3LOJIM Posted December 3, 2009 I just installed SAS. I have ran scans with Avast, Spybot, ad-aware and mbam. None have detected the trojan.agent/gen or many of the cookies listed below: Generated 12/03/2009 at 08:52 AM Application Version : 4.31.1000 Core Rules Database Version : 4330 Trace Rules Database Version: 2185 Scan type : Complete Scan Total Scan Time : 00:52:38 Memory items scanned : 505 Memory threats detected : 0 Registry items scanned : 4916 Registry threats detected : 55 File items scanned : 25443 File threats detected : 49 Trojan.Agent/Gen HKLM\Software\Classes\CLSID\{2E6F4C13-49FB-4DF3-B601-030D1D470E32} HKCR\CLSID\{2E6F4C13-49FB-4DF3-B601-030D1D470E32} HKCR\CLSID\{2E6F4C13-49FB-4DF3-B601-030D1D470E32} HKCR\CLSID\{2E6F4C13-49FB-4DF3-B601-030D1D470E32}\InprocServer32 HKCR\CLSID\{2E6F4C13-49FB-4DF3-B601-030D1D470E32}\InprocServer32#ThreadingModel HKCR\CLSID\{2E6F4C13-49FB-4DF3-B601-030D1D470E32}\ProgID HKCR\CLSID\{2E6F4C13-49FB-4DF3-B601-030D1D470E32}\Programmable HKCR\CLSID\{2E6F4C13-49FB-4DF3-B601-030D1D470E32}\TypeLib HKCR\CLSID\{2E6F4C13-49FB-4DF3-B601-030D1D470E32}\VersionIndependentProgID HKCR\KKToolbar.IEKKToolbar.1 HKCR\KKToolbar.IEKKToolbar.1\CLSID HKCR\KKToolbar.IEKKToolbar HKCR\KKToolbar.IEKKToolbar\CLSID HKCR\KKToolbar.IEKKToolbar\CurVer HKCR\TypeLib\{ECDD82A3-943F-4147-BE19-1334DEA3C68D} HKCR\TypeLib\{ECDD82A3-943F-4147-BE19-1334DEA3C68D}\1.0 HKCR\TypeLib\{ECDD82A3-943F-4147-BE19-1334DEA3C68D}\1.0\0 HKCR\TypeLib\{ECDD82A3-943F-4147-BE19-1334DEA3C68D}\1.0\0\win32 HKCR\TypeLib\{ECDD82A3-943F-4147-BE19-1334DEA3C68D}\1.0\FLAGS HKCR\TypeLib\{ECDD82A3-943F-4147-BE19-1334DEA3C68D}\1.0\HELPDIR D:\PROGRA~1\KINGKO~1\CAPTURE\KKBROW~1.DLL HKLM\Software\Classes\CLSID\{DAB46A0D-8939-4056-B80C-028DCE8999EF} HKCR\CLSID\{DAB46A0D-8939-4056-B80C-028DCE8999EF} HKCR\CLSID\{DAB46A0D-8939-4056-B80C-028DCE8999EF} HKCR\CLSID\{DAB46A0D-8939-4056-B80C-028DCE8999EF}\InprocServer32 HKCR\CLSID\{DAB46A0D-8939-4056-B80C-028DCE8999EF}\InprocServer32#ThreadingModel HKCR\CLSID\{DAB46A0D-8939-4056-B80C-028DCE8999EF}\ProgID HKCR\CLSID\{DAB46A0D-8939-4056-B80C-028DCE8999EF}\Programmable HKCR\CLSID\{DAB46A0D-8939-4056-B80C-028DCE8999EF}\TypeLib HKCR\CLSID\{DAB46A0D-8939-4056-B80C-028DCE8999EF}\VersionIndependentProgID HKCR\KKCatch.KKTBCatch.1 HKCR\KKCatch.KKTBCatch.1\CLSID HKCR\KKCatch.KKTBCatch HKCR\KKCatch.KKTBCatch\CLSID HKCR\KKCatch.KKTBCatch\CurVer HKCR\TypeLib\{5B0DB187-2227-404C-BA32-D68EEBF0FE50} HKCR\TypeLib\{5B0DB187-2227-404C-BA32-D68EEBF0FE50}\1.0 HKCR\TypeLib\{5B0DB187-2227-404C-BA32-D68EEBF0FE50}\1.0\0 HKCR\TypeLib\{5B0DB187-2227-404C-BA32-D68EEBF0FE50}\1.0\0\win32 HKCR\TypeLib\{5B0DB187-2227-404C-BA32-D68EEBF0FE50}\1.0\FLAGS HKCR\TypeLib\{5B0DB187-2227-404C-BA32-D68EEBF0FE50}\1.0\HELPDIR D:\PROGRA~1\KINGKO~1\CAPTURE\KKCATC~1.DLL HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DAB46A0D-8939-4056-B80C-028DCE8999EF} HKU\S-1-5-21-1960408961-308236825-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2E6F4C13-49FB-4DF3-B601-030D1D470E32} HKU\S-1-5-21-1960408961-308236825-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DAB46A0D-8939-4056-B80C-028DCE8999EF} HKLM\Software\Microsoft\Internet Explorer\Toolbar#{2E6F4C13-49FB-4DF3-B601-030D1D470E32} HKU\S-1-5-21-1960408961-308236825-725345543-1004\Software\Microsoft\Internet Explorer\URLSearchHooks#{DAB46A0D-8939-4056-B80C-028DCE8999EF} HKCR\Interface\{3605DAEB-B708-4A2E-B10E-4A408EF31635} HKCR\Interface\{3605DAEB-B708-4A2E-B10E-4A408EF31635}\ProxyStubClsid HKCR\Interface\{3605DAEB-B708-4A2E-B10E-4A408EF31635}\ProxyStubClsid32 HKCR\Interface\{3605DAEB-B708-4A2E-B10E-4A408EF31635}\TypeLib HKCR\Interface\{3605DAEB-B708-4A2E-B10E-4A408EF31635}\TypeLib#Version