ULWindowSeek and ULWindow URL Problems!

Discussion in 'Windows - Virus and spyware problems' started by daves86, Jun 10, 2006.

  1. daves86

    daves86 Member

    Joined:
    Jun 10, 2006
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    11
    I see this is quite a common problem. I'm a complete noob and have no idea what any of it means, other than it's driving me mad! Hijack this report:

    Logfile of HijackThis v1.99.1
    Scan saved at 13:18:23, on 10/06/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\wdfmgr.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Messenger Plus! 3\MsgPlus.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0L2.EXE
    C:\Program Files\Creative\USB SBAudigy2 NX\DVDAudio\CTDVDDet.EXE
    C:\Program Files\Creative\USB SBAudigy2 NX\Surround Mixer\CTSysVol.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\478b830a.exe
    C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
    C:\Program Files\Spyware Doctor\swdoctor.exe
    C:\PROGRA~1\ICROSO~1.NET\netdde.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\users32.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Documents and Settings\David Scammell\Desktop\HijackThis_v1.99.1.exe

    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: adobepnl.ADOBE_PANEL - {5E8FA924-DEF0-4E71-8A82-A11CA0C1413B} - C:\WINDOWS\system32\adobepnl.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
    O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
    O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
    O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
    O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [EPSON Stylus CX6400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0L2.EXE /P19 "EPSON Stylus CX6400" /O6 "USB001" /M "Stylus CX6400"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\USB SBAudigy2 NX\DVDAudio\CTDVDDet.EXE
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\USB SBAudigy2 NX\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [Transponder] C:\WINDOWS\system32\susp.exe
    O4 - HKLM\..\Run: [478b830a.exe] C:\WINDOWS\system32\478b830a.exe
    O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
    O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
    O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
    O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
    O4 - HKCU\..\Run: [478b830a.exe] C:\Documents and Settings\David Scammell\Local Settings\Application Data\478b830a.exe
    O4 - HKCU\..\Run: [Ohmt] "C:\PROGRA~1\ICROSO~1.NET\netdde.exe" -vt yazr
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
    O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: winbue32 - C:\WINDOWS\SYSTEM32\winbue32.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\System32\nvsvc32.exe (file missing)
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
     
    daves86, Jun 10, 2006
    #1
  2. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    Hi daves86

    We need to disable first couple protections that they won't prevent fixes:

    http://wiki.castlecops.com/Malware_..._Real_Time_Monitoring_Programs#Spyware_Doctor
    http://wiki.castlecops.com/Malware_...sable_Real_Time_Monitoring_Programs#WinPatrol

    After that:

    Look in your control panels add/remove programs for PuritySCAN By OIN, OuterInfo, OIN or similar , click on it and click remove.
    Reboot and delete this folder if found:
    C:\Program Files\PurityScan

    If not listed, download and run this uninstaller:
    http://www.outerinfo.com/OiUninstaller.exeUninstaller

    http://www.outerinfo.com/howto.html Tutorial for the uninstaller if needed

    Reboot when done and delete this folder if found:
    C:\Program Files\PurityScan

    Then:

    Open HijackThis, click do a system scan only, checkmark these and press fix checked:

    O2 - BHO: adobepnl.ADOBE_PANEL - {5E8FA924-DEF0-4E71-8A82-A11CA0C1413B} - C:\WINDOWS\system32\adobepnl.dll
    O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
    O4 - HKLM\..\Run: [Transponder] C:\WINDOWS\system32\susp.exe
    O4 - HKLM\..\Run: [478b830a.exe] C:\WINDOWS\system32\478b830a.exe
    O4 - HKCU\..\Run: [478b830a.exe] C:\Documents and Settings\David Scammell\Local Settings\Application Data\478b830a.exe
    O4 - HKCU\..\Run: [Ohmt] "C:\PROGRA~1\ICROSO~1.NET\netdde.exe" -vt yazr <--- may not be present anymore
    O20 - Winlogon Notify: winbue32 - C:\WINDOWS\SYSTEM32\winbue32.dll

