Free Malware Removal Forum

[CrazeMofo]

I have ran spybot S&D and Ad-aware, and still have some infections, please see the Hijackthislog and the panda scan log. Any help would be greatly appreciated. Thanks in Advance.

Logfile of HijackThis v1.99.1
Scan saved at 12:52:03 PM, on 4/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\basfipm.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\PC Guardian\EP Hard Disk\User\DISrv.exe
C:\Program Files\Cisco Systems\MDS 9000\bin\Wrapper.exe
C:\Program Files\Cisco Systems\MDS 9000\bin\Wrapper.exe
C:\WINDOWS\system32\cba\pds.exe
C:\notes\ntmulti.exe
C:\Program Files\EMC\ManagementServer\NaviGovernor.exe
C:\Program Files\EMC\Navisphere Agent\NaviAgent.Exe
C:\Program Files\EMC\ManagementServer\6.16.0.4.67\CIMOM\NAVICIMOM.EXE
C:\Program Files\PC Guardian\EP Hard Disk\User\PCGProt.exe
C:\Program Files\Java\j2re1.4.2_09\bin\javaw.exe
C:\Program Files\Java\j2re1.4.2_09\bin\javaw.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\Program Files\PC Guardian\Encryption Plus Management Console Client\WebClientSrv.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\ams_ii\iao.exe
C:\WINDOWS\system32\cba\xfr.exe
C:\Program Files\VERITAS\Backup Exec\RANT\beremote.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\WLTRAY.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\program files\dell\traytool.exe
C:\Program Files\PC Guardian\EP Hard Disk\User\LaunchEPHD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\PROGRA~1\MICROS~3\wcescomm.exe
C:\Program Files\Microsoft Office Communicator\Communicator.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Wireless Sync\Client\ClientShell.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\windows\system32\mstsc.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\mmc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://home.peoplepc.com/search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: WsftpBrowserHelper Class - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2K0.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - (no file)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [bascstray] BascsTray.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\System32\WLTRAY
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [ToolExe] c:\program files\dell\traytool.exe
O4 - HKLM\..\Run: [EPHD User] "C:\Program Files\PC Guardian\EP Hard Disk\User\LaunchEPHD.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~3\wcescomm.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kensington Personal Firewall.lnk = C:\Program Files\Kensington\Personal Firewall\Launcher.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Wireless Sync Client.lnk = C:\Program Files\Wireless Sync\Client\ClientShell.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://omni.ace-ina.com
O15 - Trusted Zone: compliance.corvel.com
O15 - Trusted Zone: crvl1-3s108vm11.corvel.com
O15 - Trusted Zone: webmail.corvel.com
O15 - Trusted Zone: http://*.crvl1-s3114
O15 - Trusted Zone: http://www.streetrodding.com
O15 - Trusted IP range: http://192.168.1.*
O16 - DPF: iLO Remote Console Applet - https://10.158.120.97/dvc.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSIns ... expId=7641
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1ED4D5E6-A0BE-11D2-91BD-00A0C924269C} (NetVueX Control) - https://www.onlinedocumentcenter.com/pl ... X41351.cab
O16 - DPF: {29EF91B9-7120-477C-A5CB-2D67F2FD088C} (TeleControl Class) - https://10.158.1.20/rrc.cab
O16 - DPF: {2DEF4530-8CE6-41C9-84B6-A54536C90213} (Crystal Report Viewer Control 9) - http://crvl1s20/viewers/activexviewer.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info.ap ... sSetup.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {9D887407-4690-45C0-9451-15CD63E615CA} (Track-It! Memo Control) - http://crvl1s20/downloads/BOSIActiveXMemoControl.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {D636032F-E4DE-4851-AA0C-D5D6A66B8318} (BOSIActiveFormX Control) - http://crvl1s20/downloads/BOSIActiveXGrid.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = CORVEL.COM
O17 - HKLM\Software\..\Telephony: DomainName = CORVEL.COM
O17 - HKLM\System\CCS\Services\Tcpip\..\{BC3617A0-4626-48D8-8855-413E89895FC2}: Domain = corvel.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{BC3617A0-4626-48D8-8855-413E89895FC2}: NameServer = 10.1.1.110,10.158.1.94,10.1.1.101
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = CORVEL.COM
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = corvel.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = corvel.com
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Backup Exec Remote Agent for Windows Servers (BackupExecAgentAccelerator) - VERITAS Software Corporation - C:\Program Files\VERITAS\Backup Exec\RANT\beremote.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConnectEMC - EMC Corporation - C:\Program Files\EMC\Navisphere Agent\ConnHome\ConnectEMC.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: IP4700 Trap Catcher (DTCserver) - Unknown owner - C:\Program Files\EMC\Navisphere Agent\dtcsrv.exe
O23 - Service: EphdXlatService - PC Guardian Technologies, Inc. - C:\Program Files\PC Guardian\EP Hard Disk\User\DISrv.exe
O23 - Service: Cisco MDS Database Server (FMPersist) - Unknown owner - C:\Program Files\Cisco Systems\MDS 9000\bin\Wrapper.exe" -s "C:\Program Files\Cisco Systems\MDS 9000\conf\FMPersist.conf (file missing)
O23 - Service: Cisco MDS Fabric Manager (FMServer) - Unknown owner - C:\Program Files\Cisco Systems\MDS 9000\bin\Wrapper.exe" -s "C:\Program Files\Cisco Systems\MDS 9000\conf\FMServer.conf (file missing)
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\System32\hpbpro.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\System32\hpboid.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel Alert Handler - Intel® Corporation - C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
O23 - Service: Intel Alert Originator - Intel® Corporation - C:\WINDOWS\system32\ams_ii\iao.exe
O23 - Service: Intel File Transfer - Intel® Corporation - C:\WINDOWS\system32\cba\xfr.exe
O23 - Service: Intel PDS - Intel® Corporation - C:\WINDOWS\system32\cba\pds.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\notes\ntmulti.exe
O23 - Service: NaviGovernor - Unknown owner - C:\Program Files\EMC\ManagementServer\NaviGovernor.exe
O23 - Service: Navisphere Agent (Navisphere_Agent) - Unknown owner - C:\Program Files\EMC\Navisphere Agent\NaviAgent.Exe
O23 - Service: PCG Protect - PC Guardian Technologies, Inc. - C:\Program Files\PC Guardian\EP Hard Disk\User\PCGProt.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: WebClientSrv - PC Guardian Technologies, Inc. - C:\Program Files\PC Guardian\Encryption Plus Management Console Client\WebClientSrv.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE


