Tech Support Forum - View Single Post - Slow Computer..Kaspersky reveals 15 viruses.. HELP! 5 steps completed.

Juyz · 09-05-2007, 12:08 PM

I haven't really scanned this computer ever, but the school I went to offered free antivirus software called Counterspy which I've used to scan recently. It detected a whole lot (with updated definitions) such as various pieces of spyware, and some trojans in my Outlook email, which I just ended up deleting as a whole, but I had a feeling there is much more going on.

I followed the steps and the only thing notable to point out about step 1 is that I had the viewpoint media player, which I uninstalled. I have no clue how that even got installed.

Here are the logs:

dss main.txt:
Deckard's System Scanner v20070826.66
Run by Admin on 2007-09-05 13:42:47
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 255 MiB (512 MiB recommended).
System Drive C: has 1.71 GiB (less than 15%) free.

-- HijackThis (run as Admin.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:34:00 AM, on 9/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Netscape Internet Service\ncupdatesvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\WINPENJR\Win32\pphidpad.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ClockTick\clocktick.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Admin\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Admin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\PROGRA~1\NETSCA~1\NETSCA~1\pbhelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: - {a785f304-ef68-4dc1-8052-d2248b1d8955} - C:\WINDOWS\system32\qd.dll
O2 - BHO: (no name) - {D14641FA-445B-448E-9994-209F7AF15641} - (no file)
O2 - BHO: - {f935c389-3489-4773-8a5a-e90dc96f2f56} - C:\WINDOWS\system32\ptdei.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PPHIDPAD] C:\WINPENJR\Win32\pphidpad.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EPSON Stylus C82 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0HIC1.EXE /P23 "EPSON Stylus C82 Series" /O6 "USB001" /M "Stylus C82"
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1690843657-2136417557-3782055431-1003\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ClockTick.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Netscape Update Service (NCUpdateSvc) - Netscape Communications Corporation - C:\Program Files\Netscape Internet Service\ncupdatesvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - Unknown owner - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 7232 bytes

-- Files created between 2007-08-05 and 2007-09-05 -----------------------------

2007-09-04 11:30:22 0 d-------- C:\Documents and Settings\Administrator\Application Data\Juniper Networks
2007-09-04 11:29:58 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2007-09-04 11:29:57 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-09-04 11:29:57 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-09-04 11:29:57 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-09-04 11:29:57 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2007-09-04 11:29:57 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-09-04 11:29:57 1048576 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-09-04 11:29:57 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-09-04 11:29:57 0 dr------- C:\Documents and Settings\Administrator\My Documents
2007-09-04 11:29:57 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-09-04 11:29:57 0 dr------- C:\Documents and Settings\Administrator\Favorites
2007-09-04 11:29:57 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-09-04 11:29:57 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2007-09-04 11:29:57 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-09-04 11:29:57 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2007-09-04 11:29:57 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-09-04 09:05:26 0 d-------- C:\Program Files\Sunbelt Software
2007-09-04 09:04:21 0 d-------- C:\WINDOWS\Downloaded Installations
2007-09-04 08:41:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-09-04 08:41:40 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-09-04 02:07:30 0 d-------- C:\Program Files\Trend Micro
2007-09-04 00:21:06 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-08-22 12:16:11 0 d-------- C:\WINDOWS\.jagex_cache_32
2007-08-10 17:49:24 0 d-------- C:\Program Files\FedTerm

-- Find3M Report ---------------------------------------------------------------

2007-09-05 12:50:11 0 d-------- C:\Program Files\QuickTime
2007-09-05 12:46:09 0 d-------- C:\Program Files\Netscape Internet Service
2007-09-05 12:44:25 0 d-------- C:\Program Files\MSN Messenger
2007-09-05 12:31:50 0 d-------- C:\Program Files\ClockTick
2007-09-05 12:30:31 0 d-------- C:\Program Files\7-Zip
2007-09-05 08:57:10 0 d-------- C:\Program Files\morpheus
2007-09-04 13:09:29 0 d-------- C:\Program Files\AOL Toolbar
2007-09-04 03:35:04 0 d-------- C:\Program Files\AIM95
2007-09-03 23:50:42 0 d-------- C:\Program Files\Megamud-U
2007-07-23 22:19:50 0 d-------- C:\Program Files\Java
2007-07-22 21:51:44 1156 --a------ C:\WINDOWS\mozver.dat
2007-07-22 21:48:14 0 d-------- C:\Documents and Settings\Admin\Application Data\Mozilla
2007-07-21 23:13:59 0 d-------- C:\Program Files\Code Red

