;*********************************************************************************************************************************************************************************** ANALYSIS: 2008-05-08 07:08:57 PROTECTIONS: 1 MALWARE: 70 SUSPECTS: 0 ;*********************************************************************************************************************************************************************************** PROTECTIONS Description Version Active Updated ;=================================================================================================================================================================================== McAfee VirusScan Yes Yes ;=================================================================================================================================================================================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;=================================================================================================================================================================================== 00018331 adware/gator Adware No 0 Yes No c:\windows\gatoruninstaller_cme_u.log 00018331 adware/gator Adware No 0 Yes No c:\windows\gatoruninstaller_cme.log 00024343 adware/keenvalue Adware No 0 Yes No hkey_local_machine\software\perfectnav 00024343 adware/keenvalue Adware No 0 Yes No c:\program files\incredifind 00027660 adware/savenow Adware No 0 Yes No hkey_local_machine\software\classes\runmsc.loader 00027660 adware/savenow Adware No 0 Yes No HKEY_CLASSES_ROOT\Interface\{c285d18d-43a2-4aef-83fb-bf280e660a97} 00027660 adware/savenow Adware No 0 Yes No hkey_local_machine\software\classes\runmsc.loader.1 00029258 application/altnet HackTools No 0 Yes No HKEY_CLASSES_ROOT\Interface\{700DC0DD-F409-42E0-9DE5-21EE1A2BA9FD} 00029258 application/altnet HackTools No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\altnetdm 00029258 application/altnet HackTools No 0 Yes No hkey_classes_root\appid\adm.exe 00029258 application/altnet HackTools No 0 Yes No hkey_classes_root\topsearch.tslink.1 00029258 application/altnet HackTools No 0 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{B7156514-A76C-4545-9D5B-A4E1D02C7AEC} 00029258 application/altnet HackTools No 0 Yes No hkey_local_machine\software\classes\topsearch.tslink.1 00029258 application/altnet HackTools No 0 Yes No hkey_local_machine\software\classes\appid\adm.exe 00029258 application/altnet HackTools No 0 Yes No hkey_classes_root\clsid\{b7156514-a76c-4545-9d5b-a4e1d02c7aec} 00029258 application/altnet HackTools No 0 Yes No HKEY_CLASSES_ROOT\Interface\{CE9B37EC-D243-47A2-83DB-3A8350175193} 00029258 application/altnet HackTools No 0 Yes No hkey_classes_root\topsearch.tslink 00029258 application/altnet HackTools No 0 Yes No HKEY_CLASSES_ROOT\Interface\{582AB125-1403-42FB-9EFB-198690BA1496} 00029258 application/altnet HackTools No 0 Yes No hkey_local_machine\software\classes\topsearch.tslink 00029258 application/altnet HackTools No 0 Yes No c:\program files\altnet 00029568 adware/netpals Adware No 0 Yes No HKEY_CLASSES_ROOT\TypeLib\{0cf28135-b1dc-4f50-ab58-7cf5701a6ed6} 00029568 adware/netpals Adware No 0 Yes No hkey_classes_root\netpaliexplore.netpal 00029568 adware/netpals Adware No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\uninstall\npo 00029568 adware/netpals Adware No 0 Yes No hkey_classes_root\netpaliexplore.netpal.1 00029568 adware/netpals Adware No 0 Yes No hkey_local_machine\software\classes\netpaliexplore.netpal 00029568 adware/netpals Adware No 0 Yes No hkey_classes_root\typelib\{0cf28135-b1dc-4f50-ab58-7cf5701a6ed6} 00029568 adware/netpals Adware No 0 Yes No hkey_local_machine\software\classes\typelib\{0cf28135-b1dc-4f50-ab58-7cf5701a6ed6} 00029767 adware/delfinmedia Adware No 1 Yes No hkey_local_machine\software\microsoft\windows\currentversion\uninstall\pgtools 00029767 adware/delfinmedia Adware No 1 Yes No hkey_local_machine\software\tat 00032745 adware/sahagent Adware No 0 Yes No c:\sahagent.log 00032745 adware/sahagent Adware No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\shopathomeselect agent 00035722 adware/comet Adware No 0 Yes No HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Explorer Bars\{90c61707-c8f8-43db-a25c-c1f4b18ee41e} 