HKCR\Interface\{B914CAA9-2795-453D-9559-C2C769C5155A} HKCR\Interface\{B914CAA9-2795-453D-9559-C2C769C5155A}\ProxyStubClsid HKCR\Interface\{B914CAA9-2795-453D-9559-C2C769C5155A}\ProxyStubClsid32 HKCR\Interface\{B914CAA9-2795-453D-9559-C2C769C5155A}\TypeLib HKCR\Interface\{B914CAA9-2795-453D-9559-C2C769C5155A}\TypeLib#Version Adware.Tracking Cookie C:\Documents and Settings\Tito\Cookies\tito@adrevolver[2].txt C:\Documents and Settings\Tito\Cookies\tito@ad.yieldmanager[2].txt C:\Documents and Settings\Tito\Cookies\tito@adopt.specificclick[2].txt C:\Documents and Settings\Tito\Cookies\tito@adopt.euroclick[1].txt C:\Documents and Settings\Tito\Cookies\tito@server.iad.liveperson[1].txt C:\Documents and Settings\Tito\Cookies\tito@casalemedia[1].txt C:\Documents and Settings\Tito\Cookies\tito@advertising[2].txt C:\Documents and Settings\Tito\Cookies\tito@apmebf[1].txt C:\Documents and Settings\Tito\Cookies\tito@atdmt[1].txt C:\Documents and Settings\Tito\Cookies\tito@burstnet[2].txt C:\Documents and Settings\Tito\Cookies\tito@msnportal.112.2o7[1].txt C:\Documents and Settings\Tito\Cookies\tito@data.coremetrics[1].txt C:\Documents and Settings\Tito\Cookies\tito@doubleclick[2].txt C:\Documents and Settings\Tito\Cookies\tito@fastclick[2].txt C:\Documents and Settings\Tito\Cookies\tito@media.adrevolver[1].txt C:\Documents and Settings\Tito\Cookies\tito@mediaplex[1].txt C:\Documents and Settings\Tito\Cookies\tito@questionmarket[2].txt C:\Documents and Settings\Tito\Cookies\tito@realmedia[1].txt C:\Documents and Settings\Tito\Cookies\tito@revsci[2].txt C:\Documents and Settings\Tito\Cookies\tito@tribalfusion[1].txt C:\Documents and Settings\Tito\Cookies\tito@zedo[2].txt D:\Documents and Settings\Mejor\Cookies\mejor@ad.yieldmanager[2].txt D:\Documents and Settings\Mejor\Cookies\mejor@socialmedia[1].txt D:\Documents and Settings\Mejor\Cookies\mejor@ads.as4x.tmcs[2].txt D:\Documents and Settings\Mejor\Cookies\mejor@a1.interclick[1].txt D:\Documents and Settings\Mejor\Cookies\mejor@interclick[1].txt D:\Documents and Settings\Mejor\Cookies\mejor@interclick[2].txt D:\Documents and Settings\Mejor\Cookies\mejor@a1.interclick[2].txt D:\Documents and Settings\Mejor\Cookies\mejor@a1.interclick[3].txt D:\Documents and Settings\Mejor\Cookies\mejor@adultfriendfinder[1].txt D:\Documents and Settings\Mejor\Cookies\mejor@specificmedia[2].txt D:\Documents and Settings\Mejor\Cookies\mejor@content.yieldmanager[11].txt D:\Documents and Settings\Mejor\Cookies\mejor@richmedia.yahoo[1].txt D:\Documents and Settings\Mejor\Cookies\mejor@richmedia.yahoo[2].txt D:\Documents and Settings\Mejor\Cookies\mejor@content.yieldmanager[4].txt D:\Documents and Settings\Mejor\Cookies\mejor@content.yieldmanager[5].txt D:\Documents and Settings\Mejor\Cookies\mejor@content.yieldmanager[2].txt D:\Documents and Settings\Mejor\Cookies\mejor@content.yieldmanager[3].txt D:\Documents and Settings\Mejor\Cookies\mejor@content.yieldmanager[1].txt D:\Documents and Settings\Mejor\Cookies\mejor@content.yieldmanager[6].txt D:\Documents and Settings\Mejor\Cookies\mejor@adecn[1].txt D:\Documents and Settings\Mejor\Cookies\mejor@content.yieldmanager[8].txt D:\Documents and Settings\Mejor\Cookies\mejor@content.yieldmanager[9].txt D:\Documents and Settings\Mejor\Cookies\mejor@content.yieldmanager[7].txt D:\Documents and Settings\Mejor\Cookies\mejor@atdmt[2].txt D:\Documents and Settings\Mejor\Cookies\mejor@collective-media[1].txt Trojan.Downloader-Gen/Suspicious D:\PROGRAM FILES\KING KONG SOFTWARE\CAPTURE\UNINSTALLER.EXE ?????????????????????????????????????????????????????????????????????????????????????????????? Share this post Link to post Share on other sites