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a785f304-ef68-4dc1-8052-d2248b1d8955}]
C:\WINDOWS\system32\qd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f935c389-3489-4773-8a5a-e90dc96f2f56}]
C:\WINDOWS\system32\ptdei.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [08/16/2001 11:41 PM]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [10/06/2003 02:16 PM]
"PCTVOICE"="pctspk.exe" [11/02/2001 06:49 PM C:\WINDOWS\SYSTEM32\pctspk.exe]
"Dell|Alert"="C:\Program Files\Dell\Support\Alert\bin\DAMon.exe" [07/11/2002 04:15 PM]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 03:50 PM]
"PPHIDPAD"="C:\WINPENJR\Win32\pphidpad.exe" [10/02/2001 02:23 PM]
"nwiz"="nwiz.exe" [10/06/2003 02:16 PM C:\WINDOWS\SYSTEM32\nwiz.exe]
"EPSON Stylus C82 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0HIC1.exe" [04/25/2002 06:00 AM]
"DataLayer"="C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE" [05/06/2004 06:47 PM]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE" [03/23/2004 03:20 PM]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [04/07/2004 03:07 PM]
"AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [04/11/2005 01:36 PM]
"D-Link AirPlus XtremeG"="C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe" [09/22/2004 04:08 PM]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [08/16/2004 07:45 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 04:00 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [12/07/2006 04:03 AM]
"OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [01/30/2006 12:00 PM]
"SunServer"="C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe" [11/11/2005 04:47 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"CounterSpyCleaner"=C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunASCleaner.exe

C:\Documents and Settings\Admin\Start Menu\Programs\Startup\
DESKTOP.INI [11/15/2001 8:31:16 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
ClockTick.lnk - C:\Program Files\ClockTick\clocktick.exe [2/27/2003 1:14:08 AM]
DESKTOP.INI [11/15/2001 8:31:16 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 2:01:04 AM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{076394AD-7FDD-44EF-A075-32C68DBAB99B}"= C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunExecuteHook.dll [11/11/2005 04:35 PM 49152]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc

-- End of Deckard's System Scanner: finished at 2007-09-05 13:43:46 ------------

*********************
This is from the online Panda Activescan:

Incident Status Location

Adware:adware/oemji Not disinfected Windows Registry
Adware:adware/wurldmedia Not disinfected Windows Registry
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Admin\.jpi_cache\file\1.0\BlackBox.class-3d05e309-53a08c49.class
Adware:Adware/CWS.Searchmeup Not disinfected C:\Documents and Settings\Admin\.jpi_cache\jar\1.0\java.jar-debb6b6-6c9dd1cc.zip[GetAccess.class]
Adware:Adware/CWS.Searchmeup Not disinfected C:\Documents and Settings\Admin\.jpi_cache\jar\1.0\java.jar-debb6b6-6c9dd1cc.zip[Installer.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Admin\.jpi_cache\jar\1.0\java.jar-debb6b6-6c9dd1cc.zip[NewSecurityClassLoader.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Admin\.jpi_cache\jar\1.0\java.jar-debb6b6-6c9dd1cc.zip[NewURLClassLoader.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Admin\.jpi_cache\jar\1.0\loaderadv470.jar-22afad61-19811516.zip[Matrix.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Admin\.jpi_cache\jar\1.0\loaderadv470.jar-22afad61-19811516.zip[Counter.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Admin\.jpi_cache\jar\1.0\loaderadv470.jar-22afad61-19811516.zip[Dummy.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Admin\.jpi_cache\jar\1.0\loaderadv470.jar-22afad61-19811516.zip[Parser.class]
Adware:Adware/WurldMedia Not disinfected C:\Documents and Settings\Admin\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\D9D9F786-22CB-4D8B-BE61-035134\1E3661F5-A96C-4E82-BC8A-E2BCB8
Spyware:Spyware/Conducent-Timesink Not disinfected C:\Documents and Settings\Admin\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\E395B14C-6AF0-4F82-A7D3-1C3CA3\656FD229-DA56-4024-9D23-07131A
Potentially unwanted tool:Application/KillApp.B Not disinfected C:\EasyDivX\softs\ck.exe
Adware:Adware/WurldMedia Not disinfected C:\WINDOWS\SYSTEM32\MSCStat2.exe

