Go Back   Cyber Tech Help Support Forums > Software > Malware Removal Forum
Reload this Page trojan horse downloader.stubby.A
Register Blogs FAQ Calendar Search Today's Active Topics Mark Forums Read

Notices

Reply
 
Topic Tools
  #1  
Old December 13th, 2005, 01:53 AM
TheFrogg TheFrogg is offline
New Member
  
Join Date: Dec 2005
Posts: 4
trojan horse downloader.stubby.A
I've received a notice from AVG antivirus that I have the Trojan horse Downloader.Stubby.A virus on my computer and I have been unable to get it off of my computer. This is my Hijackthis readout thing. Please let me know what I must do to get rid of this virus. Thank you very much for your help

Logfile of HijackThis v1.99.1
Scan saved at 8:41:01 PM, on 12/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\support.com\bin\tgcmd.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\winupdates\winupdates.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE
C:\WINDOWS\system32\j?vaw.exe
C:\Program Files\Mulberry\bin32\Kstatus.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\Program Files\Grisoft\AVG Free\avgemc.exe
C:\Documents and Settings\Scott Kohler\My Documents\New Folder (7)\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,Default_Search_URL = http://www.searchnow.ws/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/?.intl=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://rd.yahoo.com/customize/ymsgr/...//my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/ymsgr/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/ymsgr/.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/ymsgr/.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = search-1.net/age.php? (to verify your age, REQUIRED!) WARNING! Adult pictures are featured in this site. Only adults permitted beyond this point. Are you at least 18 years old
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R3 - URLSearchHook: {B5AB638F-D76C-415B-A8F2-F3CEAC502212} - - (no file)
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://webcenters.compuserve.com/compuserve/menu/default.jsp"); (C:\Documents and Settings\Scott Kohler\Application Data\Mozilla\Profiles\default\14rsu15r.slt\prefs.j s)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csea rchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Scott Kohler\Application Data\Mozilla\Profiles\default\14rsu15r.slt\prefs.j s)
O1 - Hosts: 209.132.200.78 auto.search.msn.com
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: (no name) - {35AA6F25-C541-6ABE-8756-64550DF1291B} - C:\WINDOWS\System32\etckz.dll (file missing)
O2 - BHO: (no name) - {7CA647DA-457F-4086-89A6-CE80F788ADC8} - C:\WINDOWS\System32\rcmoc3260.dll (file missing)
O2 - BHO: (no name) - {A7D38554-68CD-0969-B288-136404DF1B94} - C:\WINDOWS\system32\ijpo.dll (file missing)
O2 - BHO: (no name) - {AD39EFCA-0A03-6DA1-7D24-79C2BE564694} - C:\WINDOWS\system32\ijuf.dll (file missing)
O3 - Toolbar: (no name) - {69550BE2-9A78-11d2-BA91-00600827878D} - (no file)
O3 - Toolbar: SuperBar - {15F94797-3E1F-4F07-9BAE-0537B44AD963} - C:\Program Files\SUPERBAR\SUPERBAR.dll (file missing)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [autoupd] C:\WINDOWS\autoupd\autoupd.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RDLL] RunDll16.exe
O4 - HKLM\..\Run: [2@QDKE@2EB923K] C:\WINDOWS\System32\Ypxfye5.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [ifgnunch] C:\WINDOWS\ifgnunch.exe
O4 - HKLM\..\Run: [ps5V36W] forcutl.exe
O4 - HKLM\..\Run: [dst] C:\WINDOWS\dst.exe
O4 - HKLM\..\Run: [jxagvi] c:\windows\system32\jxagvi.exe
O4 - HKLM\..\Run: [abasa5jrp] C:\WINDOWS\system32\abasa5jrp.exe
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\RunServices: [RDLL] RunDll16.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE"
O4 - HKCU\..\Run: [Cobliiva] C:\WINDOWS\system32\j?vaw.exe
O4 - HKCU\..\Run: [Seua] C:\Documents and Settings\Scott Kohler\Application Data\drea.exe
O4 - HKCU\..\Run: [YBu9RWapl] faun20.exe
O4 - Startup: Kstatus.lnk = C:\Program Files\Mulberry\bin32\Kstatus.exe
O4 - Global Startup: Windows Media PowerPoint Helper.lnk = C:\Program Files\Windows Media Components\Tools\nsppthlp.exe
O4 - Global Startup: CompuServe 7.0 Tray Icon.lnk = C:\Program Files\CompuServe 7.0\cstray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~5\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0522.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0522.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O16 - DPF: {10000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com/...8108/turbo.cab
O16 - DPF: {1B77F337-2C1E-4D52-88F7-AAEE5BFB6F5B} - http://www.netbroadcaster.com/player/MovieNetworks1.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {50F65670-1729-11D2-A51F-0020AFE5D502} (ForumChat) - http://objects.compuserve.com/chat/RTCChat.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1094087907936
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1125446122885
O16 - DPF: {9771C160-AD19-11D5-91BE-0048546CB511} - http://216.176.203.17/webtwo/download.exe
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yaho...mmapi_0727.dll
O16 - DPF: {BD11A280-2E73-11CF-B6CF-00AA00A74DAF} - http://images.bonzi.com/freebuddy/wd/bbsetupkaa.exe
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/checkmypc/inc...ivePreQual.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://anu.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {E6D5237D-A6C7-4C83-A67F-F9F15586FA62} (SBFullInst Control) - http://www.spyblast.com/download/SBFull.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Reply With Quote


