Thread: Hidden Files can't be shown..[moved from xp]
View Single Post
Old 11-18-2008, 12:51 AM   #12 (permalink)
naj113
Registered User
 
Join Date: Nov 2008
Posts: 8
OS: Win Xp


Re: Hidden Files can't be shown..[moved from xp]
Ok Ried, here is my log,

Combofix log:

ComboFix 08-11-13.02 - legolas 2008-11-17 11:03:10.7 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1040 [GMT 8:00]
Running from: d:\software\ComboFix.exe
Command switches used :: d:\software\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
?:\windows\system32\ntdll.dll
C:\lky.exe

.
((((((((((((((((((((((((( Files Created from 2008-10-17 to 2008-11-17 )))))))))))))))))))))))))))))))
.

2008-11-17 10:29 . 2008-11-17 10:29 <DIR> d--hs---- C:\FOUND.028
2008-11-15 17:21 . 2008-02-07 17:10 <DIR> d--h----- C:\ckis
2008-11-15 13:50 . 2008-11-15 13:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-11-15 13:50 . 2008-11-15 18:22 32 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2008-11-15 13:50 . 2008-11-15 18:22 32 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2008-11-15 13:50 . 2008-11-15 18:22 32 --ahs---- c:\windows\system32\drivers\fidbox.idx
2008-11-15 13:50 . 2008-11-15 18:22 32 --ahs---- c:\windows\system32\drivers\fidbox.dat
2008-11-05 01:47 . 2008-11-05 01:47 <DIR> d-------- C:\rsit
2008-11-05 01:33 . 2008-11-05 01:34 250 --a------ c:\windows\gmer.ini
2008-11-03 21:27 . 2008-11-03 21:27 37,473 --a------ c:\windows\system32\muzika.xm
2008-11-03 21:26 . 2008-11-03 21:26 <DIR> d-------- c:\program files\Alwil Software
2008-11-03 13:40 . 2001-08-17 13:52 18,688 --a------ c:\windows\system32\drivers\cdaudio.sys
2008-11-03 13:40 . 2001-08-17 13:52 18,688 --a------ c:\windows\system32\dllcache\cdaudio.sys
2008-10-26 20:10 . 2008-10-26 20:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira
2008-10-26 19:20 . 2008-10-26 19:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira(2)
2008-10-26 05:16 . 2008-10-26 05:16 <DIR> d--hs---- C:\FOUND.027
2008-10-23 00:42 . 2008-10-23 00:42 <DIR> d-------- C:\Star Wars Jedi Knight - Jedi Academy (2 Cds)

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:10 453,632 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-15 16:57 332,800 ----a-w c:\windows\system32\dllcache\netapi32.dll
2008-09-29 14:20 --------- d-----w c:\documents and settings\legolas\Application Data\Metacafe
2008-09-29 14:16 --------- d-----w c:\program files\Metacafe
2008-09-29 14:16 --------- d-----w c:\program files\Common Files\Akamai
2008-09-17 12:34 --------- d-----w c:\documents and settings\legolas\Application Data\Sony Corporation
2008-09-17 12:26 --------- d-----w c:\program files\Sony
2008-09-17 12:25 --------- d-----w c:\documents and settings\legolas\Application Data\InstallShield
2008-09-17 05:16 --------- d-----w c:\program files\MSECache
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\dllcache\win32k.sys
2008-09-04 16:42 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-09-04 16:42 1,106,944 ----a-w c:\windows\system32\dllcache\msxml3.dll
2008-08-28 10:04 333,056 ----a-w c:\windows\system32\dllcache\srv.sys
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\ckis ----

