Hi everybody. I'm trying to fix my dad's computer. It's very slow and there seems to be a lot of pop-ups whenever using Internet Explorer. I think it's due to spyware and possibly viruses. I did a kaspersky scan and about 6 or 7 viruses showed up and when I ran Spybot several adware/spyware programs showed up. Here's the HJT log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:45:53 AM, on 6/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\dlbccoms.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://g.msn.com/0SEENUS/SAOS01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL =
http://www.searchv.com/1/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Road Runner High Speed
Online
R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
R3 - URLSearchHook: (no name) - _{9368D063-44BE-49B9-BD14-BB9663FD38FC} - (no file)
N3 - Netscape 7: user_pref("browser.startup.homepage",
"http://webmail.adelphia.net/webedge"); (C:\Documents and Settings\JACKSON
CONFER\Application Data\Mozilla\Profiles\default\fwr4f5gz.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine",
"engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src");
(C:\Documents and Settings\JACKSON CONFER\Application
Data\Mozilla\Profiles\default\fwr4f5gz.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program
Files\Need2Find\bar\1.bin\ND2FNBAR.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program
Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program
Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program
Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program
Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar3.dll
O4 - HKCU\..\Run: [YBu4RXi7O] wzcatcha.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program
Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search &
Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money
Express.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money
Express.exe" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money
Express.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money
Express.exe" (User 'Default user')
O8 - Extra context menu item: &Google Search - res://c:\program
files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O8 - Extra context menu item: &Translate English Word - res://c:\program
files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program
Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program
files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~6\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program
files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program
files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program
Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program
Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program
Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: MindSpring - {A7A40980-E4A1-11D4-B68A-000086400686} - c:\Program
Files\MindSpring 4.0\MID4.EXE (file missing) (HKCU)
O9 - Extra button: Dell Home - {E1A55500-9C4D-11D3-B689-10B54FC10000} - http://www.dell.com/
(file missing) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} -
http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTim
eInstaller.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{E301E220-177F-4047-A70B-9586B5EE1DEB}: Domain =
mindspring.com
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program
Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner -
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe (file missing)
O23 - Service: dlbc_device - - C:\WINDOWS\system32\dlbccoms.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common
Files\Command Software\dvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program
Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation -
C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: iPodSrv - Unknown owner - C:\Program Files\iPod\Bin\iPodSrv.exe (file
missing)
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\System32\npkcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program
Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 8807 bytes
Kaspersky report:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, June 05, 2008 8:39:26 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 5/06/2008
Kaspersky Anti-Virus database records: 832763
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
Scan Statistics:
Total number of scanned objects: 73951
Number of viruses found: 30
Number of infected objects: 61
Number of suspicious objects: 0
Duration of the scan process: 02:51:29
Infected Object Name / Virus Name / Last Action
C:\WINDOWS\SYSTEM32\Fantasy Access-uninstall.exe Infected: not-a-virus