  #2  
Old December 13th, 2005, 05:55 AM
Pancake Pancake is offline
CTH Subscriber
  
Join Date: Jan 2004
Location: Australia
Posts: 11,319
Hi.
Lets start with a bit of an auto clean first as there is a lot of malware to clear out...

Download SpyBot
Save spybotsd14.exe into its own directory, NOT in a TEMPorary folder or on the Desktop.
I recommend c:/program files/spybot/
Doubleclick spybotsd13.exe. Make sure to direct the program to install in the c:/program files/spybot/ directory, NOT the default directory.
Open Spybot from Start | Programs | Spybot | Spybot S&D
Select <Search for Updates>. Let it install all updates. This is very important!
Select <Immunize>
Select <Check for Problems>
Check all entries that are in RED. Only RED NOTHING ELSE.
Select <Fix Selected Problems>
Close Spybot//
======================================

Download the trial version of Ewido Security Suite

When installing, under "Additional Options" uncheck "Install Background Guard" and "Install scan via context menu".

Launch Ewido Security Suite (there should be an icon on your desktop doubleclick it). The program will now go to the main screen. You will need to update ewido to the latest definition files.

On the left hand side of the main screen click update and then click on Start Update. The update will start and a progress bar will show the updates being installed. If you have problems with the updater, you can use this link to manually update ewido.
http://www.ewido.net/en/download/updates/. Do not run a scan yet.

When you have done this, boot into Safe Mode (restart your PC and keep tapping F8 while it restarts).

Run Ewido Security Suite now. Click on Scanner and click Complete System Scan and the scan will begin. During the scan it will prompt you to clean files, click OK. When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK. When the scan is finished, click the Save report button at the bottom of the screen. Save the report to your desktop and close Ewido Security Suite.

================================

Post back a new HJT log as well as the one from Ewido please.
Reply With Quote
  #3  
Old December 13th, 2005, 10:12 PM
TheFrogg TheFrogg is offline
New Member
  
Join Date: Dec 2005
Posts: 4
Thanks for helping out. I have downloaded both programs and followed your instructions. Here are the Hijack this report (the two reports are a bit lengthy, so i split them into two replies)