00035722 adware/comet Adware No 0 Yes No HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Explorer Bars\{edc4193f-34ad-4d07-aa87-e3fdb89e3e76} 00040415 adware/wintools Adware No 0 Yes No hkey_classes_root\protocols\name-space handler\res 00040415 adware/wintools Adware No 0 Yes No hkey_local_machine\software\classes\protocols\name-space handler\res 00040415 adware/wintools Adware No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\aui 00040471 adware/downloadware Adware No 0 Yes No c:\windows\digital signature 20020928.htm 00040471 adware/downloadware Adware No 0 Yes No c:\windows\digital signature 20020812.htm 00040471 adware/downloadware Adware No 0 Yes No c:\windows\digital signature 20030702.htm 00040471 adware/downloadware Adware No 0 Yes No c:\windows\digital signature 20020713.htm 00040471 adware/downloadware Adware No 0 Yes No c:\windows\digital signature 20020619.htm 00040471 adware/downloadware Adware No 0 Yes No c:\windows\digital signature 20040116.htm 00040471 adware/downloadware Adware No 0 Yes No c:\program files\medch 00040471 adware/downloadware Adware No 0 Yes No c:\windows\digital signature 20020515.htm 00040471 adware/downloadware Adware No 0 Yes No c:\program files\medialoads enhanced 00041446 application/myway HackTools No 0 Yes No hkey_classes_root\clsid\{66fc8717-efa7-4546-8c4a-e224f3a80c76} 00041446 application/myway HackTools No 0 Yes No hkey_current_user\software\netscape\netscape navigator\automation shutdown\mywaytoolbar.netscapeshutdown.1 00041446 application/myway HackTools No 0 Yes No hkey_current_user\software\netscape\netscape navigator\automation startup\mywaytoolbar.netscapestartup.1 00041446 application/myway HackTools No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0494D0D1-F8E0-41AD-92A3-14154ECE70AC} 00041446 application/myway HackTools No 0 Yes No HKEY_CLASSES_ROOT\Interface\{0494D0D4-F8E0-41AD-92A3-14154ECE70AC} 00041446 application/myway HackTools No 0 Yes No HKEY_CLASSES_ROOT\Interface\{0494D0D6-F8E0-41AD-92A3-14154ECE70AC} 00041446 application/myway HackTools No 0 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{66FC8717-EFA7-4546-8C4A-E224F3A80C76} 00041904 adware/sidesearch Adware No 0 Yes No c:\program files\lycos 00041904 adware/sidesearch Adware No 0 Yes No c:\documents and settings\kdearie\application data\lycos 00048485 spyware/bundleware Spyware No 1 Yes No HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DDFFA75A-E81D-4454-89FC-B9FD0631E726} 00048503 spyware/clipgenie Spyware No 1 Yes No hkey_current_user\software\traynotifier 00064543 adware/ezcybersearch Adware No 0 Yes No HKEY_CLASSES_ROOT\Interface\{27F2EE5E-3E74-40BB-AE16-2D9EEEC6C0CF} 00096718 adware/twain-tech Adware No 0 Yes No c:\windows\inf\twaintec.inf 00101756 Trj/Downloader.FK Virus/Trojan No 0 Yes No C:\Documents and Settings\KDEARIE\Emily Dearie\Local Settings\Temporary Internet Files\Content.IE5\0YUOP0FC\stc[1].htm 00120322 Adware/MemoryWatcher Adware No 0 Yes No C:\System Volume Information\_restore{D2A33FE9-FF62-4C80-AC4B-536C1D183158}\RP1469\A1166399.OCX 00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\KDEARIE\Application Data\Mozilla\Profiles\DEFAULT\OLZEZ6KG.SLT\COOKIES.TXT[.trafficmp.com/] 00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\kdearie@trafficmp[1].txt.bak 00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\KDEARIE\Application Data\Mozilla\Profiles\DEFAULT\OLZEZ6KG.SLT\COOKIES.TXT[.trafficmp.com/] 00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\KDEARIE\Application Data\Mozilla\Profiles\DEFAULT\OLZEZ6KG.SLT\COOKIES.TXT[.trafficmp.com/] 00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\KDEARIE\Application Data\Mozilla\Profiles\DEFAULT\OLZEZ6KG.SLT\COOKIES.TXT[.trafficmp.com/] 00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\kdearie@trafficmp[3].txt.bak 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\kdearie@casalemedia[2].txt.bak 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\kdearie@casalemedia[1].txt.bak 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\kdearie@doubleclick[2].txt.bak 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\KDEARIE\Application Data\Mozilla\Profiles\DEFAULT\OLZEZ6KG.SLT\COOKIES.TXT[.doubleclick.net/] 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\kdearie@doubleclick[1].txt.bak 