    Please download ewido anti-malware it is a free version of the program -> http://www.ewido.net/en/download/

    1. Install ewido anti-malware
    2. When installing, under "Additional Options" uncheck..
    * Install background guard
    * Install scan via context menu
    3. Launch ewido, there should be an icon on your desktop, double-click it.
    4. The program will now open to the main screen.
    5. When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
    6. You will need to update ewido to the latest definition files.
    * On the left hand side of the main screen click update.
    * Then click on Start Update.
    7. The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful")

    If you are having problems with the updater, you can use this link to manually update ewido.
    ewido manual updates -> http://download.ewido.net/ewido-signatures-full-current.exe Make sure to close Ewido before installing the update.

    Once the updates are installed do the following:

    Reboot your computer in SafeMode by doing the following:

    1. Restart your computer
    2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
    3. Instead of Windows loading as normal, a menu should appear
    4. Select the first option, to run Windows in Safe Mode.

    Delete, if found:

    C:\WINDOWS\system32\adobepnl.dll
    C:\WINDOWS\system32\susp.exe
    C:\WINDOWS\system32\478b830a.exe
    C:\Documents and Settings\David Scammell\Local Settings\Application Data\478b830a.exe
    C:\WINDOWS\system32\users32.exe
    C:\WINDOWS\SYSTEM32\winbue32.dll

    Then launch ewido:

    * Click on scanner
    * Click on Complete System Scan and the scan will begin.
    * You will be prompted to clean the first infection.
    * Select "Perform action on all infections", then proceed.
    * Once the scan has completed, there will be a button located on the bottom of the screen named Save report
    * Click Save report.
    * Save the report .txt file to your desktop or a location where you can find it easily.

    Close ewido anti-malware.

    Reboot back to normal mode

    Send ewido report and a fresh HjT log
     
    Last edited: Jun 10, 2006
    -kemisti-, Jun 10, 2006
    #2
  3. daves86

    daves86 Member

    Joined:
    Jun 10, 2006
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    11
    Hi, thanks very much for your swift reply but I'm struggling with the first part!

    "Look in your control panels add/remove programs for PuritySCAN By OIN, OuterInfo, OIN or similar , click on it and click remove.
    Reboot and delete this folder if found:
    C:\Program Files\PurityScan "

    There is nothing under any of those names in my add remove section, is it alright to just delete the folder?
     
    daves86, Jun 10, 2006
    #3
  4. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    If there's none of them just do this what I told to do :) Deleting that folder isn't enough :

    If not listed, download and run this uninstaller:
    http://www.outerinfo.com/OiUninstaller.exe Uninstaller

    http://www.outerinfo.com/howto.html Tutorial for the uninstaller if needed

    Reboot when done and delete this folder if found:
    C:\Program Files\PurityScan

    And then continue with rest of fixes.
     
    -kemisti-, Jun 10, 2006
    #4
  5. daves86

    daves86 Member

    Joined:
    Jun 10, 2006
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    11
    I apologise!

    Anyway, I've done that and gone to find the folder and it doesn't actually exist. Is this going to cause problems later on?
     
    daves86, Jun 10, 2006
    #5
  6. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    No, just continue :) It's really good thing if that folder doesn't exist.
     
    -kemisti-, Jun 10, 2006
    #6
  7. daves86

    daves86 Member

    Joined:
    Jun 10, 2006
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    11
    Ok, thanks for the help. Took best part of 4 hours to scan!

