Thread: Adware, spyware, etc. on Windows XP
View Single Post
Old 02-24-2006, 03:24 AM   #5 (permalink)
tingalls
Registered User
 
Join Date: Feb 2006
Posts: 5
OS: XP


Completed steps and logs posted below. C:\WINDOWS\pxwma.dll
C:\Program Files\Privacy Champion\ files were not there and so could not delete them.


Logfile of HijackThis v1.99.1
Scan saved at 5:22:31 AM, on 2/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iolo\System Mechanic 5\PopupStopper.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.insightbb.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
N4 - Mozilla: user_pref("browser.startup.homepage", "http://www.mozilla.org/start/"); (C:\Documents and Settings\Thomas Ingalls\Application Data\Mozilla\Profiles\default\mbldy99r.slt\prefs.js)
N4 - Mozilla: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Thomas Ingalls\Application Data\Mozilla\Profiles\default\mbldy99r.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Desktop Search Capture - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [mswspl] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [System Mechanic Popup Stopper] "C:\Program Files\iolo\System Mechanic 5\PopupStopper.exe"
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .htm: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.insightbb.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti...l_v1-0-3-9.cab
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - https://iuware-web001.uits.indiana.e...t/iftwclix.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {670821E0-76D1-11D4-9F60-009027A966BF} (YouBet Secure Data Transfer Control) - http://racing.youbet.com/wr_5_5/controls/ybrequest.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.141/code/PWActiveXImgCtl.CAB
O16 - DPF: {72133CC5-DE1E-42FE-B8B0-93D2C6C3472E} (FillerX Class) - http://www.formatta.com/download/pffloader.cab
O16 - DPF: {C9DB5AF8-4C14-4A3E-90F8-DB49D6B4866D} (YBUICtrl.FloatWnd.1) - http://racing.youbet.com/controls/YBUICtrl.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/A...ler/dwnldr.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex...trol_v1-32.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...03/mcfscan.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Thursday, February 23, 2006 21:43:53
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 24/02/2006
Kaspersky Anti-Virus database records: 178275
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 62261
Number of viruses found: 22
Number of infected objects: 68
Number of suspicious objects: 0
Duration of the scan process: 6209 sec