orn-Dialer.Win32.Generic skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\config\system.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\software.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\default.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\h323log.txt Object is locked skipped
C:\WINDOWS\SYSTEM32\BO2202031216.dll Infected: not-a-virus:AdWare.Win32.VirtualBouncer.d skipped
C:\WINDOWS\SYSTEM32\SHAgentNew.dll Infected: not-a-virus:AdWare.Win32.Sahat.g skipped
C:\WINDOWS\SYSTEM32\Xcite.dll Infected: not-a-virus:AdWare.Win32.F1Organizer.m skipped
C:\WINDOWS\SYSTEM32\Xcite2.exe Infected: not-a-virus:AdWare.Win32.F1Organizer.m skipped
C:\WINDOWS\SYSTEM32\ezStub3.dll Infected: not-a-virus:AdWare.Win32.EZula.cp skipped
C:\WINDOWS\SchedLog.Txt Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\AStart.exe Infected: Trojan-Downloader.Win32.VB.ah skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\pfirewall.log Object is locked skipped
C:\Program Files\Netscape\Netscape\plugins\npzango.dll Infected: not-a-virus:AdWare.Win32.WinAD.aw skipped
C:\Program Files\Mozilla Firefox\plugins\NPNd2fn.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.o skipped
C:\Program Files\Need2Find\bar\1.bin\N2PLUGIN.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.l skipped
C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL Infected: not-a-virus:AdWare.Win32.MySearch.e skipped
C:\Program Files\Need2Find\bar\1.bin\NPND2FN.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.o skipped
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.603 skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Jackson Confer\ntuser.dat Object is locked skipped
C:\Documents and Settings\Jackson Confer\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Jackson Confer\Local Settings\Temp\asmfiles.cab/asm.exe Infected: not-a-virus:AdWare.Win32.Altnet.l skipped
C:\Documents and Settings\Jackson Confer\Local Settings\Temp\asmfiles.cab/asmps.dll Infected: not-a-virus:AdWare.Win32.Altnet.t skipped
C:\Documents and Settings\Jackson Confer\Local Settings\Temp\asmfiles.cab CAB: infected - 2 skipped
C:\Documents and Settings\Jackson Confer\Local Settings\Temp\Perflib_Perfdata_3fc.dat Object is locked skipped
C:\Documents and Settings\Jackson Confer\Local Settings\Temp\temp.fr801E Infected: not-a-virus:AdWare.Win32.BiSpy.o skipped
C:\Documents and Settings\Jackson Confer\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jackson Confer\Local Settings\History\History.IE5\MSHist012008060520080606\index.dat Object is locked skipped
C:\Documents and Settings\Jackson Confer\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jackson Confer\Local Settings\Temporary Internet Files\Content.IE5\WHYNCNSR\script[1].htm Infected: Exploit.HTML.Mht skipped
C:\Documents and Settings\Jackson Confer\Local Settings\Temporary Internet Files\Content.IE5\VWOND949\asmfiles[1].cab/asm.exe Infected: not-a-virus:AdWare.Win32.Altnet.l skipped
C:\Documents and Settings\Jackson Confer\Local Settings\Temporary Internet Files\Content.IE5\VWOND949\asmfiles[1].cab/asmps.dll Infected: not-a-virus:AdWare.Win32.Altnet.t skipped
C:\Documents and Settings\Jackson Confer\Local Settings\Temporary Internet Files\Content.IE5\VWOND949\asmfiles[1].cab CAB: infected - 2 skipped
C:\Documents and Settings\Jackson Confer\Local Settings\Temporary Internet Files\Content.IE5\OUJYMKFA\script[2].htm Infected: Exploit.HTML.Mht skipped
C:\Documents and Settings\Jackson Confer\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Jackson Confer\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Jackson Confer\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Jackson Confer\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-238ada3c-46a61670.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Documents and Settings\Jackson Confer\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-238ada3c-46a61670.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Jackson Confer\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-238ada3c-46a61670.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Documents and Settings\Jackson Confer\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-238ada3c-46a61670.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Documents and Settings\Jackson Confer\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-238ada3c-46a61670.zip ZIP: infected - 4 skipped
C:\Documents and Settings\Jackson Confer\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count1.jar-69b00b99-3d0fd374.zip/Beyond.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Jackson Confer\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count1.jar-69b00b99-3d0fd374.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Jackson Confer\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count1.jar-69b00b99-3d0fd374.zip/VerifierBug.class Infected: Trojan.Java.Needy.c skipped
C:\Documents and Settings\Jackson Confer\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count1.jar-69b00b99-3d0fd374.zip ZIP: infected - 3 skipped
