problem with Click.GiftLoad

[ken545]

Patrick, its best to copy and paste the logs into the thread in lew of attaching them, its easier for me to analyze.

Looks like the Rootkit is gone


While I am looking over your Combofix log, run this program and post the log please

Please download Malwarebytes from Here or Here

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan.
  
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected .
• When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
• Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

Post the report please

[stapper]

ok, i will di that.

I downloaded,update and ran malware bytes.
Here are the results

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Databaseversie: 6639

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

22/05/2011 10:12:03
mbam-log-2011-05-22 (10-12-03).txt

Scantype: Snelle scan
Objecten gescand: 175865
Verstreken tijd: 4 minuut/minuten, 40 seconde(n)

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 2
Registerwaarden geïnfecteerd: 0
Registerdata geïnfecteerd: 1
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 1

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geïnfecteerd:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494E6CEC-7483-A4EE-0938-895519A84BC7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494E6CEC-7483-A4EE-0938-895519A84BC7} (Backdoor.Bot) -> Quarantined and deleted successfully.

Registerwaarden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerdata geïnfecteerd:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Trojan.FakeAlert) -> Bad: (mnrnmuxs.dll) Good: () -> Quarantined and deleted successfully.

Mappen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Bestanden geïnfecteerd:
c:\WINDOWS\system32\mnrnmuxs.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

[ken545]

Drag Combofix to the trash and download a fresh copy and run it and post the new log please

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

[stapper]

Hi,

I download a fresh copy of combofix.
I did the update.
Here is the log file and thanks in advance

ComboFix 11-05-22.02 - Patrick 23/05/2011 18:52:54.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1023.465 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Patrick\Bureaublad\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\tmp.tmp
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-04-23 to 2011-05-23 ))))))))))))))))))))))))))))))
.
.
2011-05-22 08:05 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-22 08:04 . 2011-05-22 08:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-22 08:04 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-14 09:42 . 2011-05-14 09:52 -------- d-----w- c:\program files\ERUNT
2011-05-10 17:58 . 2011-05-10 21:26 -------- d-----w- C:\screening
2011-05-01 12:17 . 2011-05-01 12:17 -------- d-----w- c:\program files\CCleaner
2011-05-01 11:45 . 2011-05-01 11:45 -------- d-----w- c:\documents and settings\Greetje\Local Settings\Application Data\Mozilla
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-19 06:07 . 2004-09-13 12:52 153856 ----a-w- c:\windows\system32\drivers\dmio.sys
2001-05-24 10:59 . 2008-02-21 19:24 162304 ----a-w- c:\program files\UNWISE.EXE
1999-05-23 23:17 . 1999-05-23 23:17 99840 ----a-w- c:\program files\Common Files\IRAABOUT.DLL
1998-12-09 02:53 . 1998-12-09 02:53 70144 ----a-w- c:\program files\Common Files\IRAMDMTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 48640 ----a-w- c:\program files\Common Files\IRALPTTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 31744 ----a-w- c:\program files\Common Files\IRAWEBTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 186368 ----a-w- c:\program files\Common Files\IRAREG.DLL
1998-12-09 02:53 . 1998-12-09 02:53 17920 ----a-w- c:\program files\Common Files\IRASRIAL.DLL
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 32881]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-03-04 606208]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 53248]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-06-02 267048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10b.exe" [2009-02-03 240544]
.
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-6-16 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
Poort voor Symantec Fax Starter Edition.lnk - c:\program files\Microsoft Office\Office\1043\OLFSNT40.EXE [1999-5-24 46077]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2005-6-20 118784]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 15:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hou85.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Pxf87.sys]
@="Driver"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R2 DB2MGMTSVC_DB2COPY1;DB2 Management Service (DB2COPY1);c:\program files\IBM\SQLLIB\BIN\db2mgmtsvc.exe [8/11/2007 21:50 35616]
R2 DB2NTSECSERVER_DB2COPY1;DB2 Security Server (DB2COPY1);c:\program files\IBM\SQLLIB\BIN\db2sec.exe [8/11/2007 21:51 14112]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s [?]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/08/2010 14:15 1375992]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s [?]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [16/06/2005 18:07 80384]
S0 Hou85;Hou85;c:\windows\system32\Drivers\Hou85.sys --> c:\windows\system32\Drivers\Hou85.sys [?]
S0 Pxf87;Pxf87;c:\windows\system32\Drivers\Pxf87.sys --> c:\windows\system32\Drivers\Pxf87.sys [?]
S1 ccfc;ccfc;\??\c:\windows\system32\ccfc.sys --> c:\windows\system32\ccfc.sys [?]
S2 GHTJJGIN;GHTJJGIN;\??\c:\windows\system32\ghtjjgin.tfp --> c:\windows\system32\ghtjjgin.tfp [?]
S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [19/11/2010 20:39 136176]
S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [19/11/2010 20:39 136176]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [12/08/2010 14:15 15264]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [23/09/2005 8:01 2799808]
.
Inhoud van de 'Gedeelde Taken' map
.
2011-05-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 19:36]
.
2011-05-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2011-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-19 18:39]
.
2011-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-19 18:39]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.be/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Patrick\Application Data\Mozilla\Firefox\Profiles\gsdxxua1.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
.
------- Bestandsassociaties -------
.
inifile=c:\program files\Boxer Text Editor\b.exe "%1"
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-23 19:00
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GHTJJGIN]
"ImagePath"="\??\c:\windows\system32\ghtjjgin.tfp"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'winlogon.exe'(1000)
c:\windows\system32\Ati2evxx.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
Voltooingstijd: 2011-05-23 19:02:36
ComboFix-quarantined-files.txt 2011-05-23 17:02
ComboFix2.txt 2011-05-21 10:05
.
Pre-Run: 23.194.517.504 bytes beschikbaar
Post-Run: 23.194.001.408 bytes beschikbaar
.
- - End Of File - - 434931C215EFF924BDD53242F9633E8B