Infected Object Name - Virus Name
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WhenUClockSync3.zip/Sync.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ay
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WhenUClockSync3.zip Infected: not-a-virus:AdWare.Win32.SaveNow.ay
C:\Documents and Settings\Thomas Ingalls\.housecall\Quarantine\A0069397.dll.bac_a03340 Infected: not-a-virus:AdWare.Win32.SafeSurfing.c
C:\Documents and Settings\Thomas Ingalls\.housecall\Quarantine\auf0.exe.bac_a03340 Infected: Trojan-Downloader.Win32.Apropo.al
C:\Documents and Settings\Thomas Ingalls\.housecall\Quarantine\cxtpls_loader.exe.bac_a03340 Infected: not-a-virus:AdWare.Win32.Apropos.b
C:\Documents and Settings\Thomas Ingalls\.housecall\Quarantine\dhclv.exe.bac_a03340 Infected: Trojan-Downloader.Win32.Agent.ed
C:\Documents and Settings\Thomas Ingalls\.housecall\Quarantine\dintls.exe.bac_a03340 Infected: Trojan-Downloader.Win32.Apropo.ac
C:\Documents and Settings\Thomas Ingalls\.housecall\Quarantine\dsaxtray.exe.bac_a03340 Infected: Trojan-Downloader.Win32.Agent.ed
C:\Documents and Settings\Thomas Ingalls\.housecall\Quarantine\dskhz.exe.bac_a03340 Infected: Trojan-Downloader.Win32.Apropo.ac
C:\Documents and Settings\Thomas Ingalls\.housecall\Quarantine\ftsit.exe.bac_a03340 Infected: Virus.Win32.Porad.a
C:\Documents and Settings\Thomas Ingalls\.housecall\Quarantine\fxdacmgr.exe.bac_a03340 Infected: Virus.Win32.Porad.a
C:\Documents and Settings\Thomas Ingalls\.housecall\Quarantine\grpmsp.exe.bac_a03340 Infected: Trojan-Downloader.Win32.Agent.ed
C:\Documents and Settings\Thomas Ingalls\.housecall\Quarantine\halcd.exe.bac_a03340 Infected: Trojan-Downloader.Win32.Apropo.ac
C:\Documents and Settings\Thomas Ingalls\.housecall\Quarantine\II22.exe.bac_a03340 Infected: not-a-virus:AdWare.Win32.BetterInternet
C:\Documents and Settings\Thomas Ingalls\.housecall\Quarantine\Installer2.exe.bac_a03340 Infected: Trojan-Dropper.Win32.Delf.z
C:\Documents and Settings\Thomas Ingalls\.housecall\Quarantine\javainstaller.jar-5aa0b436-3d6d7915.zip.bac_a03340/javainstaller/InstallerApplet.class Infected: Trojan-Downloader.Java.OpenStream.w
C:\Documents and Settings\Thomas Ingalls\.housecall\Quarantine\javainstaller.jar-5aa0b436-3d6d7915.zip.bac_a03340 Infected: Trojan-Downloader.Java.OpenStream.w
C:\Documents and Settings\Thomas Ingalls\.housecall\Quarantine\msg7.tmp10907754864950.exe.bac_a03340/data0002 Infected: not-a-virus:AdWare.Win32.Ilookup.b
C:\Documents and Settings\Thomas Ingalls\.housecall\Quarantine\msg7.tmp10907754864950.exe.bac_a03340/data0003 Infected: not-a-virus:AdWare.Win32.Beginto.a
C:\Documents and Settings\Thomas Ingalls\.housecall\Quarantine\msg7.tmp10907754864950.exe.bac_a03340 Infected: not-a-virus:AdWare.Win32.Beginto.a
C:\Documents and Settings\Thomas Ingalls\.housecall\Quarantine\msg8.tmp10912948297465.exe.bac_a03340/data0002 Infected: not-a-virus:AdWare.Win32.Ilookup.b
C:\Documents and Settings\Thomas Ingalls\.housecall\Quarantine\msg8.tmp10912948297465.exe.bac_a03340/data0003 Infected: not-a-virus:AdWare.Win32.Beginto.a
C:\Documents and Settings\Thomas Ingalls\.housecall\Quarantine\msg8.tmp10912948297465.exe.bac_a03340 Infected: not-a-virus:AdWare.Win32.Beginto.a
C:\Documents and Settings\Thomas Ingalls\.housecall\Quarantine\reg6523.exe.bac_a03340 Infected: not-a-virus:AdWare.Win32.Beginto.a
C:\Documents and Settings\Thomas Ingalls\.housecall\Quarantine\soldle.exe.bac_a03340 Infected: Trojan-Downloader.Win32.Agent.ed
C:\Documents and Settings\Thomas Ingalls\.housecall\Quarantine\spitcli.exe.bac_a03340 Infected: Trojan-Downloader.Win32.Apropo.ac
C:\Documents and Settings\Thomas Ingalls\.housecall\Quarantine\thin-116-1-x-x.exe.bac_a03340 Infected: not-a-virus:AdWare.Win32.BetterInternet
C:\Documents and Settings\Thomas Ingalls\.housecall\Quarantine\UnstSA2.exe.bac_a03340 Infected: Trojan-Dropper.Win32.Delf.z
C:\Documents and Settings\Thomas Ingalls\.housecall\Quarantine\whenu.exe.bac_a03340/Sync.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ay
C:\Documents and Settings\Thomas Ingalls\.housecall\Quarantine\whenu.exe.bac_a03340 Infected: not-a-virus:AdWare.Win32.SaveNow.ay
C:\Documents and Settings\Thomas Ingalls\.housecall\Quarantine\wmpdde.exe.bac_a03340 Infected: Trojan-Downloader.Win32.Agent.ed
C:\Documents and Settings\Thomas Ingalls\.housecall\Quarantine\wrikcomm.exe.bac_a03340 Infected: Trojan-Downloader.Win32.Apropo.ac
C:\Documents and Settings\Thomas Ingalls\.housecall\Quarantine\{06762C7E-2EDE-4953-84F9-983EC0CEB4BC}.exe.bac_a03340/{06762C7E-2EDE-4953-84F9-983EC0CEB4BC}.exe Infected: Trojan-Downloader.Win32.Apropo.u
C:\Documents and Settings\Thomas Ingalls\.housecall\Quarantine\{06762C7E-2EDE-4953-84F9-983EC0CEB4BC}.exe.bac_a03340 Infected: Trojan-Downloader.Win32.Apropo.u
C:\Documents and Settings\Thomas Ingalls\.housecall\Quarantine\{0869915B-6CD3-4054-92F4-6C06C8FB1C06}.cab.bac_a03340/{0869915B-6CD3-4054-92F4-6C06C8FB1C06}.cab/AltnetUninstall.exe Infected: not-a-virus:AdWare.Win32.Altnet.b