Logfile of HijackThis v1.99.1
Scan saved at 5:07:08 PM, on 12/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE
C:\Program Files\Mulberry\bin32\Kstatus.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\ewidothing\security suite\ewidoctrl.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Scott Kohler\My Documents\New Folder (7)\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,Default_Search_URL = http://www.searchnow.ws/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/?.intl=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://rd.yahoo.com/customize/ymsgr/...//my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/ymsgr/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/ymsgr/.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/ymsgr/.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = search-1.net/age.php? (to verify your age, REQUIRED!) WARNING! Adult pictures are featured in this site. Only adults permitted beyond this point. Are you at least 18 years old
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R3 - URLSearchHook: {B5AB638F-D76C-415B-A8F2-F3CEAC502212} - - (no file)
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://webcenters.compuserve.com/compuserve/menu/default.jsp"); (C:\Documents and Settings\Scott Kohler\Application Data\Mozilla\Profiles\default\14rsu15r.slt\prefs.j s)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csea rchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Scott Kohler\Application Data\Mozilla\Profiles\default\14rsu15r.slt\prefs.j s)
O1 - Hosts: 209.132.200.78 auto.search.msn.com
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: (no name) - {35AA6F25-C541-6ABE-8756-64550DF1291B} - C:\WINDOWS\System32\etckz.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\spybot\SDHelper.dll
O2 - BHO: (no name) - {7CA647DA-457F-4086-89A6-CE80F788ADC8} - C:\WINDOWS\System32\rcmoc3260.dll (file missing)
O2 - BHO: (no name) - {A7D38554-68CD-0969-B288-136404DF1B94} - C:\WINDOWS\system32\ijpo.dll (file missing)
O2 - BHO: (no name) - {AD39EFCA-0A03-6DA1-7D24-79C2BE564694} - C:\WINDOWS\system32\ijuf.dll (file missing)
O3 - Toolbar: SuperBar - {15F94797-3E1F-4F07-9BAE-0537B44AD963} - C:\Program Files\SUPERBAR\SUPERBAR.dll (file missing)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [autoupd] C:\WINDOWS\autoupd\autoupd.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RDLL] RunDll16.exe
O4 - HKLM\..\Run: [2@QDKE@2EB923K] C:\WINDOWS\System32\Ypxfye5.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [ifgnunch] C:\WINDOWS\ifgnunch.exe
O4 - HKLM\..\Run: [ps5V36W] forcutl.exe
O4 - HKLM\..\Run: [dst] C:\WINDOWS\dst.exe
O4 - HKLM\..\Run: [jxagvi] c:\windows\system32\jxagvi.exe
O4 - HKLM\..\Run: [abasa5jrp] C:\WINDOWS\system32\abasa5jrp.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\RunServices: [RDLL] RunDll16.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE"
O4 - HKCU\..\Run: [Seua] C:\Documents and Settings\Scott Kohler\Application Data\drea.exe
O4 - HKCU\..\Run: [YBu9RWapl] faun20.exe
O4 - Startup: Kstatus.lnk = C:\Program Files\Mulberry\bin32\Kstatus.exe
O4 - Global Startup: Windows Media PowerPoint Helper.lnk = C:\Program Files\Windows Media Components\Tools\nsppthlp.exe
O4 - Global Startup: CompuServe 7.0 Tray Icon.lnk = C:\Program Files\CompuServe 7.0\cstray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~5\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0522.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0522.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O16 - DPF: {10000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com/...8108/turbo.cab
O16 - DPF: {1B77F337-2C1E-4D52-88F7-AAEE5BFB6F5B} - http://www.netbroadcaster.com/player/MovieNetworks1.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {50F65670-1729-11D2-A51F-0020AFE5D502} (ForumChat) - http://objects.compuserve.com/chat/RTCChat.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1094087907936
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1125446122885
O16 - DPF: {9771C160-AD19-11D5-91BE-0048546CB511} - http://216.176.203.17/webtwo/download.exe
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yaho...mmapi_0727.dll
O16 - DPF: {BD11A280-2E73-11CF-B6CF-00AA00A74DAF} - http://images.bonzi.com/freebuddy/wd/bbsetupkaa.exe
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/checkmypc/inc...ivePreQual.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://anu.popcap.com/games/popcaploader_v6.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewidothing\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Reply With Quote
  #4  
Old December 13th, 2005, 10:13 PM
TheFrogg TheFrogg is offline
New Member
  
Join Date: Dec 2005
Posts: 4
Here is the Ewido report:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 4:58:27 PM, 12/13/2005
+ Report-Checksum: 4EE94763