*********************
This is the Kaspersky Online Scan Log:

KASPERSKY ONLINE SCANNER REPORT
Wednesday, September 05, 2007 11:18:01 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 5/09/2007
Kaspersky Anti-Virus database records: 404277
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\
M:\
N:\
O:\
P:\
Q:\
R:\
S:\
Scan Statistics
Total number of scanned objects 108976
Number of viruses found 15
Number of infected objects 37
Number of suspicious objects 0
Duration of the scan process 02:02:21

Infected Object Name Virus Name Last Action
C:\Documents and Settings\Admin\.jpi_cache\file\1.0\BlackBox.class-3d05e309-53a08c49.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Admin\.jpi_cache\jar\1.0\java.jar-debb6b6-6c9dd1cc.zip/GetAccess.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped
C:\Documents and Settings\Admin\.jpi_cache\jar\1.0\java.jar-debb6b6-6c9dd1cc.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped
C:\Documents and Settings\Admin\.jpi_cache\jar\1.0\java.jar-debb6b6-6c9dd1cc.zip ZIP: infected - 2 skipped
C:\Documents and Settings\Admin\.jpi_cache\jar\1.0\loaderadv470.jar-22afad61-19811516.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c skipped
C:\Documents and Settings\Admin\.jpi_cache\jar\1.0\loaderadv470.jar-22afad61-19811516.zip/Counter.class Infected: Trojan.Java.ClassLoader.h skipped
C:\Documents and Settings\Admin\.jpi_cache\jar\1.0\loaderadv470.jar-22afad61-19811516.zip/Parser.class Infected: Trojan.Java.ClassLoader.d skipped
C:\Documents and Settings\Admin\.jpi_cache\jar\1.0\loaderadv470.jar-22afad61-19811516.zip ZIP: infected - 3 skipped
C:\Documents and Settings\Admin\.jpi_cache\jar\1.0\ms0311.jar-24ad084f-45aa8ace.zip/TakePrivileges.class Infected: Trojan.Java.ClassLoader.an skipped
C:\Documents and Settings\Admin\.jpi_cache\jar\1.0\ms0311.jar-24ad084f-45aa8ace.zip/Installer.class Infected: Trojan-Downloader.Java.Agent.a skipped
C:\Documents and Settings\Admin\.jpi_cache\jar\1.0\ms0311.jar-24ad084f-45aa8ace.zip ZIP: infected - 2 skipped
C:\Documents and Settings\Admin\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\E395B14C-6AF0-4F82-A7D3-1C3CA3\656FD229-DA56-4024-9D23-07131A Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\Sunbelt Software\CounterSpy\SunEventsData.sdb Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\History\History.IE5\MSHist012007090520070906\index.dat Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\~DF5750.tmp Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\~DF6308.tmp Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\~DFCAA8.tmp Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\~DFF742.tmp Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\~DFFB.tmp Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Admin\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Admin\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Ro\Local Settings\Temp\Up Down.mid Object is locked skipped
C:\NeverwinterNights\NWN\texturepacks\Textures_Tpa.erf Object is locked skipped
C:\Program Files\Handspring\Instal\HotSync.Log Object is locked skipped
C:\Program Files\InstallShield Installation Information\{3ECED7D1-E469-4BC6-8A93-5CB0FFE5EBF5}\Setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{4C590030-7469-453E-8589-D15DA9D03F52}\setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{4C93C363-414E-11D4-9756-00C04F8EEB39}\setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}\setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}\setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{7C503E58-B2BC-11D5-978A-0050BA84F5F7}\setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{7CF31609-270B-11D6-9445-000102308676}\setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{C1BBDCDD-8F08-4DE6-BA11-E7B14F7E129B}\Setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{C2586E70-B38D-42F9-8997-3D3261B8AAF6}\setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{F7D53B02-2C51-4CF5-9A51-F7A6D658EA5A}\setup.ilg Object is locked skipped
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1470\A0097854.exe/WISE0023.BIN Infected: not-a-virus:PSWTool.Win32.Cain.281 skipped
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1470\A0097854.exe/WISE0025.BIN Infected: not-a-virus:PSWTool.Win32.Cain.284 skipped
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1470\A0097854.exe WiseSFX: infected - 2 skipped
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1470\A0097855.exe/WISE0029.BIN Infected: not-a-virus:Dialer.Win32.DialerOffline skipped