    ---------------------------------------------------------
    ewido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 20:13:49, 10/06/2006
    + Report-Checksum: 496D2E6E

    + Scan result:

    HKLM\SOFTWARE\Alexa Internet -> Adware.Alexa : Cleaned with backup
    HKLM\SOFTWARE\Classes\AlxTB.BHO -> Adware.Alexa : Cleaned with backup
    HKLM\SOFTWARE\Classes\AppID\DailyToolbar.DLL -> Adware.DailyToolbar : Cleaned with backup
    HKLM\SOFTWARE\Classes\Bridge.brdg -> Adware.BlazeFind : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{E52DEDBB-D168-4BDB-B229-C48160800E81} -> Hijacker.Generic : Cleaned with backup
    HKLM\SOFTWARE\Classes\DailyToolbar.IEBand -> Adware.DailyToolbar : Cleaned with backup
    HKLM\SOFTWARE\Classes\DailyToolbar.SysMgr -> Adware.DailyToolbar : Cleaned with backup
    HKLM\SOFTWARE\Classes\IEToolbar.AffiliateCtl -> Adware.DailyToolbar : Cleaned with backup
    HKLM\SOFTWARE\Classes\jao.jao -> Adware.BlazeFind : Cleaned with backup
    HKLM\SOFTWARE\Classes\PopMenu.Menu -> Adware.Alexa : Cleaned with backup
    HKLM\SOFTWARE\Classes\Popup.PopupKiller -> Adware.Alexa : Cleaned with backup
    HKLM\SOFTWARE\Classes\WinRes.WindowsResources.1 -> Adware.CoolWebSearch : Cleaned with backup
    HKLM\SOFTWARE\Clickspring -> Adware.PurityScan : Cleaned with backup
    HKLM\SOFTWARE\DailyToolbar -> Adware.DailyToolbar : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e52dedbb-d168-4bdb-b229-c48160800e81} -> Hijacker.Generic : Cleaned with backup
    HKLM\SOFTWARE\NIX Solutions -> Adware.DailyToolbar : Cleaned with backup
    HKLM\SOFTWARE\NIX Solutions\DailyToolbar -> Adware.DailyToolbar : Cleaned with backup
    HKLM\SOFTWARE\RespondMiter -> Adware.VX2 : Cleaned with backup
    HKU\S-1-5-21-3589927890-269536213-248915221-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E52DEDBB-D168-4BDB-B229-C48160800E81} -> Hijacker.Generic : Cleaned with backup
    [244] C:\WINDOWS\system32\winbue32.dll -> Trojan.Agent.vg : Cleaned with backup
    :mozilla.38:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.39:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
    :mozilla.40:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
    :mozilla.41:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
    :mozilla.42:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
    :mozilla.43:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
    :mozilla.44:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
    :mozilla.45:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
    :mozilla.46:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
    :mozilla.47:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
    :mozilla.48:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
    :mozilla.49:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
    :mozilla.50:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
    :mozilla.51:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
    :mozilla.52:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
    :mozilla.53:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
    :mozilla.54:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
    :mozilla.55:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
    :mozilla.56:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
    :mozilla.57:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
    :mozilla.58:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.59:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.60:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.61:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.64:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
    :mozilla.77:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Com : Cleaned with backup
    :mozilla.78:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Com : Cleaned with backup
    :mozilla.87:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
    :mozilla.88:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
    :mozilla.89:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
    :mozilla.90:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
    :mozilla.113:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
    :mozilla.114:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.115:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.116:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.117:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.118:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.119:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.120:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.121:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.122:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.123:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.124:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.125:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.126:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.127:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.128:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.129:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.130:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.131:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.132:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.133:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.134:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.135:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
    :mozilla.139:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
    :mozilla.182:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
    :mozilla.24:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.25:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Doubleclick : Cleaned with backup
    :mozilla.26:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Doubleclick : Cleaned with backup
    :mozilla.27:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Doubleclick : Cleaned with backup
    :mozilla.28:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Casalemedia : Cleaned with backup
    :mozilla.29:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Fastclick : Cleaned with backup
    :mozilla.30:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Fastclick : Cleaned with backup
    :mozilla.31:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Fastclick : Cleaned with backup
    :mozilla.32:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Fastclick : Cleaned with backup
    :mozilla.33:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Fastclick : Cleaned with backup
    :mozilla.34:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Casalemedia : Cleaned with backup
    :mozilla.35:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Casalemedia : Cleaned with backup
    :mozilla.36:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Casalemedia : Cleaned with backup
    :mozilla.37:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Casalemedia : Cleaned with backup
    :mozilla.38:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Casalemedia : Cleaned with backup
