Okay okay okay,I've waited a day and I got most of it done.I don't have the ActiveScan log because I waited 6 hours of it scanning and it was still on 18% and has scanned 736,000+ files with 36 infected files.I DID manage to get it's log so it's not as bad as it could be. Oh and Jotti said I was clean.I"m gonna post this and then run the Java file..
ComboFix:
ComboFix 08-05-01.3 - Owner 2008-05-08 16:31:59.2 - NTFSx86
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!FILE ::
c:\windows\system32\drivers\_wff.sys
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy__WFF
-------\Service__wff
((((((((((((((((((((((((( Files Created from 2008-04-08 to 2008-05-08 )))))))))))))))))))))))))))))))
.
2008-05-07 19:09 . 2008-05-07 19:09 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-07 19:09 . 2008-05-07 19:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-06 20:53 . 2008-05-06 20:53 <DIR> d-------- C:\Deckard
2008-05-06 19:30 . 2008-05-06 19:30 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-05-06 19:29 . 2008-05-06 19:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-06 19:29 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-06 19:29 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-06 19:22 . 2008-05-06 19:22 <DIR> d-------- C:\_OTMoveIt
2008-05-06 18:38 . 2008-05-06 18:38 <DIR> d-------- C:\VundoFix Backups
2008-05-06 17:10 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-05-06 17:10 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-05-06 17:10 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-05-06 17:10 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-05-06 17:09 . 2008-05-08 12:31 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-05-06 17:09 . 2008-05-06 17:09 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\PC Tools
2008-05-06 12:54 . 2008-05-06 12:54 1 --a------ C:\WINDOWS\system32\kr_done1de
2008-04-25 01:59 . 2008-04-25 01:59 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-04-15 21:49 . 2008-04-15 21:50 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-15 21:48 . 2008-04-15 21:48 <DIR> d-------- C:\Program Files\Windows Live
2008-04-15 21:47 . 2008-04-15 21:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-10 12:56 . 2008-04-10 12:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\YoYoGames
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-08 21:57 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-08 20:27 47,612 ----a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2008-05-08 18:56 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-08 18:53 --------- d-----w C:\Documents and Settings\Owner\Application Data\AdobeUM
2008-05-08 15:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-05-06 21:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-27 06:53 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-04-27 06:52 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-04-25 06:57 --------- d-----w C:\Program Files\Common Files\Real
2008-04-25 06:37 --------- d-----w C:\Program Files\Google
2008-04-12 07:06 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-04-10 11:12 --------- d-----w C:\Documents and Settings\Owner\Application Data\AVG7
2008-04-02 21:11 --------- d-----w C:\Documents and Settings\Owner\Application Data\Talkback
2008-03-26 19:58 68,608 ----a-w C:\WINDOWS\ScEdUnin.exe
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-13 02:44 --------- d-----w C:\Program Files\Realspace3_at
2008-03-13 02:39 --------- d-----w C:\Program Files\The Creative Assembly
2008-03-01 13:06 826,368 --s-a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2007-02-10 18:29 32 ----a-r C:\Documents and Settings\All Users\hash.dat
2007-02-04 17:14 0 ----a-w C:\Documents and Settings\Owner\GoToAssist_phone__317_en.exe
2006-12-23 16:43 56 ----a-w C:\Program Files\options.dat
2006-12-21 14:54 547 ----a-w C:\Program Files\slot1.dat
2006-04-13 23:42 364 ----a-w C:\Program Files\scores.dat
2000-10-12 02:50 581,632 ----a-w C:\Program Files\pac-man.exe
2000-10-12 00:37 33,257 ----a-w C:\Program Files\ReadMe.txt
2000-10-11 18:12 57,061,717 ----a-w C:\Program Files\menu.pac
2000-10-11 16:47 193,159,064 ----a-w C:\Program Files\game.pac
2000-10-03 23:16 13 ------w C:\Program Files\override.dat
2000-09-27 02:23 547 ------w C:\Program Files\slot2.dat
2000-09-27 02:19 547 ------w C:\Program Files\slot3.dat
2000-09-26 20:51 547 ------w C:\Program Files\slot6.dat
2000-09-26 20:51 547 ------w C:\Program Files\slot5.dat
2000-09-26 20:51 547 ------w C:\Program Files\slot4.dat
2000-04-06 10:13 263,168 ------w C:\Program Files\binkw32.dll
2000-03-03 08:01 81,920 ------w C:\Program Files\eaxman.dll
2000-02-11 22:04 4,775,936 ----a-w C:\Program Files\hsbr.exe
1999-09-09 00:36 126,976 ------w C:\Program Files\ffc10.dll
.