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1470\A0097855.exe/WISE0035.BIN Infected: not-a-virus:Dialer.Win32.DialerOffline skipped
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1470\A0097855.exe WiseSFX: infected - 2 skipped
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1470\A0097855.exe WiseSFX Dropper: infected - 2 skipped
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1470\A0097857.exe Infected: Trojan-Downloader.Win32.Delf.cb skipped
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1470\A0097858.dll Infected: Trojan-Spy.Win32.Small.ee skipped
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1472\A0098771.dll Infected: Trojan-Spy.Win32.Small.ee skipped
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1478\A0099951.exe/WISE0014.BIN/WISE0013.BIN Infected: not-a-virus:AdWare.Win32.WurldMedia.a skipped
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1478\A0099951.exe/WISE0014.BIN Infected: not-a-virus:AdWare.Win32.WurldMedia.a skipped
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1478\A0099951.exe/WISE0016.BIN/WISE0007.BIN Infected: Trojan-Downloader.Win32.Stubby.b skipped
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1478\A0099951.exe/WISE0016.BIN Infected: Trojan-Downloader.Win32.Stubby.b skipped
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1478\A0099951.exe WiseSFX: infected - 4 skipped
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1478\A0099952.exe/WISE0011.BIN/CTInstall.exe Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1478\A0099952.exe/WISE0011.BIN/SimpleRegistration.dll Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1478\A0099952.exe/WISE0011.BIN/tsad.dll Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1478\A0099952.exe/WISE0011.BIN/TSUninstaller.exe Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1478\A0099952.exe/WISE0011.BIN Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1478\A0099952.exe WiseSFX: infected - 5 skipped
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1478\A0099953.exe/WISE0013.BIN Infected: not-a-virus:AdWare.Win32.WurldMedia.a skipped
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1478\A0099953.exe WiseSFX: infected - 1 skipped
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1478\change.log Object is locked skipped
C:\WINDOWS\$NtUninstallKB824141$\user32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB824141$\win32k.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallQ309521$\lsasrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallQ309521$\sfcfiles.dll Object is locked skipped
C:\WINDOWS\$NtUninstallQ309521$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallQ309521$\spuninst\spuninst.inf Object is locked skipped
C:\WINDOWS\$NtUninstallQ323172$\reg00003 Object is locked skipped
C:\WINDOWS\$NtUninstallQ323172$\reg00005 Object is locked skipped
C:\WINDOWS\$NtUninstallQ323172$\reg00008 Object is locked skipped
C:\WINDOWS\$NtUninstallQ323172$\reg00009 Object is locked skipped
C:\WINDOWS\$NtUninstallQ323172$\reg00010 Object is locked skipped
C:\WINDOWS\$NtUninstallQ323172$\reg00011 Object is locked skipped
C:\WINDOWS\$NtUninstallQ329048$\reg00001 Object is locked skipped
C:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx Object is locked skipped
C:\WINDOWS\$NtUninstallQ828026$\wmp.dll Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\Macromed\Shockwave 8\iml32.dll Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
E:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1478\change.log Object is locked skipped
E:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1478\A0099954.exe Infected: not-a-virus:AdWare.Win32.TimeSink skipped
E:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1478\A0099955.exe Infected: not-a-virus:AdWare.Win32.TimeSink skipped
Scan process completed.

*****************
I would attach the extra.txt file, but when I navigate to
C:\Deckard\System Scanner
all that I see is just the 1 file..."main.txt"

There is no file called extra.txt

Thank you and please help me!

edit: I know that you'll notice that I only have 256MB ram, but I really don't do a whole lot on this computer. I don't do any video/photo editing, or run a whole bunch of programs at once. This computer is generally pretty sufficient for all that I need to do since I'm not always on it. I would consider upgrading the ram if I found it to be dirt cheap, but since money is tight and RAM isn't a necessity just yet, here's where I am. Thanks!