2006-05-14 01:02 112504 -rah----- c:\ckis\crack.lst


((((((((((((((((((((((((((((( snapshot@2008-11-16_11.19.49.93 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-17 01:38:44 6,658 ----a-w c:\windows\SoftwareDistribution\EventCache\{51247BA0-12C9-4154-8D85-D1B112CF4F4E}.bin
- 2008-11-03 13:12:24 63,590 ----a-w c:\windows\system32\perfc009.dat
+ 2008-11-16 03:20:20 63,590 ----a-w c:\windows\system32\perfc009.dat
- 2008-11-03 13:12:24 404,536 ----a-w c:\windows\system32\perfh009.dat
+ 2008-11-16 03:20:20 404,536 ----a-w c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-03-27 173368]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-03-27 14:12 1164600 --a------ c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-03-27 1164600]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-03-27 1164600]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"STYLEXP"="c:\program files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-25 1372160]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-02 3739648]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"SRS Audio Sandbox"="c:\program files\SRS Labs\Audio Sandbox\SRSSSC.exe" [2007-11-25 481280]
"Yahoo! Pager"="~c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 688218]
"acerWireless"="c:\program files\acer\Wireless\Utility\WlanUtil.exe" [2004-06-09 417792]
"ACU"="c:\program files\Atheros\ACU.exe" [2005-01-31 253952]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-15 385024]
"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2004-10-15 356352]
"LManager"="c:\program files\Launch Manager\QtZgAcer.EXE" [2005-03-28 319488]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-02 3739648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"WinDVR SchSvr"="c:\program files\Common Files\InterVideo\SchSvr\SchSvr.exe" [2004-09-08 106496]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-02-19 49152]
"tsnp2std"="c:\windows\tsnp2std.exe" [2005-11-03 106496]
"snp2std"="c:\windows\vsnp2std.exe" [2005-08-16 339968]
"QuickTime Task"="c:\program files\K-Lite Codec Pack\QuickTime\QTTask.exe" [2008-01-31 385024]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2008-03-27 111928]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"Adobe Photo Downloader"="c:\program files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe" [2007-08-30 61440]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 262401]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 c:\windows\system32\bthprops.cpl]

c:\documents and settings\legolas\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
Metacafe.lnk - c:\program files\Metacafe\MetacafeAgent.exe [2008-06-29 145736]
Wallpaper Calendar.lnk - c:\program files\zepsoft\Wallpaper Calendar\WallCal3.exe [2002-10-20 1226752]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2004-03-16 10872]
VersionTrackerPro.lnk - c:\windows\Installer\{C1EDC38F-2760-4A4E-9CED-95B53024134C}\New_Shortcut_S1699_A8EB5A2133B04A97AEEFDFB17E2E701D.exe [2008-07-09 53248]
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2006-07-16 626176]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSecurityTab"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSecurityTab"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\\Program Files\\TGTSoft\\StyleXP\\Logon\\CurrentLogon.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-10-15 11:27 110592 c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"msacm.divxa32"= divxa32.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Mozilla Firefox\\FIREFOX.EXE"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25350:TCP"= 25350:TCP:BitComet 25350 TCP
"25350:UDP"= 25350:UDP:BitComet 25350 UDP
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"9420:TCP"= 9420:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R2 Akamai;Akamai;c:\windows\System32\svchost.exe -k Akamai [2004-08-04 14336]
R2 Gizmo Plugin;Gizmo VoIP Service;"c:\program files\GizmoPlugin\GizmoPlugin.exe" [2008-01-13 962048]
S3 3xHybrid;3xHybrid service;c:\windows\system32\DRIVERS\3xHybrid.sys [2006-09-17 974464]
S3 AVPsys;AVPsys;\??\c:\windows\system32\drivers\cdaudio.sys [2008-11-03 18688]
S3 CAM1690;USB PC CAMERA 301P;c:\windows\system32\Drivers\cam1690.sys [2007-09-20 177280]
S3 EpmShd;Acer EPM System Hardware Driver;\??\c:\windows\system32\Drivers\epm-shd.sys []
S3 MR97310_VGA_DUAL_CAMERA;Digital Camera;c:\windows\system32\DRIVERS\mr97310v.sys [2007-12-28 115790]
S3 SNP2STD;USB2.0 PC Camera (SNP2STD);c:\windows\system32\DRIVERS\snp2sxp.sys [2007-12-12 8816128]
S3 usb2vcom;USB Data Cable;c:\windows\system32\DRIVERS\usb2vcom.sys [2007-10-21 29152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\Autorun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
"c:\program files\Internet Explorer\iexplore.exe" -userconfig
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-17 11:05:34
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3447.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3447.dll"
.
Completion time: 2008-11-17 1105
ComboFix-quarantined-files.txt 2008-11-17 0304
ComboFix4.txt 2008-11-16 04:15:00
ComboFix3.txt 2008-11-16 04:36:14
ComboFix5.txt 2008-11-17 02:05:18
ComboFix2.txt 2008-11-16 17:31:18