[ken545]

Hi,

Just a few files that I would like you to check for me

You need to enable windows to show all files and folders, instructions Here

Go to VirusTotal and submit these files for analysis, just use the BROWSE feature and then Send File , you will get a report back, post the report into this thread for me to see. If the site says this file has already been checked, have them check it again

c:\windows\system32\Drivers\Hou85.sys
c:\windows\system32\Drivers\Pxf87.sys
c:\windows\system32\ccfc.sys
c:\windows\system32\ghtjjgin.tfp


If the site is busy you can try this one
http://virusscan.jotti.org/en

[stapper]

Hi,

I enabled windows to show the files and folders but the files are not in my system.

regards

Patrick

[ken545]

Ok, lets proceed, how are things running so far, any redirects or unwanted pop up windows ?



ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.

1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
   ESET OnlineScan
2. Click the button.
3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
   1. Click on to download the ESET Smart Installer. Save it to your desktop.
   2. Double click on the icon on your desktop.
4. Check
5. Click the button.
6. Accept any security warnings from your browser.
7. Check
8. Make sure that the option "Remove found threats" is Unchecked
9. Push the Start button.
10. ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
11. When the scan completes, push
12. Push , and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
13. Push the button.
14. Push

Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.

[stapper]

Here is the logfile from ESET. The log is also attached if this better for you

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinMuollo1.zip Win32/Bagle.gen.zip worm
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinMuollo3.zip Win32/Bagle.gen.zip worm
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinZBot.zip Win32/Bagle.gen.zip worm
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\j.jar-1dcd5b4f-21c8fe54.zip a variant of Java/TrojanDownloader.OpenStream.NBU trojan
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\j.jar-21ede86b-214a64b5.zip a variant of Java/TrojanDownloader.OpenStream.NBU trojan
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javajsm.jar-3ae85437-162d9161.zip multiple threats
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javaobe.jar-25f45de5-1d5cabe1.zip multiple threats
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\plugins.jar-6ca7f74e-3be20236.zip multiple threats
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\plugins.jar-77c163e5-633658ef.zip Java/TrojanDownloader.Agent.NCM trojan
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\track5.id-3a7575ee-3465175d.zip probably a variant of Java/Agent.AF trojan
C:\Documents and Settings\Patrick\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\yearsTend.class-17262f98-7b9eca77.class probably a variant of Java/TrojanDownloader.Agent.AB trojan
C:\Downloads\autorun.inf Win32/Ramnit.A.Gen virus
C:\Downloads\setup50045.fon Win32/AutoRun.Agent.ABK worm
C:\Downloads\setup50045.lnk LNK/Exploit.CVE-2010-2568 trojan
C:\Downloads\setup50076.fon Win32/AutoRun.Agent.ABK worm
C:\Downloads\setup50076.lnk LNK/Exploit.CVE-2010-2568 trojan
C:\Downloads\genesys\GeneSysSDK2006.zip a variant of Win32/TrojanDropper.Small.NIS trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\userinit.exe.vir a variant of Win32/Kryptik.DKU trojan
C:\screening\autorun.inf Win32/Ramnit.A.Gen virus