((((((((((((((((((((((((((((( snapshot@2008-05-07_16.12.16.56 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-07 18:29:24 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-08 21:51:22 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2005-10-21 01:02:28 163,328 ----a-w C:\WINDOWS\ERDNT\subs\ERDNT.EXE
+ 2008-05-08 18:59:07 25,214 ----a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A71000000002}\SC_Reader.exe
+ 2005-05-24 17:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 20:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 20:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"ParetoLogic Anti-Spyware"="C:\Program Files\ParetoLogic\Anti-Spyware\Pareto_AS.exe" [2007-10-24 13:59 2643312]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-04-25 01:37 171448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-04-17 10:06 579584]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 21:20 866584]
"hcsystray"="C:\Program Files\Kuma Games\hcsystray\hc_tray.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-09-23 12:40 98304]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 16:22 3739648]
"XoftSpy"="C:\Program Files\XoftSpy\XoftSpy.exe" [ ]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-25 01:52 185896]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-04-10 15:14 1107848]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-24 10:18 219136]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 15:38 39264]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{51C55F9E-C308-4c95-89AB-8858D8AFD819}"= C:\Program Files\ParetoLogic\Anti-Spyware\PASShlExt.dll [2007-10-24 13:59 98304]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HPAiODevice(hp officejet 7100 series) - 1.lnk]
backup=C:\WINDOWS\pss\HPAiODevice(hp officejet 7100 series) - 1.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HPAiODevice(hp officejet 7100 series) - 2.lnk]
backup=C:\WINDOWS\pss\HPAiODevice(hp officejet 7100 series) - 2.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 02:56 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 11:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 14:54 5674352 C:\Program Files\MSN Messenger\MsnMsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2004-01-09 05:54 65536 C:\WINDOWS\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-04-25 01:52 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Verizon Internet Security Suite]
C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VerizonServicepoint.exe]
C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Symantec NetDriver Monitor"=C:\PROGRA~1\SYMNET~1\SNDMon.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Program Files\\pac-man.exe"=
"C:\\Documents and Settings\\Owner\\My Documents\\My Pictures\\Sean's things\\Game Maker Stuff\\PNT Project\\PNT\\PNT Client.exe"=
"C:\\Documents and Settings\\Owner\\My Documents\\My Pictures\\Sean's things\\Game Maker Stuff\\PNT Project\\PNT\\PNT Server.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Servant Salamander 2.0\\salamand.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Java\\j2re1.4.2\\bin\\javaw.exe"=
"C:\\Documents and Settings\\Owner\\My Documents\\My Pictures\\Sean's things\\Games from the Internet\\Risk 2\\Risk II\\RiskII.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Documents and Settings\\Owner\\Desktop\\Games\\[ PC Games ] - Age of Empires II(FULL)\\age2_x1.exe"=
"C:\\Documents and Settings\\Owner\\Desktop\\Games\\[ PC Games ] - Age of Empires II(FULL)\\empires2.EXE"=
"C:\\Documents and Settings\\Owner\\Desktop\\Games\\Defcon\\defcon.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe"=
"C:\\Documents and Settings\\Owner\\Desktop\\Games\\Warcraft III\\Warcraft III.exe"=
"C:\\Program Files\\EA GAMES\\The Battle for Middle-earth \\game.dat"=
"C:\\Documents and Settings\\Owner\\Desktop\\Games\\Empire Earth\\Empire Earth.exe"=
"C:\\Program Files\\The Creative Assembly\\Rome - Total War\\RomeTW.exe"=
"C:\\Program Files\\The Creative Assembly\\Rome - Total War\\RomeTW-BI.exe"=
S3 hamachi_oem;PlayLinc Adapter;C:\WINDOWS\system32\DRIVERS\gan_adapter.sys [2006-09-27 19:12]
.
Contents of the 'Scheduled Tasks' folder
"2005-02-25 16:26:16 C:\WINDOWS\Tasks\ISP signup reminder 1.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
"2008-05-08 21:54:41 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-05-06 23:00:02 C:\WINDOWS\Tasks\Pareto UNS.job"
- C:\Program Files\Common Files\ParetoLogic\UUS\UUS.dll\Pareto_Update.exe
"2008-04-25 08:00:02 C:\WINDOWS\Tasks\ParetoLogic Anti-Spyware.job"
- C:\Program Files\ParetoLogic\Anti-Spyware\Pareto_AS.exe
"2008-05-04 05:33:19 C:\WINDOWS\Tasks\ParetoLogic Update.job"
- C:\Program Files\Common Files\ParetoLogic\UUS\Pareto_Update.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-05-08 16:55:04
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 1
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\WudfHost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
.
**************************************************************************
.