C:\Documents and Settings\Thomas Ingalls\.housecall\Quarantine\{0869915B-6CD3-4054-92F4-6C06C8FB1C06}.cab.bac_a03340/{0869915B-6CD3-4054-92F4-6C06C8FB1C06}.cab Infected: not-a-virus:AdWare.Win32.Altnet.b
C:\Documents and Settings\Thomas Ingalls\.housecall\Quarantine\{0869915B-6CD3-4054-92F4-6C06C8FB1C06}.cab.bac_a03340 Infected: not-a-virus:AdWare.Win32.Altnet.b
C:\Documents and Settings\Thomas Ingalls\Desktop\Personal Folders\Jenn-Bell\Azureus_2.3.0.4_Win32.setup.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Webdir.b
C:\Documents and Settings\Thomas Ingalls\Desktop\Personal Folders\Jenn-Bell\Azureus_2.3.0.4_Win32.setup.exe/stream Infected: not-a-virus:AdWare.Win32.Webdir.b
C:\Documents and Settings\Thomas Ingalls\Desktop\Personal Folders\Jenn-Bell\Azureus_2.3.0.4_Win32.setup.exe Infected: not-a-virus:AdWare.Win32.Webdir.b
C:\Documents and Settings\Thomas Ingalls\My Documents\Azureus_2.3.0.4_Win32.setup.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Webdir.b
C:\Documents and Settings\Thomas Ingalls\My Documents\Azureus_2.3.0.4_Win32.setup.exe/stream Infected: not-a-virus:AdWare.Win32.Webdir.b
C:\Documents and Settings\Thomas Ingalls\My Documents\Azureus_2.3.0.4_Win32.setup.exe Infected: not-a-virus:AdWare.Win32.Webdir.b
C:\Program Files\iolo\System Mechanic 5\Undo\Manual\{880FCCCC-13FC-4788-B5F8-45488F1F352F}\{EF3B9084-22AE-4953-AEE2-E9F2EE6E2F36}.fr0361/{EF3B9084-22AE-4953-AEE2-E9F2EE6E2F36}.fr0361 Infected: Trojan.Win32.Crypt.t
C:\Program Files\iolo\System Mechanic 5\Undo\Manual\{880FCCCC-13FC-4788-B5F8-45488F1F352F}\{EF3B9084-22AE-4953-AEE2-E9F2EE6E2F36}.fr0361 Infected: Trojan.Win32.Crypt.t
C:\Program Files\iolo\System Mechanic 5\Undo\Manual\{B24A8FF8-1442-40FA-9C45-4D13120FFC87}\{2A014612-5EAC-4ADA-B4B6-6E21CAEF33AC}.exe/{2A014612-5EAC-4ADA-B4B6-6E21CAEF33AC}.exe Infected: not-a-virus:AdWare.Win32.Altnet.p
C:\Program Files\iolo\System Mechanic 5\Undo\Manual\{B24A8FF8-1442-40FA-9C45-4D13120FFC87}\{2A014612-5EAC-4ADA-B4B6-6E21CAEF33AC}.exe Infected: not-a-virus:AdWare.Win32.Altnet.p
C:\Program Files\iolo\System Mechanic 5\Undo\Manual\{B24A8FF8-1442-40FA-9C45-4D13120FFC87}\{7A6D1DDA-B4EB-4EAA-885C-C4C22B01B050}.dll/{7A6D1DDA-B4EB-4EAA-885C-C4C22B01B050}.dll Infected: not-a-virus:AdWare.Win32.Altnet.a
C:\Program Files\iolo\System Mechanic 5\Undo\Manual\{B24A8FF8-1442-40FA-9C45-4D13120FFC87}\{7A6D1DDA-B4EB-4EAA-885C-C4C22B01B050}.dll Infected: not-a-virus:AdWare.Win32.Altnet.a
C:\Program Files\iolo\System Mechanic 5\Undo\Manual\{B24A8FF8-1442-40FA-9C45-4D13120FFC87}\{D5F16AD4-2B12-4B7E-BC24-7C658FD94021}.cab/{D5F16AD4-2B12-4B7E-BC24-7C658FD94021}.cab/Points Manager.exe Infected: not-a-virus:AdWare.Win32.Altnet.h
C:\Program Files\iolo\System Mechanic 5\Undo\Manual\{B24A8FF8-1442-40FA-9C45-4D13120FFC87}\{D5F16AD4-2B12-4B7E-BC24-7C658FD94021}.cab/{D5F16AD4-2B12-4B7E-BC24-7C658FD94021}.cab Infected: not-a-virus:AdWare.Win32.Altnet.h
C:\Program Files\iolo\System Mechanic 5\Undo\Manual\{B24A8FF8-1442-40FA-9C45-4D13120FFC87}\{D5F16AD4-2B12-4B7E-BC24-7C658FD94021}.cab Infected: not-a-virus:AdWare.Win32.Altnet.h
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP581\A0069401.dll Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP584\A0069628.exe Infected: Virus.Win32.Porad.a
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP584\A0069632.exe Infected: Virus.Win32.Porad.a
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP584\A0069740.dll Infected: not-a-virus:AdWare.Win32.SafeSurfing.c
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP584\A0070788.dll/{23BE608E-55A8-49BB-8895-A0B3FB429F5E}.dll Infected: not-a-virus:AdWare.Win32.Altnet.j
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP584\A0070788.dll Infected: not-a-virus:AdWare.Win32.Altnet.j
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP584\A0070789.exe/{417C0B46-A9ED-42BB-A7AC-22E207B57809}.exe Infected: not-a-virus:AdWare.Win32.Altnet.b
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP584\A0070789.exe Infected: not-a-virus:AdWare.Win32.Altnet.b
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP584\A0070790.dll/{44C7C55D-6D13-468A-88EC-177D3B65224E}.dll Infected: not-a-virus:AdWare.Win32.Altnet.i
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP584\A0070790.dll Infected: not-a-virus:AdWare.Win32.Altnet.i
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP584\A0070791.dll/{D8796504-886B-4DB1-9FAA-9DA39FD13160}.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3039
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP584\A0070791.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3039
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP584\A0070792.dll/{F4B75220-3BD9-4379-811E-5D3E53BB7DA8}.dll Infected: not-a-virus:AdWare.Win32.Altnet.a
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP584\A0070792.dll Infected: not-a-virus:AdWare.Win32.Altnet.a
C:\WINDOWS\SYSTEM32\tcprcp.dll Infected: Trojan.Win32.Crypt.t
C:\WINDOWS\SYSTEM32\uspntdll.dll Infected: Trojan.Win32.Crypt.t