    :mozilla.39:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Casalemedia : Cleaned with backup
    :mozilla.40:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Casalemedia : Cleaned with backup
    :mozilla.41:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Casalemedia : Cleaned with backup
    :mozilla.42:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Adtech : Cleaned with backup
    :mozilla.43:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Adtech : Cleaned with backup
    :mozilla.44:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.45:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.46:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.47:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.64:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Atdmt : Cleaned with backup
    :mozilla.77:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Com : Cleaned with backup
    :mozilla.78:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Com : Cleaned with backup
    :mozilla.87:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Pointroll : Cleaned with backup
    :mozilla.88:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Pointroll : Cleaned with backup
    :mozilla.89:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Pointroll : Cleaned with backup
    :mozilla.90:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Pointroll : Cleaned with backup
    :mozilla.113:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Googleadservices : Cleaned with backup
    :mozilla.114:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.115:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.116:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.117:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.118:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.119:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.120:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.121:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.122:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.123:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.124:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.125:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.126:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.127:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.128:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.129:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.130:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.131:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.132:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.133:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.134:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.135:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Googleadservices : Cleaned with backup
    :mozilla.139:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Bluestreak : Cleaned with backup
    :mozilla.182:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Valueclick : Cleaned with backup
    C:\Documents and Settings\David Scammell\Cookies\david scammell@112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\David Scammell\Cookies\david scammell@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned with backup
    C:\Documents and Settings\David Scammell\Cookies\david scammell@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned with backup
    C:\Documents and Settings\David Scammell\Cookies\david scammell@adtech[2].txt -> TrackingCookie.Adtech : Cleaned with backup
    C:\Documents and Settings\David Scammell\Cookies\david scammell@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
    C:\Documents and Settings\David Scammell\Cookies\david scammell@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup
    C:\Documents and Settings\David Scammell\Cookies\david scammell@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
    C:\Documents and Settings\David Scammell\Cookies\david scammell@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
    C:\Documents and Settings\David Scammell\Cookies\david scammell@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup
    C:\Documents and Settings\David Scammell\Desktop\backups\backup-20060610-150101-559.dll -> Not-A-Virus.Hoax.Win32.Renos.dm : Cleaned with backup
    C:\Documents and Settings\David Scammell\Local Settings\Temp\win3B.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
    C:\Documents and Settings\David Scammell\Local Settings\Temporary Internet Files\Content.IE5\67O565QT\srvefb[1].exe -> Trojan.Dialer.oy : Cleaned with backup
    C:\Documents and Settings\David Scammell\Local Settings\Temporary Internet Files\Content.IE5\67O565QT\srvktn[1].exe -> Trojan.Dialer.oy : Cleaned with backup
    C:\Documents and Settings\David Scammell\Local Settings\Temporary Internet Files\Content.IE5\67O565QT\srvmdy[1].exe -> Trojan.Dialer.oy : Cleaned with backup
    C:\Documents and Settings\David Scammell\Local Settings\Temporary Internet Files\Content.IE5\67O565QT\srvzuz[1].exe -> Trojan.Dialer.oy : Cleaned with backup
    C:\Documents and Settings\David Scammell\Local Settings\Temporary Internet Files\Content.IE5\CZMH4BKF\rdgGB2405[1].exe -> Dialer.GBDialer.g : Cleaned with backup
    C:\Documents and Settings\David Scammell\Local Settings\Temporary Internet Files\Content.IE5\SBIN0F05\rdgGB2404[1].exe -> Dialer.GBDialer.g : Cleaned with backup
    C:\Documents and Settings\David Scammell\Local Settings\Temporary Internet Files\Content.IE5\SBIN0F05\srvhvi[1].exe -> Trojan.Dialer.oy : Cleaned with backup
    C:\Documents and Settings\David Scammell\Local Settings\Temporary Internet Files\Content.IE5\SBIN0F05\srvmfh[1].exe -> Trojan.Dialer.oy : Cleaned with backup
    C:\Documents and Settings\David Scammell\Local Settings\Temporary Internet Files\Content.IE5\SBMRQT4J\wizip32[1].exe -> Hijacker.Small.kx : Cleaned with backup
    C:\WINDOWS\system32\abooripo.exe -> Trojan.Small : Cleaned with backup
    C:\WINDOWS\system32\dhwjdkyk.exe -> Downloader.VB.aan : Cleaned with backup
    C:\WINDOWS\system32\jlkqimpn.exe -> Trojan.Small : Cleaned with backup
    C:\WINDOWS\system32\nptvubuq.exe -> Trojan.Small : Cleaned with backup
    C:\WINDOWS\system32\oceojykz.exe -> Trojan.Small : Cleaned with backup
    C:\WINDOWS\system32\ofkqnbaj.phk -> Trojan.Agent.qe : Cleaned with backup
    C:\WINDOWS\system32\phqghume.exe -> Trojan.Small : Cleaned with backup
    C:\WINDOWS\system32\qjrkvy.exe -> Not-A-Virus.Hoax.Win32.Renos.dm : Cleaned with backup
    C:\WINDOWS\system32\tcrnzadx.exe -> Trojan.Small : Cleaned with backup
    C:\WINDOWS\system32\winbue32.dll -> Trojan.Agent.vg : Cleaned with backup
    C:\WINDOWS\system32\winflash.dll -> Not-A-Virus.Hoax.Win32.Renos.dm : Cleaned with backup
    C:\WINDOWS\Temp\win44.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
    C:\WINDOWS\Temp\win56.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
    C:\WINDOWS\Temp\win9.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
    C:\WINDOWS\winres.dll -> Downloader.IstBar.ff : Cleaned with backup