C:\Documents and Settings\Jackson Confer\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-26835cc3-73dbf50e.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Jackson Confer\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-26835cc3-73dbf50e.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Jackson Confer\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-26835cc3-73dbf50e.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
C:\Documents and Settings\Jackson Confer\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-26835cc3-73dbf50e.zip ZIP: infected - 3 skipped
C:\Documents and Settings\Jerry Casillas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\nRT.jar-2e8f809-111adab3.zip/HiPointInstallShieldRT.class Infected: Trojan-Downloader.Java.OpenConnection.ap skipped
C:\Documents and Settings\Jerry Casillas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\nRT.jar-2e8f809-111adab3.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Jerry Casillas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-14e46f0-2d653d3a.zip/HiPointInstallShieldRT.class Infected: Trojan-Downloader.Java.OpenConnection.ap skipped
C:\Documents and Settings\Jerry Casillas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-14e46f0-2d653d3a.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Jerry Casillas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\nRT.jar-4e3272d0-550a77cc.zip/HiPointInstallShieldRT.class Infected: Trojan-Downloader.Java.OpenConnection.ap skipped
C:\Documents and Settings\Jerry Casillas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\nRT.jar-4e3272d0-550a77cc.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Jerry Casillas\Application Data\Sun\Java\Deployment\cache\6.0\21\5ac853d5-77dcb205/MagicApplet.class Infected: Trojan-Downloader.Java.OpenConnection.ao skipped
C:\Documents and Settings\Jerry Casillas\Application Data\Sun\Java\Deployment\cache\6.0\21\5ac853d5-77dcb205/OwnClassLoader.class Infected: Trojan.Java.ClassLoader.au skipped
C:\Documents and Settings\Jerry Casillas\Application Data\Sun\Java\Deployment\cache\6.0\21\5ac853d5-77dcb205/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.ao skipped
C:\Documents and Settings\Jerry Casillas\Application Data\Sun\Java\Deployment\cache\6.0\21\5ac853d5-77dcb205 ZIP: infected - 3 skipped
C:\Documents and Settings\Jerry Casillas\Application Data\Sun\Java\Deployment\cache\6.0\25\2138d899-236eb5f6/HiPointInstallShieldRT.class Infected: Trojan-Downloader.Java.OpenConnection.ap skipped
C:\Documents and Settings\Jerry Casillas\Application Data\Sun\Java\Deployment\cache\6.0\25\2138d899-236eb5f6 ZIP: infected - 1 skipped
C:\Documents and Settings\Jerry Casillas\Application Data\Sun\Java\Deployment\cache\6.0\31\5facab1f-64dfe894/HiPointInstallShieldRT.class Infected: Trojan-Downloader.Java.OpenConnection.ap skipped
C:\Documents and Settings\Jerry Casillas\Application Data\Sun\Java\Deployment\cache\6.0\31\5facab1f-64dfe894 ZIP: infected - 1 skipped
C:\Documents and Settings\Jerry Casillas\Application Data\Sun\Java\Deployment\cache\6.0\50\2ce40a72-216864be/HiPointInstallShieldRT.class Infected: Trojan-Downloader.Java.OpenConnection.ap skipped
C:\Documents and Settings\Jerry Casillas\Application Data\Sun\Java\Deployment\cache\6.0\50\2ce40a72-216864be ZIP: infected - 1 skipped
C:\System Volume Information\_restore{22018BAF-A4E5-4F3D-989F-40893ED4DE47}\RP788\A0212822.dll Infected: not-a-virus:AdWare.Win32.Altnet.t skipped
C:\System Volume Information\_restore{22018BAF-A4E5-4F3D-989F-40893ED4DE47}\RP788\A0212825.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3039 skipped
C:\System Volume Information\_restore{22018BAF-A4E5-4F3D-989F-40893ED4DE47}\RP788\A0212826.dll Infected: not-a-virus:AdWare.Win32.Altnet.x skipped
C:\System Volume Information\_restore{22018BAF-A4E5-4F3D-989F-40893ED4DE47}\RP788\A0212827.dll Infected: not-a-virus:AdWare.Win32.Altnet.j skipped
C:\System Volume Information\_restore{22018BAF-A4E5-4F3D-989F-40893ED4DE47}\RP788\A0212828.dll Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\System Volume Information\_restore{22018BAF-A4E5-4F3D-989F-40893ED4DE47}\RP788\A0212829.exe Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\System Volume Information\_restore{22018BAF-A4E5-4F3D-989F-40893ED4DE47}\RP788\A0212830.dll Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\System Volume Information\_restore{22018BAF-A4E5-4F3D-989F-40893ED4DE47}\RP788\A0212831.dll Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\System Volume Information\_restore{22018BAF-A4E5-4F3D-989F-40893ED4DE47}\RP788\A0212833.exe Infected: not-a-virus:AdWare.Win32.Altnet.g skipped
C:\System Volume Information\_restore{22018BAF-A4E5-4F3D-989F-40893ED4DE47}\RP788\A0212835.EXE Infected: not-a-virus:AdWare.Win32.Background skipped
