39c.zip/Counter.class Infected: Trojan.Java.Femad skipped
C:\Documents and Settings\Ryan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-2ad522e1-2813c39c.zip/VerifierBug.class Infected: Trojan.Java.Femad skipped
C:\Documents and Settings\Ryan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-2ad522e1-2813c39c.zip/web.exe Infected: Trojan.Win32.LowZones.dn skipped
C:\Documents and Settings\Ryan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-2ad522e1-2813c39c.zip/Worker.class Infected: Trojan.Java.Femad skipped
C:\Documents and Settings\Ryan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-2ad522e1-2813c39c.zip/Xeyond.class Infected: Trojan.Java.Femad skipped
C:\Documents and Settings\Ryan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-2ad522e1-2813c39c.zip ZIP: infected - 5 skipped
C:\Documents and Settings\Ryan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-2d07aaa2-5c714342.zip/Counter.class Infected: Trojan.Java.Femad skipped
C:\Documents and Settings\Ryan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-2d07aaa2-5c714342.zip/VerifierBug.class Infected: Trojan.Java.Femad skipped
C:\Documents and Settings\Ryan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-2d07aaa2-5c714342.zip/web.exe Infected: Trojan.Win32.Small.ev skipped
C:\Documents and Settings\Ryan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-2d07aaa2-5c714342.zip/Worker.class Infected: Trojan.Java.Femad skipped
C:\Documents and Settings\Ryan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-2d07aaa2-5c714342.zip/Xeyond.class Infected: Trojan.Java.Femad skipped
C:\Documents and Settings\Ryan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-2d07aaa2-5c714342.zip ZIP: infected - 5 skipped
C:\Documents and Settings\Ryan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-521c4f7f-5b922fbc.zip/Counter.class Infected: Trojan.Java.Femad skipped
C:\Documents and Settings\Ryan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-521c4f7f-5b922fbc.zip/VerifierBug.class Infected: Trojan.Java.Femad skipped
C:\Documents and Settings\Ryan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-521c4f7f-5b922fbc.zip/web.exe Infected: Trojan.Win32.Small.ev skipped
C:\Documents and Settings\Ryan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-521c4f7f-5b922fbc.zip/Worker.class Infected: Trojan.Java.Femad skipped
C:\Documents and Settings\Ryan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-521c4f7f-5b922fbc.zip/Xeyond.class Infected: Trojan.Java.Femad skipped
C:\Documents and Settings\Ryan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-521c4f7f-5b922fbc.zip ZIP: infected - 5 skipped
C:\Documents and Settings\Ryan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-5d6c59a1-637005e5.zip/Counter.class Infected: Trojan.Java.Femad skipped
C:\Documents and Settings\Ryan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-5d6c59a1-637005e5.zip/VerifierBug.class Infected: Trojan.Java.Femad skipped
C:\Documents and Settings\Ryan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-5d6c59a1-637005e5.zip/web.exe Infected: Trojan-Downloader.Win32.Tiny.bw skipped
C:\Documents and Settings\Ryan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-5d6c59a1-637005e5.zip/Worker.class Infected: Trojan.Java.Femad skipped
C:\Documents and Settings\Ryan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-5d6c59a1-637005e5.zip/Xeyond.class Infected: Trojan.Java.Femad skipped
C:\Documents and Settings\Ryan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-5d6c59a1-637005e5.zip ZIP: infected - 5 skipped
C:\Documents and Settings\Ryan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-5f5cccb6-13948225.zip/Counter.class Infected: Trojan.Java.Femad skipped
C:\Documents and Settings\Ryan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-5f5cccb6-13948225.zip/VerifierBug.class Infected: Trojan.Java.Femad skipped
C:\Documents and Settings\Ryan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-5f5cccb6-13948225.zip/web.exe Infected: Trojan.Win32.Small.ev skipped
C:\Documents and Settings\Ryan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-5f5cccb6-13948225.zip/Worker.class Infected: Trojan.Java.Femad skipped
C:\Documents and Settings\Ryan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-5f5cccb6-13948225.zip/Xeyond.class Infected: Trojan.Java.Femad skipped
C:\Documents and Settings\Ryan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-5f5cccb6-13948225.zip ZIP: infected - 5 skipped
C:\Documents and Settings\Ryan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-608fd1d1-3c8ff016.zip/Counter.class Infected: Trojan.Java.Femad skipped
C:\Documents and Settings\Ryan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-608fd1d1-3c8ff016.zip/VerifierBug.class Infected: Trojan.Java.Femad skipped
C:\Documents and Settings\Ryan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-608fd1d1-3c8ff016.zip/web.exe Infected: Trojan-Clicker.Win32.Small.gj skipped
C:\Documents and Settings\Ryan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-608fd1d1-3c8ff016.zip/Worker.class Infected: Trojan.Java.Femad skipped
C:\Documents and Settings\Ryan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-608fd1d1-3c8ff016.zip/Xeyond.class Infected: Trojan.Java.Femad skipped
C:\Documents and Settings\Ryan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-608fd1d1-3c8ff016.zip ZIP: infected - 5 skipped
C:\Documents and Settings\Ryan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\msjld.jar-5fa973e1-51602e33.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Documents and Settings\Ryan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\msjld.jar-5fa973e1-51602e33.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Ryan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\msjld.jar-5fa973e1-51602e33.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Documents and Settings\Ryan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\msjld.jar-5fa973e1-51602e33.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Documents and Settings\Ryan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\msjld.jar-5fa973e1-51602e33.zip ZIP: infected - 4 skipped
C:\Documents and Settings\Ryan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\nRT.jar-33889dd5-7fe03e0f.zip/HiPointInstallShieldRT.class Infected: Trojan-Downloader.Java.OpenConnection.ap skipped
C:\Documents and Settings\Ryan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\nRT.jar-33889dd5-7fe03e0f.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Ryan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\nRT.jar-74249065-3957fda1.zip/HiPointInstallShieldRT.class Infected: Trojan-Downloader.Java.OpenConnection.ap skipped
C:\Documents and Settings\Ryan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\nRT.jar-74249065-3957fda1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Ryan\Local Settings\Temp\Del108.tmp Infected: not-a-virus:AdWare.Win32.180Solutions.y skipped
C:\Documents and Settings\Ryan\Local Settings\Temp\laf1.exe Infected: Trojan-Downloader.Win32.Small.fzx skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1379\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\ACEEvent.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
Deckard's System Scanner v20071014.68
Run by Jon & Janet on 2008-05-04 18:27:33
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- HijackThis (run as Jon & Janet.exe) -----------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:27:38 PM, on 5/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Multimedia\main\launchpd.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\ATI Multimedia\MAIN\ATISched.EXE
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\Jon & Janet\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\JON&JA~1.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dell4me.com/mywayR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.c...rch/search.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://us.rd.yahoo.c...//www.yahoo.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://us.rd.yahoo.c...//www.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.c...rch/search.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://us.rd.yahoo.c...//www.yahoo.comR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://us.rd.yahoo.c...//www.yahoo.comR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ATI Scheduler] C:\Program Files\ATI Multimedia\MAIN\ATISched.EXE
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} -
http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=67633O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky...can_unicode.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=39204O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) -
http://disney.go.com...OnlineGames.cabO16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
http://download.mcaf...83/mcinsctl.cabO16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) -
http://us.dl1.yimg.c...utocomplete.cabO16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) -
http://a.download.to...8.39/ttinst.cabO20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Co