Panda log


Incident Status Location

Virus:JS/Downloader.NOE Disinfected C:\Documents and Settings\heath_lemoine\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\version.jar-759bdc60-6bc7f696.zip[BaaaaBaa.class]
Virus:JS/Downloader.NOE Disinfected C:\Documents and Settings\heath_lemoine\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\version.jar-759bdc60-6bc7f696.zip[VaaaaaaaBaa.class]
Virus:JS/Downloader.NOE Disinfected C:\Documents and Settings\heath_lemoine\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\version.jar-759bdc60-6bc7f696.zip[Dvnny.class]
Virus:JS/Downloader.NOE Disinfected C:\Documents and Settings\heath_lemoine\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\version.jar-759bdc60-6bc7f696.zip[Baaaaa.class]
Virus:JS/Downloader.NOE Disinfected C:\Documents and Settings\heath_lemoine\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\version.jar-759bdc60-6bc7f696.zip[Dex.class]
Virus:JS/Downloader.NOE Disinfected C:\Documents and Settings\heath_lemoine\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\version.jar-759bdc60-6bc7f696.zip[Dix.class]
Virus:JS/Downloader.NOE Disinfected C:\Documents and Settings\heath_lemoine\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\version.jar-759bdc60-6bc7f696.zip[Dux.class]
Adware:adware/tvmedia Not disinfected C:\Documents and Settings\heath_lemoine\Application Data\tvmcwrd.dll
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\heath_lemoine\Cookies\heath_lemoine@atdmt[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\heath_lemoine\Cookies\heath_lemoine@doubleclick[2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\heath_lemoine\Cookies\heath_lemoine@questionmarket[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\heath_lemoine\Desktop\SmitfraudFix\Process.exe
Virus:Trj/Shutdown.Z Disinfected C:\Documents and Settings\heath_lemoine\Desktop\SmitfraudFix\restart.exe

[LDTate]

Posted and solved here:
http://forums.spybot.info/showthread.php?t=13094