C:\System Volume Information\_restore{22018BAF-A4E5-4F3D-989F-40893ED4DE47}\RP789\change.log Object is locked skipped
Scan process completed.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:45:53 AM, on 6/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\dlbccoms.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://g.msn.com/0SEENUS/SAOS01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL =
http://www.searchv.com/1/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Road Runner High Speed
Online
R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
R3 - URLSearchHook: (no name) - _{9368D063-44BE-49B9-BD14-BB9663FD38FC} - (no file)
N3 - Netscape 7: user_pref("browser.startup.homepage",
"http://webmail.adelphia.net/webedge"); (C:\Documents and Settings\JACKSON
CONFER\Application Data\Mozilla\Profiles\default\fwr4f5gz.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine",
"engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src");
(C:\Documents and Settings\JACKSON CONFER\Application
Data\Mozilla\Profiles\default\fwr4f5gz.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program
Files\Need2Find\bar\1.bin\ND2FNBAR.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program
Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program
Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program
Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program
Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar3.dll
O4 - HKCU\..\Run: [YBu4RXi7O] wzcatcha.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program
Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search &
Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money
Express.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money
Express.exe" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money
Express.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money
Express.exe" (User 'Default user')
O8 - Extra context menu item: &Google Search - res://c:\program
files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O8 - Extra context menu item: &Translate English Word - res://c:\program
files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program
Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program
files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~6\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program
files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program
files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program
Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program
Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program
Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: MindSpring - {A7A40980-E4A1-11D4-B68A-000086400686} - c:\Program
Files\MindSpring 4.0\MID4.EXE (file missing) (HKCU)
O9 - Extra button: Dell Home - {E1A55500-9C4D-11D3-B689-10B54FC10000} - http://www.dell.com/
(file missing) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} -
http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTim
eInstaller.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{E301E220-177F-4047-A70B-9586B5EE1DEB}: Domain =
mindspring.com
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program
Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner -
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe (file missing)
O23 - Service: dlbc_device - - C:\WINDOWS\system32\dlbccoms.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common
Files\Command Software\dvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program
Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation -
C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: iPodSrv - Unknown owner - C:\Program Files\iPod\Bin\iPodSrv.exe (file
missing)
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\System32\npkcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program
Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 8807 bytes
Kaspersky report:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, June 05, 2008 8:39:26 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 5/06/2008
Kaspersky Anti-Virus database records: 832763
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
Scan Statistics:
Total number of scanned objects: 73951
Number of viruses found: 30
Number of infected objects: 61
Number of suspicious objects: 0
Duration of the scan process: 02:51:29
Infected Object Name / Virus Name / Last Action
C:\WINDOWS\SYSTEM32\Fantasy Access-uninstall.exe Infected: not-a-virus

C:\WINDOWS\SYSTEM32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\config\system.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\software.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\default.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\h323log.txt Object is locked skipped