Pre-Run: 4,682,252,288 bytes free
Post-Run: 4,662,214,656 bytes free

193 --- E O F --- 2008-11-13 19:01:11

ActiveScan log:

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-11-18 15:27:09
PROTECTIONS: 1
MALWARE: 64
SUSPECTS: 3
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Avira AntiVir PersonalEdition 8.0.1.15 Yes No
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\LEGOLAS\Cookies\legolas@trafficmp[1].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.casalemedia.com/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.doubleclick.net/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.atdmt.com/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.fastclick.net/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\LEGOLAS\Cookies\legolas@tribalfusion[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.mediaplex.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.mediaplex.com/]
00145881 Cookie/NewMedia TrackingCookie No 0 Yes No C:\Documents and Settings\LEGOLAS\Cookies\legolas@anm.co[1].txt
00146967 Cookie/PayCounter TrackingCookie No 0 Yes No C:\Documents and Settings\LEGOLAS\Cookies\legolas@paycounter[1].txt
00148914 Cookie/Tucows TrackingCookie No 0 Yes No C:\Documents and Settings\LEGOLAS\Cookies\legolas@tucows[2].txt
00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\Documents and Settings\LEGOLAS\Cookies\legolas@revenue[2].txt
00159860 Application/Psshutdown.A HackTools No 0 Yes No C:\Program Files\Winamp\Skins\EPS2.WAL[shutdown.exe]
00167430 Cookie/myaffiliateprogram TrackingCookie No 0 Yes No C:\Documents and Settings\LEGOLAS\Cookies\legolas@www.myaffiliateprogram[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\LEGOLAS\Cookies\legolas@com[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.com.com/]
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.yadro.ru/]
00167672 Cookie/DomainSponsor TrackingCookie No 0 Yes No C:\Documents and Settings\LEGOLAS\Cookies\legolas@landing.domainsponsor[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.xiti.com/]
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\LEGOLAS\Cookies\legolas@xiti[1].txt
00167724 Cookie/HotLog TrackingCookie No 0 Yes No C:\Documents and Settings\LEGOLAS\Cookies\legolas@hotlog[1].txt
00167726 Cookie/Tickle TrackingCookie No 0 Yes No C:\Documents and Settings\LEGOLAS\Cookies\legolas@tickle[2].txt
00167744 Cookie/GoStats TrackingCookie No 0 Yes No C:\Documents and Settings\LEGOLAS\Cookies\legolas@gostats[1].txt
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\LEGOLAS\Cookies\legolas@azjmp[2].txt
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\LEGOLAS\Cookies\legolas@toplist[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\LEGOLAS\Cookies\legolas@statcounter[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.statcounter.com/]
00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\LEGOLAS\Cookies\legolas@perf.overture[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\LEGOLAS\Cookies\legolas@ad.yieldmanager[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[ad.yieldmanager.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\LEGOLAS\Cookies\legolas@apmebf[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\LEGOLAS\Cookies\legolas@serving-sys[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.bs.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\LEGOLAS\Cookies\legolas@bs.serving-sys[2].txt
00168101 Cookie/Falkag TrackingCookie No 0 Yes No C:\Documents and Settings\LEGOLAS\Cookies\legolas@as-us.falkag[1].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.adtech.de/]
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\LEGOLAS\Cookies\legolas@adtech[2].txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\LEGOLAS\Cookies\legolas@server.iad.liveperson[3].txt
00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\Documents and Settings\LEGOLAS\Cookies\legolas@fl01.ct2.comclick[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.advertising.com/]
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\LEGOLAS\Cookies\legolas@media.adrevolver[2].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[statse.webtrendslive.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\LEGOLAS\Cookies\legolas@ads.pointroll[1].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\LEGOLAS\Cookies\legolas@overture[2].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\LEGOLAS\Cookies\legolas@realmedia[2].txt
00171633 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\LEGOLAS\Cookies\legolas@www5.addfreestats[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\LEGOLAS\Cookies\legolas@questionmarket[2].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.questionmarket.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.zedo.com/]
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\LEGOLAS\Cookies\legolas@bluestreak[1].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\LEGOLAS\Cookies\legolas@adrevolver[2].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\FOUND.027\FILE0002.CHK[.adrevolver.com/]
00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Documents and Settings\LEGOLAS\Cookies\legolas@bravenet[1].txt