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{E6D5237D-A6C7-4C83-A67F-F9F15586FA62} -> Spyware.SpyBlast : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{305F57E2-4479-4F5B-A76E-E67BABE2355C} -> Spyware.MetaDirect : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E6D5237D-A6C7-4C83-A67F-F9F15586FA62} -> Spyware.SpyBlast : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{69550BE2-9A78-11d2-BA91-00600827878D} -> Spyware.TinyBar : Cleaned with backup
HKLM\SOFTWARE\{2CF0B992-5EEB-4143-99C0-5297EF71F444} -> Spyware.BrowserAid : Cleaned with backup
HKU\.DEFAULT\Software\CommonName -> Spyware.CommonName : Cleaned with backup
HKU\.DEFAULT\Software\DownloadWare -> Spyware.Downloadware : Cleaned with backup
HKU\.DEFAULT\Software\DownloadWare\Prefs -> Spyware.Downloadware : Cleaned with backup
HKU\.DEFAULT\Software\eScorcher -> Spyware.eScorcher : Cleaned with backup
HKU\.DEFAULT\Software\eScorcher\debug -> Spyware.eScorcher : Cleaned with backup
HKU\.DEFAULT\Software\eScorcher\General -> Spyware.eScorcher : Cleaned with backup
HKU\.DEFAULT\Software\eScorcher\URL1 -> Spyware.eScorcher : Cleaned with backup
HKU\.DEFAULT\Software\eScorcher\URL2 -> Spyware.eScorcher : Cleaned with backup
HKU\.DEFAULT\Software\eScorcher\URL3 -> Spyware.eScorcher : Cleaned with backup
HKU\.DEFAULT\Software\eScorcher\URL4 -> Spyware.eScorcher : Cleaned with backup
HKU\.DEFAULT\Software\eScorcher\URL5 -> Spyware.eScorcher : Cleaned with backup
HKU\.DEFAULT\Software\Hopper -> Spyware.NetworkEssentials : Cleaned with backup
HKU\.DEFAULT\Software\MediaCharger -> Spyware.MediaCharger : Cleaned with backup
HKU\.DEFAULT\Software\MediaCharger\MovieNetworks -> Spyware.MediaCharger : Cleaned with backup
HKU\.DEFAULT\Software\MediaCharger\Prefs -> Spyware.MediaCharger : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Explorer Bars\{90C61707-C8F8-43DB-A25C-C1F4B18EE41E} -> Spyware.CometCursor : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\Add A Page Note -> Spyware.CommonName : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\Bookmark This Page -> Spyware.CommonName : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\Email This Link -> Spyware.CommonName : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\Search using CommonName -> Spyware.CommonName : Cleaned with backup
HKU\.DEFAULT\Software\TrinityAYB -> Dialer.Generic : Cleaned with backup
HKU\.DEFAULT\Software\Updater -> Spyware.KeenValue : Cleaned with backup
HKU\.DEFAULT\Software\VB and VBA Program Settings\BONZIBUDDY -> Spyware.BonziBuddy : Cleaned with backup
HKU\.DEFAULT\Software\VB and VBA Program Settings\BONZIBUDDY\Inst -> Spyware.BonziBuddy : Cleaned with backup
HKU\S-1-5-20\Software\CommonName -> Spyware.CommonName : Cleaned with backup
HKU\S-1-5-20\Software\Cydoor -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-20\Software\Cydoor\Adwr_253 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-20\Software\Cydoor\Adwr_253\Loct_0 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-20\Software\Cydoor\Adwr_253\Loct_0\Level_0 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-20\Software\Cydoor\Adwr_253\Loct_0\Level_1 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-20\Software\Cydoor\Adwr_253\Loct_0\Level_1\Seqn_56 08 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-20\Software\Cydoor\Adwr_253\Loct_0\Level_2 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-20\Software\Cydoor\Adwr_253\Loct_0\Level_2\Seqn_53 04 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-20\Software\Cydoor\Adwr_253\Loct_0\Level_2\Seqn_55 84 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-20\Software\Cydoor\Adwr_253\Loct_0\Level_2\Seqn_61 38 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-20\Software\Cydoor\Adwr_253\Loct_0\Level_3 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-20\Software\Cydoor\Adwr_253\Loct_1 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-20\Software\Cydoor\Adwr_253\Loct_1\Level_0 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-20\Software\Cydoor\Adwr_253\Loct_1\Level_0\Seqn_61 06 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-20\Software\Cydoor\Adwr_253\Loct_1\Level_0\Seqn_61 07 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-20\Software\Cydoor\Adwr_253\Loct_1\Level_0\Seqn_61 60 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-20\Software\Cydoor\Adwr_253\Loct_1\Level_1 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-20\Software\Cydoor\Adwr_253\Loct_1\Level_1\Seqn_54 91 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-20\Software\Cydoor\Adwr_253\Loct_1\Level_1\Seqn_62 16 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-20\Software\Cydoor\Adwr_253\Loct_1\Level_2 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-20\Software\Cydoor\Adwr_253\Loct_1\Level_2\Seqn_55 93 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-20\Software\Cydoor\Adwr_253\Loct_1\Level_2\Seqn_58 03 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-20\Software\Cydoor\Adwr_253\Loct_1\Level_3 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-20\Software\Cydoor\Adwr_253\Loct_1\Level_4 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-20\Software\Cydoor Services -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-20\Software\Cydoor Services\Queue -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-20\Software\Cydoor Services\Status -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-20\Software\Cydoor Services\Status\cd_htm -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-20\Software\DownloadWare -> Spyware.Downloadware : Cleaned with backup
HKU\S-1-5-20\Software\DownloadWare\Prefs -> Spyware.Downloadware : Cleaned with backup
HKU\S-1-5-20\Software\eScorcher -> Spyware.eScorcher : Cleaned with backup
HKU\S-1-5-20\Software\eScorcher\debug -> Spyware.eScorcher : Cleaned with backup