C:\WINDOWS\SYSTEM32\BO2202031216.dll Infected: not-a-virus:AdWare.Win32.VirtualBouncer.d skipped
C:\WINDOWS\SYSTEM32\SHAgentNew.dll Infected: not-a-virus:AdWare.Win32.Sahat.g skipped
C:\WINDOWS\SYSTEM32\Xcite.dll Infected: not-a-virus:AdWare.Win32.F1Organizer.m skipped
C:\WINDOWS\SYSTEM32\Xcite2.exe Infected: not-a-virus:AdWare.Win32.F1Organizer.m skipped
C:\WINDOWS\SYSTEM32\ezStub3.dll Infected: not-a-virus:AdWare.Win32.EZula.cp skipped
C:\WINDOWS\SchedLog.Txt Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\AStart.exe Infected: Trojan-Downloader.Win32.VB.ah skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\pfirewall.log Object is locked skipped
C:\Program Files\Netscape\Netscape\plugins\npzango.dll Infected: not-a-virus:AdWare.Win32.WinAD.aw skipped
C:\Program Files\Mozilla Firefox\plugins\NPNd2fn.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.o skipped
C:\Program Files\Need2Find\bar\1.bin\N2PLUGIN.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.l skipped
C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL Infected: not-a-virus:AdWare.Win32.MySearch.e skipped
C:\Program Files\Need2Find\bar\1.bin\NPND2FN.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.o skipped
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.603 skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Jackson Confer\ntuser.dat Object is locked skipped
C:\Documents and Settings\Jackson Confer\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Jackson Confer\Local Settings\Temp\asmfiles.cab/asm.exe Infected: not-a-virus:AdWare.Win32.Altnet.l skipped
C:\Documents and Settings\Jackson Confer\Local Settings\Temp\asmfiles.cab/asmps.dll Infected: not-a-virus:AdWare.Win32.Altnet.t skipped
C:\Documents and Settings\Jackson Confer\Local Settings\Temp\asmfiles.cab CAB: infected - 2 skipped
C:\Documents and Settings\Jackson Confer\Local Settings\Temp\Perflib_Perfdata_3fc.dat Object is locked skipped
C:\Documents and Settings\Jackson Confer\Local Settings\Temp\temp.fr801E Infected: not-a-virus:AdWare.Win32.BiSpy.o skipped
C:\Documents and Settings\Jackson Confer\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jackson Confer\Local Settings\History\History.IE5\MSHist012008060520080606\index.dat Object is locked skipped
C:\Documents and Settings\Jackson Confer\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jackson Confer\Local Settings\Temporary Internet Files\Content.IE5\WHYNCNSR\script[1].htm Infected: Exploit.HTML.Mht skipped
C:\Documents and Settings\Jackson Confer\Local Settings\Temporary Internet Files\Content.IE5\VWOND949\asmfiles[1].cab/asm.exe Infected: not-a-virus:AdWare.Win32.Altnet.l skipped
C:\Documents and Settings\Jackson Confer\Local Settings\Temporary Internet Files\Content.IE5\VWOND949\asmfiles[1].cab/asmps.dll Infected: not-a-virus:AdWare.Win32.Altnet.t skipped
C:\Documents and Settings\Jackson Confer\Local Settings\Temporary Internet Files\Content.IE5\VWOND949\asmfiles[1].cab CAB: infected - 2 skipped
C:\Documents and Settings\Jackson Confer\Local Settings\Temporary Internet Files\Content.IE5\OUJYMKFA\script[2].htm Infected: Exploit.HTML.Mht skipped
C:\Documents and Settings\Jackson Confer\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Jackson Confer\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Jackson Confer\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Jackson Confer\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-238ada3c-46a61670.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Documents and Settings\Jackson Confer\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-238ada3c-46a61670.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Jackson Confer\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-238ada3c-46a61670.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Documents and Settings\Jackson Confer\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-238ada3c-46a61670.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Documents and Settings\Jackson Confer\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-238ada3c-46a61670.zip ZIP: infected - 4 skipped
C:\Documents and Settings\Jackson Confer\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count1.jar-69b00b99-3d0fd374.zip/Beyond.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Jackson Confer\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count1.jar-69b00b99-3d0fd374.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Jackson Confer\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count1.jar-69b00b99-3d0fd374.zip/VerifierBug.class Infected: Trojan.Java.Needy.c skipped
C:\Documents and Settings\Jackson Confer\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count1.jar-69b00b99-3d0fd374.zip ZIP: infected - 3 skipped