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\kdearie@atdmt[1].txt.bak 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\KDEARIE\Application Data\Mozilla\Profiles\DEFAULT\OLZEZ6KG.SLT\COOKIES.TXT[.atdmt.com/] 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\kdearie@atdmt[2].txt.bak 00145348 Cookie/Gator TrackingCookie No 0 Yes No C:\Documents and Settings\KDEARIE\Emily Dearie\Cookies\emily dearie@gator[1].txt 00145348 Cookie/Gator TrackingCookie No 0 Yes No C:\Documents and Settings\KDEARIE\Emily Dearie\Cookies\emily dearie@gator[3].txt 00145386 Cookie/XXXtoolbar TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\kdearie@xxxtoolbar[1].txt.bak 00145453 Cookie/Bfast TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\kdearie@bfast[2].txt.bak 00145453 Cookie/Bfast TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\kdearie@bfast[1].txt.bak 00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\kdearie@fastclick[2].txt.bak 00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\WINDOWS\SYSTEM\50c6a2ba.tmp 00145466 Cookie/Advertising TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\kdearie@servedby.advertising[2].txt.bak 00145466 Cookie/Advertising TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\kdearie@servedby.advertising[1].txt.bak 00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\KDEARIE\Application Data\Mozilla\Profiles\DEFAULT\OLZEZ6KG.SLT\COOKIES.TXT[.mediaplex.com/] 00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\kdearie@mediaplex[1].txt.bak 00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\KDEARIE\Application Data\Mozilla\Profiles\DEFAULT\OLZEZ6KG.SLT\COOKIES.TXT[.mediaplex.com/] 00145770 Cookie/CentrPort TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\kdearie@centrport[1].txt.bak 00145770 Cookie/CentrPort TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\kdearie@centrport[2].txt.bak 00145869 Cookie/SpyLog TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\kdearie@spylog[1].txt.bak 00145876 Cookie/X10 TrackingCookie No 0 Yes No C:\WINDOWS\TEMP\Cookies\kdearie@x10[1].txt 00149002 Cookie/Peel TrackingCookie No 0 Yes No C:\Documents and Settings\KDEARIE\Emily Dearie\Cookies\emily dearie@peel[2].txt 00157143 Cookie/MyWay TrackingCookie No 0 Yes No C:\Documents and Settings\KDEARIE\Emily Dearie\Cookies\emily dearie@www.xzoomy[1].txt 00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\kdearie@revenue[1].txt.bak 00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Lauren Dearie\Local Settings\Temp\Cookies\lauren dearie@com[2].txt 00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\KDEARIE\Emily Dearie\Cookies\emily dearie@com[2].txt 00167730 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\kdearie@ehg.hitbox[2].txt.bak 00167733 Cookie/Adserver TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\kdearie@z1.adserver[1].txt.bak 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\WINDOWS\SYSTEM\58b6070e.tmp 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\kdearie@advertising[1].txt.bak 00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\KDEARIE\Application Data\Mozilla\Profiles\DEFAULT\OLZEZ6KG.SLT\COOKIES.TXT[statse.webtrendslive.com/S002-00-7-13-160749-16802] 00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\kdearie@realmedia[1].txt.bak 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\KDEARIE\Application Data\Mozilla\Profiles\DEFAULT\OLZEZ6KG.SLT\COOKIES.TXT[.questionmarket.com/] 00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\kdearie@bluestreak[3].txt.bak 00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\kdearie@bluestreak[1].txt.bak 00180246 Cookie/XXXCounter TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\kdearie@xxxcounter[1].txt.bak 00197565 Adware/Coupons Adware No 0 Yes No C:\Documents and Settings\Lauren Dearie\InstallEx.exe 00249100 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\KDEARIE\Emily Dearie\Cookies\emily dearie@cgi-bin[3].txt 00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\KDEARIE\Cookies\kdearie@atwola[1].txt 00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\KDEARIE\Application Data\Mozilla\Profiles\DEFAULT\OLZEZ6KG.SLT\COOKIES.TXT[.atwola.com/] 00262033 adware/emediacodec Adware No 0 Yes No c:\program files\emedia codec 