I noticed that my computer was acting funny. When I'd click on past sites using autocomplete form history, it would take me to my ebay login and not the site intended. so I ran my windows cleanup program and started kaspersky. It detected 2 trojans, but said the threats had been successfully neutralized. Then my kaspersky stopped running and I had to turn it back on. I didn't pause it or turn it off. Message from kaspersky:
detected: Trojan program .JS.Agent.baTrojan-Downloadern URL: http://www.hartnetwork.org....
detected: Trojan program Trojan-Downloader.JS.Agent.ban URL: http://www.hartnetwork.org....
I know you guys are very busy - Appreciate some help with this Please! thanks so much
I have 2 harddrives C and F - My F drive is from an older computer that I had installed on my newer pc. unsure if Hijackthis report shows both. Also, I am NOT using earthlink for anything.
---------------------------------------------------------------------------------------------------
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 1:41:19 AM 4/3/2008
+ Scan result:
Nothing found.
::Report end
-------------------------------------------------------------------------------
SUPERAntiSpyware Scan Log
Generated 04/03/2008 at 10:09 AM
Application Version : 3.6.1000
Core Rules Database Version : 3190
Trace Rules Database Version: 1422
Scan type : Complete Scan
Total Scan Time : 01:43:53
Memory items scanned : 111
Memory threats detected : 0
Registry items scanned : 5989
Registry threats detected : 0
File items scanned : 113938
File threats detected : 34
Adware.Tracking Cookie
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\owner@adinterax[1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\owner@adlegend[2].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\owner@atwola[1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\owner@bannerspace[2].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\owner@banner[1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\owner@bizrate[2].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\owner@clickability[1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\owner@emarketmakers[1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\owner@exitexchange[1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\owner@findlaw[1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\owner@focalex[2].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\owner@gostats[1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\owner@media[1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\owner@metareward[2].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\owner@partner2profit[1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\owner@rightmedia[1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\owner@superstats[2].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\owner@windowsmedia[2].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\owner@xiti[1].txt
----------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:52:36 AM, on 4/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\Ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINNT\system32\drivers\CDAC11BA.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\lxdfcoms.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Lexmark 6500 Series\lxdfmon.exe
C:\Program Files\Lexmark 6500 Series\lxdfamon.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe
C:\WINNT\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [Rosary Reminder] C:\PROGRA~1\VIRTUA~1\reminder.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [lxdfmon.exe] "C:\Program Files\Lexmark 6500 Series\lxdfmon.exe"
O4 - HKLM\..\Run: [lxdfamon] "C:\Program Files\Lexmark 6500 Series\lxdfamon.exe"
O4 - HKLM\..\Run: [Lexmark 6500 Series Fax Server] "C:\Program Files\Lexmark 6500 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger Agent.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: PI Monitor.lnk = C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - hcp://system/TechTools.CAB
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINNT\system32\drivers\CDAC11BA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: lxdfCATSCustConnectService - Lexmark International, Inc. - C:\WINNT\System32\spool\DRIVERS\W32X86\3\\lxdfserv.exe
O23 - Service: lxdf_device - - C:\WINNT\system32\lxdfcoms.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
--
End of file - 10294 bytes
------------------------------------------------------------------------------------------
UNINSTALL LIST
1st Page 2000 2.00 Free
ABBYY FineReader 6.0 Sprint
Ad-Aware 2007
Adobe Acrobat 5.0
Adobe Flash Player 9 ActiveX
Adobe Photoshop CS
Adobe Reader 8.1.2
Adobe® Photoshop® Album Starter Edition 3.0
Apple Software Update
ArcSoft PhotoImpression
ArcSoft PhotoImpression 5
ATI Control Panel
ATI Display Driver
AVG Anti-Spyware 7.5
CCleaner (remove only)
Cda Product Service - shared component
CleanUp!