Scan process completed.





---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 5:16:50 AM, 2/24/2006
+ Report-Checksum: 759C347C

+ Scan result:

:mozilla.25:C:\Documents and Settings\Thomas Ingalls\Application Data\Mozilla\Firefox\Profiles\default.nuk\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Thomas Ingalls\Application Data\Mozilla\Firefox\Profiles\default.nuk\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Thomas Ingalls\Application Data\Mozilla\Firefox\Profiles\default.nuk\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Thomas Ingalls\Application Data\Mozilla\Firefox\Profiles\default.nuk\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Thomas Ingalls\Application Data\Mozilla\Firefox\Profiles\default.nuk\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Thomas Ingalls\Application Data\Mozilla\Firefox\Profiles\default.nuk\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Thomas Ingalls\Application Data\Mozilla\Firefox\Profiles\default.nuk\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Thomas Ingalls\Application Data\Mozilla\Firefox\Profiles\default.nuk\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Thomas Ingalls\Cookies\thomas ingalls@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Thomas Ingalls\Cookies\thomas ingalls@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Thomas Ingalls\Cookies\thomas ingalls@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned with backup
C:\Documents and Settings\Thomas Ingalls\Cookies\thomas ingalls@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Thomas Ingalls\Cookies\thomas ingalls@targetnet[2].txt -> TrackingCookie.Targetnet : Cleaned with backup
C:\Documents and Settings\Thomas Ingalls\Cookies\thomas ingalls@zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP584\A0070788.dll/{23BE608E-55A8-49BB-8895-A0B3FB429F5E}.dll -> Adware.Altnet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP584\A0070789.exe/{417C0B46-A9ED-42BB-A7AC-22E207B57809}.exe -> Adware.Altnet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP584\A0070790.dll/{44C7C55D-6D13-468A-88EC-177D3B65224E}.dll -> Adware.Altnet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP584\A0070791.dll/{D8796504-886B-4DB1-9FAA-9DA39FD13160}.dll -> Adware.Altnet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP584\A0070792.dll/{F4B75220-3BD9-4379-811E-5D3E53BB7DA8}.dll -> Adware.Altnet : Cleaned with backup


::Report End
tingalls is offline