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\LEGOLAS\Cookies\legolas@adultfriendfinder[2].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\LEGOLAS\Cookies\legolas@go[1].txt
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\LEGOLAS\Cookies\legolas@searchportal.information[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\LEGOLAS\Cookies\legolas@atwola[1].txt
00286732 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\LEGOLAS\Cookies\legolas@www3.addfreestats[1].txt
00286736 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\LEGOLAS\Cookies\legolas@www6.addfreestats[2].txt
00366244 Application/NirCmd.A HackTools No 0 No No C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP655\A0194597.EXE[C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP655\A0194597.EXE][nircmd.exe]
00366244 Application/NirCmd.A HackTools No 0 No No D:\SOFTWARE\Flash_Disinfector.exe[D:\SOFTWARE\Flash_Disinfector.exe][nircmd.exe]
00440499 W32/Lineage.KCR.worm Virus/Trojan No 1 Yes Yes C:\Qoobox\Quarantine\C\xih9.cmd.vir
00440499 W32/Lineage.KCR.worm Virus/Trojan No 1 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP654\A0194352.CMD
00440499 W32/Lineage.KCR.worm Virus/Trojan No 1 Yes Yes D:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP654\A0194354.CMD
00443985 W32/Lineage.KDD Virus/Worm No 1 Yes Yes D:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP654\A0194353.CMD
00443985 W32/Lineage.KDD Virus/Worm No 1 Yes Yes C:\Qoobox\Quarantine\C\nq0cq.cmd.vir
00443985 W32/Lineage.KDD Virus/Worm No 1 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP654\A0194351.CMD
00445556 W32/Lineage.KDJ Virus No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP655\A0194556.COM
00445556 W32/Lineage.KDJ Virus No 0 Yes Yes C:\Qoobox\Quarantine\C\sq.com.vir
00445556 W32/Lineage.KDJ Virus No 0 Yes Yes C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ckvo.exe.vir
00445556 W32/Lineage.KDJ Virus No 0 Yes No C:\Qoobox\Quarantine\[4]-Submit_2008-11-17@1.28.zip[Collect_sq.com.vir]
00445556 W32/Lineage.KDJ Virus No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP654\A0194347.EXE
00445556 W32/Lineage.KDJ Virus No 0 Yes Yes D:\SQ.COM
00445563 W32/Lineage.KDJ.worm Virus/Worm No 0 Yes Yes C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ckvo0.dll.vir
00445563 W32/Lineage.KDJ.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP654\A0194348.DLL
00445563 W32/Lineage.KDJ.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP654\A0194349.DLL
00445563 W32/Lineage.KDJ.worm Virus/Worm No 0 Yes Yes C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ckvo1.dll.vir
00449301 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes D:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP650\A0192384.INF
00449301 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes D:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP650\A0192368.INF
00449301 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes D:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP653\A0194303.INF
00449301 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes D:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP651\A0193555.INF
00449301 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes D:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP650\A0192347.INF
00449301 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes D:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP650\A0192401.INF
00449301 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes D:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP650\A0192528.INF
00449301 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP654\A0194340.INF
00449301 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes D:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP651\A0192558.INF
00449301 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP653\A0194301.INF
00449301 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes D:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP651\A0193571.INF
00449301 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes D:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP653\A0194239.INF
00449301 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP653\A0194237.INF
00449301 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP650\A0192345.INF
00449301 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes D:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP651\A0193660.INF
00449301 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP653\A0194207.INF
00449301 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes D:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP654\A0194342.INF
00449301 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP652\A0194202.INF
00449301 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes C:\Qoobox\Quarantine\C\autorun.inf.vir
00449301 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes D:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP653\A0194209.INF
00449301 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP652\A0194097.INF
00449301 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP650\A0192366.INF
00449301 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP651\A0194085.INF