00262033 adware/emediacodec Adware No 0 Yes No hkey_classes_root\emediacodec.chl 00273914 Adware/EMediaCodec Adware No 0 Yes No C:\Program Files\eMedia Codec\UNINST.EXE 00286738 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\KDEARIE\Emily Dearie\Cookies\emily dearie@cgi-bin[5].txt 00286738 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\WINDOWS\TEMP\Cookies\kdearie@cgi-bin[1].txt 00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Program Files\SpyHunter\Backup\kdearie@ehg-dig.hitbox[2].txt.bak 00732373 Adware/Coupons Adware No 0 Yes No C:\WINDOWS\CPBRKPIE.OCX 00816208 Adware/eZula Adware No 0 Yes No C:\WINDOWS\SYSTEM32\MACROMED\Shockwave 8\xtras\download\TheGrooveAlliance\3DGrooveXtrav18\Groove.x32 00958927 Generic Malware Virus/Trojan No 0 Yes No C:\Program Files\Netscape\Netscape\Plugins\npwthost.dll 01066590 Generic Malware Virus/Trojan No 0 No No C:\Documents and Settings\Emily Dearie\Shared\[Full] everyday high school musical 2 with Bonus.zip[setup.exe][²ÖÇ\whCC-TRAFE5.exe][webhdll.dll] 01066650 Generic Malware Virus/Trojan No 0 No No C:\Documents and Settings\Emily Dearie\Shared\[Full] everyday high school musical 2 with Bonus.zip[setup.exe][²ÖÇ\whCC-TRAFE5.exe][whInstaller.exe] 01066718 Generic Malware Virus/Trojan No 0 No No C:\Documents and Settings\Emily Dearie\Shared\[Full] everyday high school musical 2 with Bonus.zip[setup.exe][²ÖÇ\whCC-TRAFE5.exe][whiehlpr.dll] 01241766 Generic Malware Virus/Trojan No 0 No No C:\Documents and Settings\Emily Dearie\Shared\[Full] everyday high school musical 2 with Bonus.zip[setup.exe][²ÖÇ\whCC-TRAFE5.exe][whAgent.exe] 01303739 Trj/Downloader.MDW Virus/Trojan No 1 No No C:\172.TMP[BndDrive.dll] 01335443 Adware/Zenosearch Adware No 0 No No C:\Documents and Settings\Emily Dearie\Shared\[Full] everyday high school musical 2 with Bonus.zip[setup.exe][²ÖÇ\TIP2D002.exe] 01373038 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{D2A33FE9-FF62-4C80-AC4B-536C1D183158}\RP1469\A1166403.EXE 01893835 Trj/Downloader.MDW Virus/Trojan No 1 No No C:\Documents and Settings\Emily Dearie\Shared\[Full] everyday high school musical 2 with Bonus.zip[setup.exe][²ÖÇ\setup.exe][²ªÇ] 01942661 Adware/WebHancer Adware No 0 No No C:\Documents and Settings\Emily Dearie\Shared\[Full] everyday high school musical 2 with Bonus.zip[setup.exe][²ÖÇ\whCC-TRAFE5.exe] 01973435 Adware/DelFinMedia Adware No 1 Yes No C:\WINDOWS\SYSTEM32\pgtools\tatss.dll 02198640 Trj/Spector Virus/Trojan No 1 No No C:\WINDOWS\TEMP\pftF022~TMP\data1.cab[webebot.exe] 02198640 Trj/Spector Virus/Trojan No 1 Yes No C:\WINDOWS\SYSTEM32\WEBEBOT.EXE 02206947 Trj/Spector Virus/Trojan No 1 No No C:\WINDOWS\TEMP\pftF022~TMP\data1.cab[winnetcl.exe] 02206947 Trj/Spector Virus/Trojan No 1 Yes No C:\WINDOWS\SYSTEM32\WINNETCL.EXE 02652861 Adware/Adband Adware No 0 Yes No C:\172.TMP 02886407 Application/DownAndRun HackTools No 0 No No C:\172.TMP[bndloader.exe] 02887265 Adware/Adband Adware No 0 No No C:\172.TMP[ism.exe] 02925232 Trj/Spector Virus/Trojan Yes 2 Yes No C:\WINDOWS\System32\netknl.dll 02925232 Trj/Spector Virus/Trojan No 1 No No C:\WINDOWS\TEMP\pftF022~TMP\data1.cab[netknl.dll] 02925280 Trj/Spector Virus/Trojan Yes 2 Yes No C:\WINDOWS\System32\netknlhm.dll 02925280 Trj/Spector Virus/Trojan No 1 No No C:\WINDOWS\TEMP\pftF022~TMP\data1.cab[netknlhm.dll] ;=================================================================================================================================================================================== SUSPECTS Sent Location 5Š;=================================================================================================================================================================================== ;=================================================================================================================================================================================== VULNERABILITIES Id Severity Description 5Š;=================================================================================================================================================================================== ;===================================================================================================================================================================================