HKU\S-1-5-20\Software\eScorcher\General -> Spyware.eScorcher : Cleaned with backup
HKU\S-1-5-20\Software\eScorcher\URL1 -> Spyware.eScorcher : Cleaned with backup
HKU\S-1-5-20\Software\eScorcher\URL2 -> Spyware.eScorcher : Cleaned with backup
HKU\S-1-5-20\Software\eScorcher\URL3 -> Spyware.eScorcher : Cleaned with backup
HKU\S-1-5-20\Software\eScorcher\URL4 -> Spyware.eScorcher : Cleaned with backup
HKU\S-1-5-20\Software\eScorcher\URL5 -> Spyware.eScorcher : Cleaned with backup
HKU\S-1-5-20\Software\Hopper -> Spyware.NetworkEssentials : Cleaned with backup
HKU\S-1-5-20\Software\MediaCharger -> Spyware.MediaCharger : Cleaned with backup
HKU\S-1-5-20\Software\MediaCharger\MovieNetworks -> Spyware.MediaCharger : Cleaned with backup
HKU\S-1-5-20\Software\MediaCharger\Prefs -> Spyware.MediaCharger : Cleaned with backup
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Explorer Bars\{90C61707-C8F8-43DB-A25C-C1F4B18EE41E} -> Spyware.CometCursor : Cleaned with backup
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\Add A Page Note -> Spyware.CommonName : Cleaned with backup
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\Bookmark This Page -> Spyware.CommonName : Cleaned with backup
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\Email This Link -> Spyware.CommonName : Cleaned with backup
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\Search using CommonName -> Spyware.CommonName : Cleaned with backup
HKU\S-1-5-20\Software\TrinityAYB -> Dialer.Generic : Cleaned with backup
HKU\S-1-5-20\Software\Updater -> Spyware.KeenValue : Cleaned with backup
HKU\S-1-5-20\Software\VB and VBA Program Settings\BONZIBUDDY -> Spyware.BonziBuddy : Cleaned with backup
HKU\S-1-5-20\Software\VB and VBA Program Settings\BONZIBUDDY\Inst -> Spyware.BonziBuddy : Cleaned with backup
HKU\S-1-5-21-1275210071-1563985344-1708537768-1003\Software\buddylinks.net -> Spyware.BuddyLinks : Cleaned with backup
HKU\S-1-5-21-1275210071-1563985344-1708537768-1003\Software\buddylinks.net\Messaging -> Spyware.BuddyLinks : Cleaned with backup
HKU\S-1-5-21-1275210071-1563985344-1708537768-1003\Software\buddylinks.net\Messaging\985cf85a935 0 -> Spyware.BuddyLinks : Cleaned with backup
HKU\S-1-5-21-1275210071-1563985344-1708537768-1003\Software\buddylinks.net\Messaging\kohppell4ev er@aim -> Spyware.BuddyLinks : Cleaned with backup
HKU\S-1-5-21-1275210071-1563985344-1708537768-1003\Software\Microsoft\Internet Explorer\Explorer Bars\{90C61707-C8F8-43DB-A25C-C1F4B18EE41E} -> Spyware.CometCursor : Cleaned with backup
HKU\S-1-5-21-1275210071-1563985344-1708537768-1003\Software\Microsoft\Internet Explorer\Explorer Bars\{EDC4193F-34AD-4D07-AA87-E3FDB89E3E76} -> Spyware.CometCursor : Cleaned with backup
HKU\S-1-5-21-1275210071-1563985344-1708537768-1003\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{00000010-6F7D-442C-93E3-4A4827C2E4C8} -> Spyware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-1275210071-1563985344-1708537768-1003\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{00000049-8F91-4D9C-9573-F016E7626484} -> Spyware.BetterInternet : Cleaned with backup
HKU\S-1-5-21-1275210071-1563985344-1708537768-1003\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{016235BE-59D4-4CEB-ADD5-E2378282A1D9} -> Spyware.AproposMedia : Cleaned with backup
HKU\S-1-5-21-1275210071-1563985344-1708537768-1003\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{44BE0690-5429-47F0-85BB-3FFD8020233E} -> Spyware.UCmore : Cleaned with backup
HKU\S-1-5-21-1275210071-1563985344-1708537768-1003\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{79849612-A98F-45B8-95E9-4D13C7B6B35C} -> Spyware.Crazywinnings : Cleaned with backup
HKU\S-1-5-21-1275210071-1563985344-1708537768-1003\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{E0CE16CB-741C-4B24-8D04-A817856E07F4} -> Spyware.Roimoi : Cleaned with backup
HKU\S-1-5-21-1275210071-1563985344-1708537768-1003\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} -> Spyware.BargainBuddy : Cleaned with backup
HKU\S-1-5-18\Software\CommonName -> Spyware.CommonName : Cleaned with backup
HKU\S-1-5-18\Software\DownloadWare -> Spyware.Downloadware : Cleaned with backup
HKU\S-1-5-18\Software\DownloadWare\Prefs -> Spyware.Downloadware : Cleaned with backup
HKU\S-1-5-18\Software\eScorcher -> Spyware.eScorcher : Cleaned with backup
HKU\S-1-5-18\Software\eScorcher\debug -> Spyware.eScorcher : Cleaned with backup
HKU\S-1-5-18\Software\eScorcher\General -> Spyware.eScorcher : Cleaned with backup
HKU\S-1-5-18\Software\eScorcher\URL1 -> Spyware.eScorcher : Cleaned with backup
HKU\S-1-5-18\Software\eScorcher\URL2 -> Spyware.eScorcher : Cleaned with backup
HKU\S-1-5-18\Software\eScorcher\URL3 -> Spyware.eScorcher : Cleaned with backup
HKU\S-1-5-18\Software\eScorcher\URL4 -> Spyware.eScorcher : Cleaned with backup
HKU\S-1-5-18\Software\eScorcher\URL5 -> Spyware.eScorcher : Cleaned with backup
HKU\S-1-5-18\Software\Hopper -> Spyware.NetworkEssentials : Cleaned with backup
HKU\S-1-5-18\Software\MediaCharger -> Spyware.MediaCharger : Cleaned with backup
HKU\S-1-5-18\Software\MediaCharger\MovieNetworks -> Spyware.MediaCharger : Cleaned with backup
HKU\S-1-5-18\Software\MediaCharger\Prefs -> Spyware.MediaCharger : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Explorer Bars\{90C61707-C8F8-43DB-A25C-C1F4B18EE41E} -> Spyware.CometCursor : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\Add A Page Note -> Spyware.CommonName : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\Bookmark This Page -> Spyware.CommonName : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\Email This Link -> Spyware.CommonName : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\Search using CommonName -> Spyware.CommonName : Cleaned with backup
HKU\S-1-5-18\Software\TrinityAYB -> Dialer.Generic : Cleaned with backup
HKU\S-1-5-18\Software\Updater -> Spyware.KeenValue : Cleaned with backup