00449301 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes D:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP651\A0194053.INF
00449301 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP650\A0192382.INF
00449301 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP651\A0194068.INF
00449301 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP650\A0192399.INF
00449301 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes D:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP652\A0194204.INF
00449301 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP651\A0194051.INF
00449301 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes D:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP651\A0194070.INF
00449301 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP650\A0192526.INF
00449301 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP651\A0193658.INF
00449301 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP651\A0192530.INF
00449301 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes D:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP652\A0194099.INF
00449301 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP651\A0193569.INF
00449301 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP651\A0192556.INF
00449301 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes D:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP651\A0194087.INF
00449301 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP651\A0193553.INF
00449301 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes D:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP651\A0192532.INF
00450469 W32/Lineage.KDV Virus No 0 Yes Yes D:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP652\A0194098.EXE
00450469 W32/Lineage.KDV Virus No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP651\A0193568.EXE
00450469 W32/Lineage.KDV Virus No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP651\A0192555.EXE
00450469 W32/Lineage.KDV Virus No 0 Yes Yes D:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP651\A0194086.EXE
00450469 W32/Lineage.KDV Virus No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP651\A0193657.EXE
00450469 W32/Lineage.KDV Virus No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP651\A0192529.EXE
00450469 W32/Lineage.KDV Virus No 0 Yes Yes D:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP652\A0194203.EXE
00450469 W32/Lineage.KDV Virus No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP650\A0192525.EXE
00450469 W32/Lineage.KDV Virus No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP651\A0194050.EXE
00450469 W32/Lineage.KDV Virus No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP651\A0194067.EXE
00450469 W32/Lineage.KDV Virus No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP650\A0192398.EXE
00450469 W32/Lineage.KDV Virus No 0 Yes Yes D:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP651\A0194069.EXE
00450469 W32/Lineage.KDV Virus No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP650\A0192396.EXE
00450469 W32/Lineage.KDV Virus No 0 Yes Yes D:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP653\A0194208.EXE
00450469 W32/Lineage.KDV Virus No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP650\A0192381.EXE
00450469 W32/Lineage.KDV Virus No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP651\A0194084.EXE
00450469 W32/Lineage.KDV Virus No 0 Yes Yes D:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP651\A0193554.EXE
00450469 W32/Lineage.KDV Virus No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP652\A0194096.EXE
00450469 W32/Lineage.KDV Virus No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP652\A0194201.EXE
00450469 W32/Lineage.KDV Virus No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP653\A0194206.EXE
00450469 W32/Lineage.KDV Virus No 0 Yes Yes D:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP651\A0194052.EXE
00450469 W32/Lineage.KDV Virus No 0 Yes Yes D:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP653\A0194238.EXE
00450469 W32/Lineage.KDV Virus No 0 Yes Yes C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\kamsoft.exe.vir
00450469 W32/Lineage.KDV Virus No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP650\A0192365.EXE
00450469 W32/Lineage.KDV Virus No 0 Yes Yes D:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP651\A0193659.EXE
00450469 W32/Lineage.KDV Virus No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP650\A0192363.EXE
00450469 W32/Lineage.KDV Virus No 0 Yes Yes C:\Qoobox\Quarantine\C\lky.exe.vir
00450469 W32/Lineage.KDV Virus No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP653\A0194236.EXE
00450469 W32/Lineage.KDV Virus No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP653\A0194300.EXE
00450469 W32/Lineage.KDV Virus No 0 Yes No C:\Qoobox\Quarantine\[4]-Submit_2008-11-17@1.28.zip[Collect_kamsoft.exe.vir]
00450469 W32/Lineage.KDV Virus No 0 Yes No C:\Qoobox\Quarantine\[4]-Submit_2008-11-17@10.05.zip[Collect_lky.exe.vir]
00450469 W32/Lineage.KDV Virus No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP650\A0192344.EXE
00450469 W32/Lineage.KDV Virus No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP654\A0194339.EXE
00450469 W32/Lineage.KDV Virus No 0 Yes Yes D:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP650\A0192346.EXE