C:\Documents and Settings\Jackson Confer\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-26835cc3-73dbf50e.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Jackson Confer\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-26835cc3-73dbf50e.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Jackson Confer\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-26835cc3-73dbf50e.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
C:\Documents and Settings\Jackson Confer\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-26835cc3-73dbf50e.zip ZIP: infected - 3 skipped
C:\Documents and Settings\Jerry Casillas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\nRT.jar-2e8f809-111adab3.zip/HiPointInstallShieldRT.class Infected: Trojan-Downloader.Java.OpenConnection.ap skipped
C:\Documents and Settings\Jerry Casillas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\nRT.jar-2e8f809-111adab3.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Jerry Casillas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-14e46f0-2d653d3a.zip/HiPointInstallShieldRT.class Infected: Trojan-Downloader.Java.OpenConnection.ap skipped
C:\Documents and Settings\Jerry Casillas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-14e46f0-2d653d3a.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Jerry Casillas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\nRT.jar-4e3272d0-550a77cc.zip/HiPointInstallShieldRT.class Infected: Trojan-Downloader.Java.OpenConnection.ap skipped
C:\Documents and Settings\Jerry Casillas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\nRT.jar-4e3272d0-550a77cc.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Jerry Casillas\Application Data\Sun\Java\Deployment\cache\6.0\21\5ac853d5-77dcb205/MagicApplet.class Infected: Trojan-Downloader.Java.OpenConnection.ao skipped
C:\Documents and Settings\Jerry Casillas\Application Data\Sun\Java\Deployment\cache\6.0\21\5ac853d5-77dcb205/OwnClassLoader.class Infected: Trojan.Java.ClassLoader.au skipped
C:\Documents and Settings\Jerry Casillas\Application Data\Sun\Java\Deployment\cache\6.0\21\5ac853d5-77dcb205/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.ao skipped
C:\Documents and Settings\Jerry Casillas\Application Data\Sun\Java\Deployment\cache\6.0\21\5ac853d5-77dcb205 ZIP: infected - 3 skipped
C:\Documents and Settings\Jerry Casillas\Application Data\Sun\Java\Deployment\cache\6.0\25\2138d899-236eb5f6/HiPointInstallShieldRT.class Infected: Trojan-Downloader.Java.OpenConnection.ap skipped
C:\Documents and Settings\Jerry Casillas\Application Data\Sun\Java\Deployment\cache\6.0\25\2138d899-236eb5f6 ZIP: infected - 1 skipped
C:\Documents and Settings\Jerry Casillas\Application Data\Sun\Java\Deployment\cache\6.0\31\5facab1f-64dfe894/HiPointInstallShieldRT.class Infected: Trojan-Downloader.Java.OpenConnection.ap skipped
C:\Documents and Settings\Jerry Casillas\Application Data\Sun\Java\Deployment\cache\6.0\31\5facab1f-64dfe894 ZIP: infected - 1 skipped
C:\Documents and Settings\Jerry Casillas\Application Data\Sun\Java\Deployment\cache\6.0\50\2ce40a72-216864be/HiPointInstallShieldRT.class Infected: Trojan-Downloader.Java.OpenConnection.ap skipped
C:\Documents and Settings\Jerry Casillas\Application Data\Sun\Java\Deployment\cache\6.0\50\2ce40a72-216864be ZIP: infected - 1 skipped
C:\System Volume Information\_restore{22018BAF-A4E5-4F3D-989F-40893ED4DE47}\RP788\A0212822.dll Infected: not-a-virus:AdWare.Win32.Altnet.t skipped
C:\System Volume Information\_restore{22018BAF-A4E5-4F3D-989F-40893ED4DE47}\RP788\A0212825.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3039 skipped
C:\System Volume Information\_restore{22018BAF-A4E5-4F3D-989F-40893ED4DE47}\RP788\A0212826.dll Infected: not-a-virus:AdWare.Win32.Altnet.x skipped
C:\System Volume Information\_restore{22018BAF-A4E5-4F3D-989F-40893ED4DE47}\RP788\A0212827.dll Infected: not-a-virus:AdWare.Win32.Altnet.j skipped
C:\System Volume Information\_restore{22018BAF-A4E5-4F3D-989F-40893ED4DE47}\RP788\A0212828.dll Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\System Volume Information\_restore{22018BAF-A4E5-4F3D-989F-40893ED4DE47}\RP788\A0212829.exe Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\System Volume Information\_restore{22018BAF-A4E5-4F3D-989F-40893ED4DE47}\RP788\A0212830.dll Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\System Volume Information\_restore{22018BAF-A4E5-4F3D-989F-40893ED4DE47}\RP788\A0212831.dll Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\System Volume Information\_restore{22018BAF-A4E5-4F3D-989F-40893ED4DE47}\RP788\A0212833.exe Infected: not-a-virus:AdWare.Win32.Altnet.g skipped
C:\System Volume Information\_restore{22018BAF-A4E5-4F3D-989F-40893ED4DE47}\RP788\A0212835.EXE Infected: not-a-virus:AdWare.Win32.Background skipped
C:\System Volume Information\_restore{22018BAF-A4E5-4F3D-989F-40893ED4DE47}\RP789\change.log Object is locked skipped
Scan process completed.