HKU\S-1-5-18\Software\VB and VBA Program Settings\BONZIBUDDY -> Spyware.BonziBuddy : Cleaned with backup
HKU\S-1-5-18\Software\VB and VBA Program Settings\BONZIBUDDY\Inst -> Spyware.BonziBuddy : Cleaned with backup
C:\WINDOWS\SYSTEM32\unimt.exe -> Spyware.PurityScan : Cleaned with backup
C:\WINDOWS\SYSTEM32\jаvaw.exe -> Spyware.PurityScan : Cleaned with backup
C:\WINDOWS\SYSTEM32\bbchk.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\fswinst.ocx -> Spyware.FreeScratchCards : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\fswinst.ocx -> Spyware.FreeScratchCards : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\fswinst.ocx -> Spyware.FreeScratchCards : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.PornWare.PopCap.b : Cleaned with backup
C:\WINDOWS\Local Settings\Temporary Internet Files\Content.IE5\U2OWRSYS\mm[2].js -> Spyware.Chitika : Cleaned with backup
C:\WINDOWS\br.dll -> Spyware.FindSpy : Cleaned with backup
C:\Program Files\Online Services\GTE\GTEDIAL.EXE -> Heuristic.Win32.Dialer : Cleaned with backup
C:\Program Files\Netscape\Netscape\Plugins\npwthost.dll -> Spyware.WildTangent : Cleaned with backup
:mozilla.6:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DrGutPyle\9vox7yf7.slt\cook ies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.7:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DrGutPyle\9vox7yf7.slt\cook ies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.8:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DrGutPyle\9vox7yf7.slt\cook ies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.9:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DrGutPyle\9vox7yf7.slt\cook ies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.10:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DrGutPyle\9vox7yf7.slt\cook ies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.11:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DrGutPyle\9vox7yf7.slt\cook ies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.13:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DrGutPyle\9vox7yf7.slt\cook ies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.14:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DrGutPyle\9vox7yf7.slt\cook ies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.15:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DrGutPyle\9vox7yf7.slt\cook ies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.16:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DrGutPyle\9vox7yf7.slt\cook ies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.17:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DrGutPyle\9vox7yf7.slt\cook ies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.18:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DrGutPyle\9vox7yf7.slt\cook ies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.19:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DrGutPyle\9vox7yf7.slt\cook ies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\dialler.exe -> Heuristic.Win32.Dialer : Cleaned with backup
C:\Documents and Settings\Scott Kohler\Local Settings\Temp\ICD2.tmp\fswinst.ocx -> Spyware.FreeScratchCards : Cleaned with backup
C:\Documents and Settings\Scott Kohler\Local Settings\Temp\ICD3.tmp\fswinst.ocx -> Spyware.FreeScratchCards : Cleaned with backup
C:\Documents and Settings\Scott Kohler\Local Settings\Temp\ICD5.tmp\fswinst.ocx -> Spyware.FreeScratchCards : Cleaned with backup
C:\Documents and Settings\Scott Kohler\Local Settings\Temp\ICD4.tmp\fswinst.ocx -> Spyware.FreeScratchCards : Cleaned with backup
C:\Documents and Settings\Scott Kohler\Local Settings\Temp\host.cab/host.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\Scott Kohler\Local Settings\Temp\i435.tmp -> Spyware.SurfSide : Cleaned with backup
C:\Documents and Settings\Scott Kohler\Local Settings\Temp\lycos_ss.exe -> Spyware.Sidesearch.a : Cleaned with backup
C:\Documents and Settings\Scott Kohler\Local Settings\Temp\Susp.cab/susp.exe -> Downloader.Stubby.a : Cleaned with backup
C:\Documents and Settings\Scott Kohler\Cookies\scott kohler@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Scott Kohler\Cookies\scott kohler@mediaplex[2].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Scott Kohler\Cookies\scott kohler@ehg-applevac.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Scott Kohler\Cookies\scott kohler@ehg-citicards.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Scott Kohler\Cookies\scott kohler@valueclick[1].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Scott Kohler\Cookies\scott kohler@ehg-knightridder.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Scott Kohler\Cookies\scott kohler@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Scott Kohler\Cookies\scott kohler@spylog[2].txt -> Spyware.Cookie.Spylog : Cleaned with backup
C:\Documents and Settings\Scott Kohler\Cookies\scott kohler@ehg-darden.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Scott Kohler\Cookies\scott kohler@citi.bridgetrack[3].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Scott Kohler\Cookies\scott kohler@citi.bridgetrack[2].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Scott Kohler\Cookies\scott kohler@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Scott Kohler\Cookies\scott kohler@ehg-dig.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Scott Kohler\Cookies\scott kohler@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Scott Kohler\Cookies\scott kohler@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Scott Kohler\Cookies\scott kohler@questionmarket[2].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Scott Kohler\Cookies\scott kohler@adtech[2].txt -> Spyware.Cookie.Adtech : Cleaned with backup
C:\Documents and Settings\Scott Kohler\Cookies\scott
Reply With Quote
  #5  
Old December 13th, 2005, 10:14 PM
TheFrogg TheFrogg is offline
New Member
  