Completion time: 2008-05-08 17:15:03 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-08 22:14:49
ComboFix2.txt 2008-05-07 21:13:22
Pre-Run: 14,167,494,656 bytes free
Post-Run: 14,338,674,688 bytes free
223 --- E O F --- 2008-04-25 07:19:10
AWF:
Find AWF report by noahdfear ©2006
Version 1.40
The current date is: Thu 05/08/2008
The current time is: 17:25:14.46
bak folders found
~~~~~~~~~~~
Directory of C:\PROGRA~1\DIGITA~1\BAK
03/11/2004 05:18 PM 135,168 shwiconem.exe
1 File(s) 135,168 bytes
Directory of C:\PROGRA~1\QUICKT~1\BAK
08/09/2004 04:51 PM 98,304 qttask.exe
1 File(s) 98,304 bytes
Directory of C:\PROGRA~1\SYMNET~1\BAK
08/26/2005 06:21 PM 100,056 SNDMon.exe
1 File(s) 100,056 bytes
Directory of C:\WINDOWS\SYSTEM32\BAK
01/29/2004 09:13 PM 118,784 hkcmd.exe
1 File(s) 118,784 bytes
Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK
03/23/2005 05:34 PM 58,992 ccApp.exe
1 File(s) 58,992 bytes
Directory of C:\PROGRA~1\CYBERL~1\POWERDVD\BAK
10/31/2003 09:42 PM 32,768 PDVDServ.exe
1 File(s) 32,768 bytes
Directory of C:\PROGRA~1\MICROS~2\SYSTEM\BAK
06/18/2003 02:00 PM 200,704 mnyexpr.exe
1 File(s) 200,704 bytes
Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK
05/25/2005 03:19 AM 180,269 realsched.exe
1 File(s) 180,269 bytes
Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~
135168 Mar 11 2004 "C:\Program Files\Digital Media Reader\bak\shwiconem.exe"
98304 Sep 23 2007 "C:\Program Files\QuickTime\qttask.exe"
98304 Aug 9 2004 "C:\Program Files\QuickTime\bak\qttask.exe"
95456 Feb 4 2007 "C:\Program Files\SymNetDrv\SNDMon.exe"
100056 Aug 26 2005 "C:\Program Files\SymNetDrv\bak\SNDMon.exe"
118784 Jan 29 2004 "C:\Drivers\Video\Win2000\hkcmd.exe"
118784 Jan 29 2004 "C:\WINDOWS\system32\bak\hkcmd.exe"
58992 Mar 23 2005 "C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe"
32768 Oct 31 2003 "C:\Program Files\CyberLink\PowerDVD\bak\PDVDServ.exe"
200704 Jun 18 2003 "C:\Program Files\Microsoft Money\System\bak\mnyexpr.exe"
185896 Apr 25 2008 "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
180269 May 25 2005 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
end of report
Small ActiveScan report:
;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-05-09 22:17:16
PROTECTIONS: 1
MALWARE: 21
SUSPECTS: 0
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
AVG 7.5.524 7.5.524 Yes Yes
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00064839 Adware/Ucmore Adware No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\smpi1\lb66.exe.vir
00064839 Adware/Ucmore Adware No 0 Yes No C:\System Volume Information\_restore{4C6E9B3C-F1BE-4527-8708-5AE69FD346FA}\RP413\A0406941.exe
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xvui5ego.default\cookies.txt[.doubleclick.net/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xvui5ego.default\cookies.txt[.atdmt.com/]
00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Owner\Desktop\Anti Malware Files\Anti Winfixer\smitRem\Process.exe
00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Owner\Desktop\Anti Malware Files\Anti Winfixer\smitRem\smitRem.exe[smitRem/Process.exe]
00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Owner\My Documents\Important Files\smitRem.exe[smitRem/Process.exe]
00139535 Application/Processor HackTools No 0 No No C:\Documents and Settings\Owner\Desktop\Anti Malware Files\Anti Winfixer\VirtMundoBeGone\VirtumundoBeGone.exe[²ƒÇ]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xvui5ego.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xvui5ego.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xvui5ego.default\cookies.txt[.fastclick.net/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xvui5ego.default\cookies.txt[.mediaplex.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xvui5ego.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xvui5ego.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xvui5ego.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xvui5ego.default\cookies.txt[ad.yieldmanager.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xvui5ego.default\cookies.txt[.apmebf.com/]
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@adtech[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xvui5ego.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xvui5ego.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xvui5ego.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xvui5ego.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xvui5ego.default\cookies.txt[.advertising.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\
[email protected][2].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@realmedia[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@questionmarket[2].txt
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\
[email protected][1].txt
00252281 Adware/Trymedia Adware No 0 Yes No C:\Downloads\RiskIISetup-dm[1].exe
00514949 Adware/WebBuying Adware No 0 Yes No C:\System Volume Information\_restore{4C6E9B3C-F1BE-4527-8708-5AE69FD346FA}\RP413\A0406942.exe
00514949 Adware/WebBuying Adware No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\wbun.exe.vir
00519333 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Owner\Desktop\Anti Malware Files\Anti Winfixer\VirtMundoBeGone\VirtumundoBeGone.exe
01176994 Bck/VB.XB Virus/Trojan No 0 No No C:\System Volume Information\_restore{4C6E9B3C-F1BE-4527-8708-5AE69FD346FA}\RP415\A0407163.exe[327882R2FWJFW\NirCmdC.cfexe]
01176994 Bck/VB.XB Virus/Trojan No 0 No No C:\Documents and Settings\Owner\Desktop\Anti Malware Files\Anti Winfixer\ComboFix\ComboFix.exe[327882R2FWJFW\NirCmdC.cfexe]
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{4C6E9B3C-F1BE-4527-8708-5AE69FD346FA}\RP415\A0407128.EXE
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{4C6E9B3C-F1BE-4527-8708-5AE69FD346FA}\RP415\A0407117.sys
;===============================================================================
=================================================================================
===================
SUSPECTS
Sent Location 8
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
VULNERABILITIES
Id Severity Description 8
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================