Corel Applications
Creative Driver
Do More 7.0
DVD
Easy CD Creator 5 Basic
EPSON Printer Software
EPSON TWAIN 5
EULAlyzer v1.2
ewido security suite
Gateway Ink Monitor
Gateway Rhapsody
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Intel® 537EP Data Fax Modem
Intel® PRO Network Adapters and Drivers
Intel® PROSet
Jasc Animation Shop 3
Jasc Animation Shop 3
Jasc Animation Shop 3 20041030_07 Help file Patch
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8
Java 6 Update 2
Kaspersky Anti-Virus 7.0
Kaspersky Anti-Virus 7.0
Kaspersky Online Scanner
Lexmark 6500 Series
LiveReg (Symantec Corporation)
LiveUpdate 3.0 (Symantec Corporation)
Logitech Desktop Messenger
Logitech ImageStudio
Logitech Print Service
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Data Access Components KB870669
Microsoft Encarta Encyclopedia Standard 2003
Microsoft Learning and Research Plus Support Files
Microsoft Money 2003
Microsoft Money 2003 System Pack
Microsoft Office PowerPoint Viewer 2003
Microsoft Picture It! Photo 7.0
Microsoft PowerPoint Viewer 97
Microsoft Streets and Trips 2002
Microsoft Word 2002
Microsoft Works 2003 Setup Launcher
Microsoft Works 7.0
Microsoft Works Suite Add-in for Microsoft Word
Mozilla Firefox (2.0.0.13)
MSN Internet Software
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MUSICMATCH® Jukebox
MuvAudio2
Napster
Napster Burn Engine
Norton WMI Update
Organic Art, Microsoft Edition
Paint Shop Pro 7 Anniversary Edition
Panda ActiveScan
Panda ActiveScan 2.0
PC-Doctor for Windows
pressplay
Presto! Forms 3.50.01
Presto! PageManager 7.12.02
PS/2 Millennium Keyboard
Quicken 2003 New User Edition
QuickTime
RealPlayer
Rhapsody Player Engine
ScanToWeb
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
Shockwave
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
SpywareBlaster 4.0
SUPERAntiSpyware Free Edition
Transition_SS
Twilight Reflections
Uninstall PGE
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Virtual Rosary
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format Runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinRAR archiver
WinZip
Yahoo! Address AutoComplete
Yahoo! extras
Yahoo! Mail Quick Select Tool (PhotoMail)
Yahoo! Messenger
Yahoo! Toolbar
ZoneAlarm Pro
-------------------------------------------------------------------------------------
PANDA ACTIVE SCAN
;*******************************************************************************
********************************************************************************
*
*******************
ANALYSIS: 2008-04-04 00:34:28
PROTECTIONS: 1
MALWARE: 22
SUSPECTS: 0
;*******************************************************************************
********************************************************************************
*
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
================================================================================
=
===================
Kaspersky Anti-Virus 7.0.0.125 Yes Yes
;===============================================================================
================================================================================
=
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
================================================================================
=
===================
00091942 adware/favoriteman Adware No 0 Yes No c:\winnt\system32\im64.dll
00119104 adware/kingporn Adware No 0 Yes No hkey_local_machine\software\inetdctr
00139535 Application/Processor HackTools No 0 Yes No C:\SDFix\apps\Process.exe
00145439 Cookie/Santa Monica networks inc TrackingCookie No 0 Yes No F:\WINDOWS\Cookies\anyuser@smni[2].txt
00145439 Cookie/Santa Monica networks inc TrackingCookie No 0 Yes No F:\WINDOWS\Application Data\Earthlink\6.0\[email protected]\Cookies\ariij@smni[3].txt
00145439 Cookie/Santa Monica networks inc TrackingCookie No 0 Yes No F:\WINDOWS\Cookies\anyuser@smni[1].txt
00145439 Cookie/Santa Monica networks inc TrackingCookie No 0 Yes No F:\WINDOWS\Cookies\ariij@smni[1].txt
00145439 Cookie/Santa Monica networks inc TrackingCookie No 0 Yes No F:\WINDOWS\Application Data\Earthlink\6.0\[email protected]\Cookies\ariij@smni[1].txt
00145734 Cookie/Affiliate fuel TrackingCookie No 0 Yes No F:\WINDOWS\Cookies\[email protected][2].txt
00145734 Cookie/Affiliate fuel TrackingCookie No 0 Yes No F:\WINDOWS\Cookies\[email protected][3].txt
00145786 Cookie/LinkExchange TrackingCookie No 0 Yes No F:\WINDOWS\Cookies\anyuser@linkexchange[1].txt
00145786 Cookie/LinkExchange TrackingCookie No 0 Yes No F:\WINDOWS\Cookies\hp authorized customer@linkexchange[1].txt
00145786 Cookie/LinkExchange TrackingCookie No 0 Yes No F:\WINDOWS\Cookies\anyuser@linkexchange[2].txt
00145786 Cookie/LinkExchange TrackingCookie No 0 Yes No F:\WINDOWS\Cookies\sears robuck@linkexchange[1].txt
00145786 Cookie/LinkExchange TrackingCookie No 0 Yes No F:\WINDOWS\Application Data\Earthlink\6.0\[email protected]\Cookies\anyuser@linkexchange[1].txt
00145786 Cookie/LinkExchange TrackingCookie No 0 Yes No F:\WINDOWS\Application Data\Earthlink\6.0\[email protected]\Cookies\sears robuck@linkexchange[1].txt
00145786 Cookie/LinkExchange TrackingCookie No 0 Yes No F:\WINDOWS\Cookies\ariij al-qanuni@linkexchange[1].txt
00145786 Cookie/LinkExchange TrackingCookie No 0 Yes No F:\WINDOWS\Application Data\Earthlink\6.0\[email protected]\Cookies\hp authorized customer@linkexchange[1].txt