Join Date: Dec 2005
Posts: 4
Here's the other half of the Ewido report

kohler@hitbox[3].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Scott Kohler\Cookies\scott kohler@ehg-dig.hitbox[3].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Scott Kohler\Cookies\scott kohler@edge.ru4[2].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Scott Kohler\Cookies\scott kohler@ehg.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Scott Kohler\Cookies\scott kohler@as1.falkag[1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Scott Kohler\Cookies\scott kohler@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Scott Kohler\Cookies\scott kohler@centrport[1].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Documents and Settings\Scott Kohler\Cookies\scott kohler@ads.pointroll[1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Scott Kohler\Cookies\scott kohler@media.fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Scott Kohler\Cookies\scott kohler@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Scott Kohler\Cookies\scott kohler@ads.addynamix[2].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Scott Kohler\Application Data\Mozilla\Profiles\default\14rsu15r.slt\cookies .txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Scott Kohler\Application Data\Mozilla\Profiles\default\14rsu15r.slt\cookies .txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Scott Kohler\Application Data\Mozilla\Profiles\default\14rsu15r.slt\cookies .txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Scott Kohler\Application Data\Mozilla\Profiles\default\14rsu15r.slt\cookies .txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Scott Kohler\Application Data\Mozilla\Profiles\default\14rsu15r.slt\cookies .txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Scott Kohler\Application Data\Mozilla\Profiles\default\14rsu15r.slt\cookies .txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Scott Kohler\Application Data\Mozilla\Profiles\default\14rsu15r.slt\cookies .txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Scott Kohler\Application Data\Mozilla\Profiles\default\14rsu15r.slt\cookies .txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Scott Kohler\Application Data\Mozilla\Profiles\default\14rsu15r.slt\cookies .txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Scott Kohler\Application Data\Mozilla\Profiles\default\14rsu15r.slt\cookies .txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Scott Kohler\Application Data\Mozilla\Profiles\default\14rsu15r.slt\cookies .txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Scott Kohler\Application Data\Mozilla\Profiles\default\14rsu15r.slt\cookies .txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Scott Kohler\Application Data\Mozilla\Profiles\default\14rsu15r.slt\cookies .txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Scott Kohler\Application Data\Mozilla\Profiles\default\14rsu15r.slt\cookies .txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Scott Kohler\Application Data\Mozilla\Profiles\default\14rsu15r.slt\cookies .txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Scott Kohler\Application Data\Mozilla\Profiles\default\14rsu15r.slt\cookies .txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Scott Kohler\Application Data\Mozilla\Profiles\default\14rsu15r.slt\cookies .txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Scott Kohler\Application Data\Mozilla\Profiles\default\14rsu15r.slt\cookies .txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Scott Kohler\Application Data\Mozilla\Profiles\default\14rsu15r.slt\cookies .txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Scott Kohler\Application Data\Mozilla\Profiles\default\14rsu15r.slt\cookies .txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Scott Kohler\Application Data\Mozilla\Profiles\default\14rsu15r.slt\cookies .txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Scott Kohler\Application Data\Mozilla\Profiles\default\14rsu15r.slt\cookies .txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Scott Kohler\Application Data\Mozilla\Profiles\default\14rsu15r.slt\cookies .txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Scott Kohler\Application Data\Mozilla\Profiles\default\14rsu15r.slt\cookies .txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Scott Kohler\Application Data\Mozilla\Profiles\default\14rsu15r.slt\cookies .txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Scott Kohler\Application Data\Mozilla\Profiles\default\14rsu15r.slt\cookies .txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Scott Kohler\Application Data\Mozilla\Profiles\default\14rsu15r.slt\cookies .txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Scott Kohler\Application Data\Mozilla\Profiles\default\14rsu15r.slt\cookies .txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Scott Kohler\Application Data\Mozilla\Profiles\default\14rsu15r.slt\cookies .txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Scott Kohler\Application Data\Mozilla\Profiles\default\14rsu15r.slt\cookies .txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Scott Kohler\Application Data\Mozilla\Profiles\default\14rsu15r.slt\cookies .txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Scott