Thread: Some Sort of Trojan (I am computer savvy)
View Single Post
Old 10-13-2005, 03:05 PM   #6 (permalink)
SpikedPunchVctm
Registered User
 
Join Date: Oct 2005
Posts: 14
OS: XP Pro


Ewido Log
Alright, all the above mentioned have been done. The following are the reports you've requested.

:: Ewido Log ::
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 6:18:30 AM, 8/30/2005
+ Report-Checksum: 2C801746

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\TypeLib\\ -> Spyware.MoneyTree : Ignored
HKLM\SOFTWARE\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Avenue Media\Internet Optimizer -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8} -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6EC11407-5B2E-4E25-8BDF-77445B52AB37} -> Spyware.VX2 : Cleaned with backup
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj -> Spyware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj\CLSID -> Spyware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj\CLSID\\ -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj\CurVer -> Spyware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj.1 -> Spyware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj.1\CLSID\\ -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{6EC11407-5B2E-4E25-8BDF-77445B52AB37} -> Spyware.VX2 : Cleaned with backup
HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{6EC11407-5B2E-4E25-8BDF-77445B52AB37}\\ -> Spyware.VX2 : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{1C01D150-91A4-4DE0-9BF8-A35D1BDF1001} -> Spyware.SafeSurfing : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{1C01D150-91A4-4DE0-9BF8-A35D1BDF1001}\TypeLib\\ -> Spyware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{40B1D454-9CA4-43CC-86AA-CB175EAC52FB} -> Spyware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\ClickSpring -> Spyware.PurityScan : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DyFuCA -> Spyware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InternetOffers -> Spyware.LZIO : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MediaTickets -> Spyware.PurityScan : Cleaned with backup
HKLM\SOFTWARE\Policies\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\VGroup -> Spyware.SAHA : Cleaned with backup
HKLM\SOFTWARE\VGroup\SAHPopup -> Spyware.SAHA : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000010-6F7D-442C-93E3-4A4827C2E4C8} -> Spyware.InternetOptimizer : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Spyware.NewDotNet : Cleaned with backup
HKU\S-1-5-21-609264541-873382673-3294363746-1005\Software\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-609264541-873382673-3294363746-1005\Software\DNS -> Adware.Shorty : Cleaned with backup
HKU\S-1-5-21-609264541-873382673-3294363746-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000010-6F7D-442C-93E3-4A4827C2E4C8} -> Spyware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-609264541-873382673-3294363746-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Spyware.NewDotNet : Cleaned with backup
HKU\S-1-5-21-609264541-873382673-3294363746-1005\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Spyware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-609264541-873382673-3294363746-1005\Software\Policies\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000010-6F7D-442C-93E3-4A4827C2E4C8} -> Spyware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Spyware.NewDotNet : Cleaned with backup
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\knua.exe -> Trojan.Pakes : Cleaned with backup
C:\Documents and Settings\Caroline\Cookies\caroline@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Caroline\Cookies\caroline@ads.addynamix[1].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Caroline\Cookies\caroline@interchangecorporation.122.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Caroline\Cookies\caroline@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Caroline\Cookies\caroline@server.iad.liveperson[2].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Caroline\Cookies\caroline@shopathomeselect[2].txt -> Spyware.Cookie.Shopathomeselect : Cleaned with backup
C:\Documents and Settings\Caroline\Cookies\caroline@targetnet[2].txt -> Spyware.Cookie.Targetnet : Cleaned with backup
C:\Documents and Settings\Caroline\Cookies\caroline@www.epilot[1].txt -> Spyware.Cookie.Epilot : Cleaned with backup
C:\Documents and Settings\Caroline\Local Settings\Temp\180sainstallersca.exe/clientax.dll -> Spyware.180Solutions : Cleaned with backup
C:\Documents and Settings\Caroline\Local Settings\Temp\180sainstallersca.exe/clientax.dll -> Spyware.180Solutions : Cleaned with backup
C:\Documents and Settings\Caroline\Local Settings\Temp\BundleP.exe -> Adware.Saha : Cleaned with backup
C:\Documents and Settings\Caroline\Local Settings\Temp\Del10F.tmp -> TrojanDownloader.Small.asf : Cleaned with backup
C:\Documents and Settings\Caroline\Local Settings\Temp\Del11A.tmp -> Spyware.180Solutions : Cleaned with backup
C:\Documents and Settings\Caroline\Local Settings\Temp\Mshtml3.exe -> Spyware.PurityScan : Cleaned with backup
C:\Documents and Settings\Caroline\Local Settings\Temp\res111.tmp -> Spyware.180Solutions : Cleaned with backup
C:\Documents and Settings\Caroline\Local Settings\Temp\res89.tmp -> Spyware.180Solutions : Cleaned with backup
C:\Documents and Settings\Caroline\Local Settings\Temporary Internet Files\Content.IE5\OHEJ4X6V\rcverlib[1].exe -> Trojan.Pakes : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@casalemedia[2].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@edge.ru4[1].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@mediaplex[2].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@paypopup[2].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@servedby.advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@www.burstbeacon[1].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Program Files\Internet Optimizer -> Spyware.InternetOptimizer : Cleaned with backup
C:\Program Files\Offtedge\AI_27-08-2005.log -> Backdoor.Wiaatl : Cleaned with backup
C:\Program Files\Offtedge\AI_29-08-2005.log -> Backdoor.Wiaatl : Cleaned with backup
C:\Program Files\Offtedge\AI_30-08-2005.log -> Backdoor.Wiaatl : Cleaned with backup
C:\Program Files\Offtedge\data.bin -> Backdoor.Wiaatl : Cleaned with backup
C:\RECYCLER\S-1-5-21-609264541-873382673-3294363746-1005\Dc16\asappsrv.dll -> Spyware.CommAd : Cleaned with backup
C:\WINDOWS\NDNuninstall6_38.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\system32\apguu.dat -> Trojan.Pakes : Cleaned with backup
C:\WINDOWS\system32\MediaGateway.exe -> Spyware.WinAD : Cleaned with backup
C:\WINDOWS\system32\MTE2ODM6ODoxNg.exe -> Spyware.ISearch : Cleaned with backup
C:\WINDOWS\system32\nbxaarx.exe -> Trojan.Pakes : Cleaned with backup
C:\WINDOWS\system32\njraa.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\WINDOWS\system32\pagttr.exe -> Trojan.Pakes : Cleaned with backup
C:\WINDOWS\system32\rixcctx.dll -> TrojanDownloader.Qoologic.af : Cleaned with backup


::Report End
Last edited by sUBs; 10-13-2005 at 03:32 PM.
SpikedPunchVctm is offline