C:\screening\setup50045.fon Win32/AutoRun.Agent.ABK worm
C:\screening\setup50045.lnk LNK/Exploit.CVE-2010-2568 trojan
C:\System Volume Information\_restore{CB32FFED-FFB0-4F82-9D41-E1A8368D0A19}\RP863\A0091682.dll Win32/TrojanDownloader.FakeAlert.ARF trojan
C:\System Volume Information\_restore{CB32FFED-FFB0-4F82-9D41-E1A8368D0A19}\RP863\A0092712.inf Win32/Ramnit.A.Gen virus
C:\System Volume Information\_restore{CB32FFED-FFB0-4F82-9D41-E1A8368D0A19}\RP865\A0102951.exe a variant of Win32/Kryptik.DKU trojan

[ken545]

You have infected files all over the place

1. Open Spybot and go to the Quarantine folder and remove it all

2. Go to these two folders and delete all thats inside
C:\screening
C:\Downloads


3.C:\Qoobox <-- This is the combofix back up folder, cant hurt you we will remove this when where done

4. Your Jave Cache has bad files in it, do this

Please download ATF Cleaner by Atribune to your desktop.

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.

Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up
Please note: If you use online banking or are registered online with any other organizations, ensure you have memorized password and other personal information as removing cookies will temporarily disable the auto-login facility.





5. System Restore also has bad files, but they can hurt you unless you use System restore to revert your computer to an earlier date so its best to flush this all out

System Restore is a component of Microsoft's Windows Me, Windows XP, Windows Vista and Windows 7 operating systems that allows for the rolling back of system files, registry keys, installed programs, etc., to a previous state in the event of malfunctioning or failure. Old restore points can be a source of re-infection.

Please follow the steps below to create a clean restore point:

1. Click Start > Run > copy and paste the following into the run box:
   
   %SystemRoot%\System32\restore\rstrui.exe
2. Press OK. Choose Create a Restore Point then click Next.
3. Name it (something you'll remember) and click Create.
4. When the confirmation screen shows the restore point has been created click Close.

Then remove all previous Restore Points

1. Click Start > Run > copy and paste the following into the run box:
   
   cleanmgr
2. Choose to scan drive C:\ (if C:\ is your main drive).
3. At the top, click on More Options tab. Click the Clean up... button in the System Restore box.
4. Click on the Yes button.
5. When finished, click on Cancel button to exit.

After your done, reboot your system and run ESET again and post the log

[stapper]

Here is the logfile from ESET.thanks in advance

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\j.jar-21ede86b-214a64b5.zip a variant of Java/TrojanDownloader.OpenStream.NBU trojan
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javajsm.jar-3ae85437-162d9161.zip multiple threats
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javaobe.jar-25f45de5-1d5cabe1.zip multiple threats
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\plugins.jar-6ca7f74e-3be20236.zip multiple threats
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\plugins.jar-77c163e5-633658ef.zip Java/TrojanDownloader.Agent.NCM trojan
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\track5.id-3a7575ee-3465175d.zip probably a variant of Java/Agent.AF trojan
C:\Documents and Settings\Patrick\Local Settings\temp\srv294.tmp Win32/AutoRun.Agent.ABK worm
C:\Qoobox\Quarantine\C\WINDOWS\system32\userinit.exe.vir a variant of Win32/Kryptik.DKU trojan