00145786 Cookie/LinkExchange TrackingCookie No 0 Yes No F:\WINDOWS\Cookies\anyuser@linkexchange[4].txt
00148914 Cookie/Tucows TrackingCookie No 0 Yes No F:\WINDOWS\Cookies\sears robuck@tucows[1].txt
00148914 Cookie/Tucows TrackingCookie No 0 Yes No F:\WINDOWS\Application Data\Earthlink\6.0\[email protected]\Cookies\sears robuck@tucows[1].txt
00149116 Cookie/Ccbill TrackingCookie No 0 Yes No F:\WINDOWS\Cookies\anyuser@ccbill[3].txt
00149116 Cookie/Ccbill TrackingCookie No 0 Yes No F:\WINDOWS\Cookies\anyuser@ccbill[4].txt
00149116 Cookie/Ccbill TrackingCookie No 0 Yes No F:\WINDOWS\Application Data\Earthlink\6.0\[email protected]\Cookies\anyuser@ccbill[2].txt
00149116 Cookie/Ccbill TrackingCookie No 0 Yes No F:\WINDOWS\Cookies\anyuser@ccbill[2].txt
00167653 Cookie/Outster TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\owner@outster[2].txt
00167675 Cookie/Eyeblaster TrackingCookie No 0 Yes No F:\WINDOWS\Cookies\[email protected][2].txt
00167675 Cookie/Eyeblaster TrackingCookie No 0 Yes No F:\WINDOWS\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][3].txt
00167675 Cookie/Eyeblaster TrackingCookie No 0 Yes No F:\WINDOWS\Cookies\[email protected][1].txt
00167677 Cookie/WebPower TrackingCookie No 0 Yes No F:\WINDOWS\Cookies\anyuser@webpower[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No F:\WINDOWS\Application Data\Earthlink\6.0\[email protected]\Cookies\ariij@xiti[1].txt
00167709 Cookie/fe.lea.lycos TrackingCookie No 0 Yes No F:\WINDOWS\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
00167780 Cookie/Mircx TrackingCookie No 0 Yes No F:\WINDOWS\Cookies\[email protected][1].txt
00168108 Cookie/Tickle TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
00169288 Cookie/Gorillanation TrackingCookie No 0 Yes No F:\WINDOWS\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
00173545 Cookie/Rn11 TrackingCookie No 0 Yes No F:\WINDOWS\Application Data\Earthlink\6.0\[email protected]\Cookies\ariij@rn11[2].txt
00173545 Cookie/Rn11 TrackingCookie No 0 Yes No F:\WINDOWS\Application Data\Earthlink\6.0\[email protected]\Cookies\ariij@rn11[1].txt
00173545 Cookie/Rn11 TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\owner@rn11[1].txt
00186189 Cookie/LinkExchange TrackingCookie No 0 Yes No F:\WINDOWS\Application Data\Earthlink\6.0\[email protected]\Cookies\ariij@linkexchange[2].txt
00186189 Cookie/LinkExchange TrackingCookie No 0 Yes No F:\WINDOWS\Cookies\anyuser@linkexchange[3].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No F:\WINDOWS\Application Data\Earthlink\6.0\[email protected]\Cookies\hp authorized customer@go[2].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No F:\WINDOWS\Cookies\anyuser@go[3].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No F:\WINDOWS\Application Data\Earthlink\6.0\[email protected]\Cookies\ariij@go[2].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\owner@go[1].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No F:\WINDOWS\Application Data\Earthlink\6.0\[email protected]\Cookies\ariij@go[1].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No F:\WINDOWS\Application Data\Earthlink\6.0\[email protected]\Cookies\sears robuck@go[1].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No F:\WINDOWS\Cookies\sears robuck@go[2].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No F:\WINDOWS\Application Data\Earthlink\6.0\[email protected]\Cookies\anyuser@go[3].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No F:\WINDOWS\Cookies\hp authorized customer@go[2].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No F:\WINDOWS\Cookies\anyuser@go[2].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No F:\WINDOWS\Cookies\ariij al-qanuni@go[1].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No F:\WINDOWS\Cookies\anyuser@go[5].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No F:\WINDOWS\Cookies\sears robuck@go[1].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No F:\WINDOWS\Cookies\anyuser@go[1].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No F:\WINDOWS\Cookies\anyuser@go[4].txt
00278769 Application/PRScheduler HackTools No 0 Yes No C:\WINNT\pss\PowerReg SchedulerV2.exeStartup
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\WINNT\nircmd.exe
02203901 Generic Trojan Virus/Trojan No 0 Yes No C:\Program Files\epicenter\snuninst.exe
;===============================================================================
================================================================================
=
===================
SUSPECTS
Sent Location
;===============================================================================
================================================================================
=
===================
;===============================================================================
================================================================================
=
===================
VULNERABILITIES
Id Severity Description
;===============================================================================
================================================================================
=
===================
;===============================================================================
================================================================================
=
===================
Edited by mango_nj, 05 April 2008 - 10:34 AM.