Kohler\Application Data\Mozilla\Profiles\default\14rsu15r.slt\cookies .txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Scott Kohler\Application Data\Mozilla\Profiles\default\14rsu15r.slt\cookies .txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Scott Kohler\Application Data\Mozilla\Profiles\default\14rsu15r.slt\cookies .txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Scott Kohler\Application Data\Mozilla\Profiles\default\14rsu15r.slt\cookies .txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Scott Kohler\Application Data\Mozilla\Profiles\default\14rsu15r.slt\cookies .txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Scott Kohler\Application Data\Mozilla\Profiles\default\14rsu15r.slt\cookies .txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Scott Kohler\Application Data\Mozilla\Profiles\default\14rsu15r.slt\cookies .txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Scott Kohler\Application Data\Mozilla\Profiles\default\14rsu15r.slt\cookies .txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Scott Kohler\Application Data\Mozilla\Profiles\default\14rsu15r.slt\cookies .txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Scott Kohler\Application Data\Mozilla\Profiles\default\14rsu15r.slt\cookies .txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Scott Kohler\Application Data\Mozilla\Profiles\default\14rsu15r.slt\cookies .txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Scott Kohler\Application Data\Mozilla\Profiles\default\14rsu15r.slt\cookies .txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Scott Kohler\Application Data\Mozilla\Profiles\default\14rsu15r.slt\cookies .txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Scott Kohler\Application Data\Mozilla\Profiles\default\14rsu15r.slt\cookies .txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Scott Kohler\Application Data\Mozilla\Profiles\default\14rsu15r.slt\cookies .txt -> Spyware.Cookie.Paycounter : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Scott Kohler\Application Data\Mozilla\Profiles\default\14rsu15r.slt\cookies .txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Scott Kohler\Application Data\Mozilla\Profiles\default\14rsu15r.slt\cookies .txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Scott Kohler\Application Data\Mozilla\Profiles\default\14rsu15r.slt\cookies .txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Scott Kohler\Application Data\Mozilla\Profiles\default\14rsu15r.slt\cookies .txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Scott Kohler\Application Data\Mozilla\Profiles\default\14rsu15r.slt\cookies .txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Scott Kohler\Application Data\Mozilla\Profiles\default\14rsu15r.slt\cookies .txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Scott Kohler\Application Data\Mozilla\Profiles\default\14rsu15r.slt\cookies .txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Scott Kohler\Application Data\Mozilla\Profiles\default\14rsu15r.slt\cookies .txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Scott Kohler\Application Data\Mozilla\Profiles\default\14rsu15r.slt\cookies .txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Scott Kohler\Application Data\Mozilla\Profiles\default\14rsu15r.slt\cookies .txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Scott Kohler\Application Data\Mozilla\Profiles\default\14rsu15r.slt\cookies .txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Scott Kohler\Application Data\Mozilla\Profiles\default\14rsu15r.slt\cookies .txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Scott Kohler\Application Data\Mozilla\Profiles\default\14rsu15r.slt\cookies .txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Scott Kohler\Application Data\Mozilla\Profiles\default\14rsu15r.slt\cookies .txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Scott Kohler\Application Data\Mozilla\Profiles\default\14rsu15r.slt\cookies .txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Scott Kohler\Application Data\Mozilla\Profiles\default\14rsu15r.slt\cookies .txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Scott Kohler\Application Data\Mozilla\Profiles\default\14rsu15r.slt\cookies .txt -> Spyware.Cookie.Sextracker : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Scott Kohler\Application Data\Mozilla\Profiles\default\14rsu15r.slt\cookies .txt -> Spyware.Cookie.Sextracker : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Scott Kohler\Application Data\Mozilla\Profiles\default\14rsu15r.slt\cookies .txt -> Spyware.Cookie.Masterstats : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Scott Kohler\Application Data\Mozilla\Profiles\default\14rsu15r.slt\cookies .txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Scott Kohler\Application Data\Mozilla\Profiles\default\14rsu15r.slt\cookies .txt -> Spyware.Cookie.Onestat : Cleaned with backup
C:\System Volume Information\_restore{A8A74C81-1B6F-4DA5-800C-0C87008D6865}\RP455\A0104140.exe -> Worm.VB.an : Cleaned with backup


::Report End
Reply With Quote
Reply

Bookmarks

« Previous Topic | Next Topic »
Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump




All times are GMT +1. The time now is 04:51 AM.

RSS Cyber Tech Help Forums RSS