00450469 W32/Lineage.KDV Virus No 0 Yes Yes D:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP653\A0194302.EXE
00450469 W32/Lineage.KDV Virus No 0 Yes Yes D:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP650\A0192367.EXE
00450469 W32/Lineage.KDV Virus No 0 Yes Yes D:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP654\A0194341.EXE
00450469 W32/Lineage.KDV Virus No 0 Yes Yes D:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP650\A0192383.EXE
00450469 W32/Lineage.KDV Virus No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP655\A0194559.EXE
00450469 W32/Lineage.KDV Virus No 0 Yes Yes D:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP650\A0192400.EXE
00450469 W32/Lineage.KDV Virus No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP656\A0194626.EXE
00450469 W32/Lineage.KDV Virus No 0 Yes Yes D:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP650\A0192527.EXE
00450469 W32/Lineage.KDV Virus No 0 Yes Yes D:\LKY.EXE
00450469 W32/Lineage.KDV Virus No 0 Yes Yes D:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP651\A0192531.EXE
00450469 W32/Lineage.KDV Virus No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP651\A0193552.EXE
00450469 W32/Lineage.KDV Virus No 0 Yes Yes D:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP651\A0192557.EXE
00450469 W32/Lineage.KDV Virus No 0 Yes Yes D:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP651\A0193570.EXE
00509861 Hacktool/AngryScan HackTools No 1 Yes No D:\SOFTWARE\angry_ip_scanner_(v_2.21).exe
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP654\A0194380.EXE
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP658\A0195734.EXE
01185375 Application/Psexec.A HackTools No 0 Yes No C:\WINDOWS\PSEXESVC.EXE
01606636 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\LEGOLAS\Cookies\legolas@adserver.easyad[1].txt
02090013 Generic Malware Virus/Trojan No 0 Yes Yes D:\STYLEXP\!!Icons & Styles\Visual Style\Style XP 1.2\Style Xp KeyGen REAL (1).exe
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP655\A0194614.SYS
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP654\A0194360.SYS
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP656\A0194633.SYS
02908816 Cookie/Starware TrackingCookie No 0 Yes No C:\Documents and Settings\LEGOLAS\Cookies\legolas@h.starware[1].txt
04105222 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP651\A0192553.DLL
04105222 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP651\A0193551.DLL
04105222 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP651\A0193567.DLL
04105222 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP651\A0193656.DLL
04105222 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP651\A0194047.DLL
04105222 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP650\A0192397.DLL
04105222 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP651\A0194081.DLL
04105222 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP652\A0194200.DLL
04105222 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP653\A0194235.DLL
04105222 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP653\A0194299.DLL
04105222 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP650\A0192380.DLL
04105222 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP655\A0194557.DLL
04105222 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP655\A0194558.DLL
04105222 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\gasretyw0.dll.vir
04105222 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP650\A0192524.DLL
04105222 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\gasretyw1.dll.vir
04105222 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP650\A0192364.DLL
04105222 W32/Lineage.KDV.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{8F861F02-EEB0-4077-97B9-1358D3B75BFD}\RP651\A0194065.DLL
04105222 W32/Lineage.KDV.worm Virus/Worm No 0 Yes No C:\Qoobox\Quarantine\[4]-Submit_2008-11-17@1.28.zip[Collect_gasretyw1.dll.vir]
;===================================================================================================================================================================================
SUSPECTS
Sent Location 2
;===================================================================================================================================================================================
No C:\Program Files\Common Files\Akamai\AdminTool.exe 2
No C:\Program Files\mIRC\MIRC.EXE 2
No C:\Program Files\Internet Download Manager\IDMan.exe 2
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description 2
;===================================================================================================================================================================================
182048 HIGH MS07-069 2
176382 HIGH MS07-057 2
170911 HIGH MS07-050 2
170906 HIGH MS07-045 2
164913 HIGH MS07-033 2
160623 HIGH MS07-027 2
150253 HIGH MS07-016 2
145501 HIGH MS07-004 2
;===================================================================================================================================================================================
Attached Files
File Type: txt ComboFix.txt (13.2 KB, 0 views)
File Type: txt ActiveScan.txt (60.2 KB, 0 views)
naj113 is offline