    ::Report End

    Logfile of HijackThis v1.99.1
    Scan saved at 20:18:15, on 10/06/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\wdfmgr.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Messenger Plus! 3\MsgPlus.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0L2.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Creative\USB SBAudigy2 NX\DVDAudio\CTDVDDet.EXE
    C:\Program Files\Creative\USB SBAudigy2 NX\Surround Mixer\CTSysVol.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
    C:\Program Files\Spyware Doctor\swdoctor.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\David Scammell\Desktop\HijackThis_v1.99.1.exe

    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - (no file)
    O2 - BHO: (no name) - {00000000-C1EC-0345-6EC2-4D0300000000} - (no file)
    O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: adobepnl.ADOBE_PANEL - {2513A321-CB50-4C5F-91C5-80342AFACFB1} - C:\WINDOWS\system32\adobepnl.dll (file missing)
    O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {7b55bb05-0b4d-44fd-81a6-b136188f5deb} - (no file)
    O2 - BHO: (no name) - {8333c319-0669-4893-a418-f56d9249fca6} - (no file)
    O2 - BHO: (no name) - {9c691a33-7dda-4c2f-be4c-c176083f35cf} - (no file)
    O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
    O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O2 - BHO: (no name) - {ffd2825e-0785-40c5-9a41-518f53a8261f} - (no file)
    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
    O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
    O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [EPSON Stylus CX6400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0L2.EXE /P19 "EPSON Stylus CX6400" /O6 "USB001" /M "Stylus CX6400"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\USB SBAudigy2 NX\DVDAudio\CTDVDDet.EXE
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\USB SBAudigy2 NX\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
    O4 - HKLM\..\Run: [Adware.Srv32] C:\WINDOWS\system32\runsrv32.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
    O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
    O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
    O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
    O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: winbue32 - winbue32.dll (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\System32\nvsvc32.exe (file missing)
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

    Also, looks like it's gone so thanks so much!! Still it's early days and could pop up back at any moment I suppose.

    Is there anything else you suggest that I do?
     
    daves86, Jun 10, 2006
    #7
  8. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    Still something to do :)

    Disable WinPatrol and SpywareDoctor first that they won't prevent fixes.

    Open HijackThis, click do a system scan only, checkmark these and press fix checked:

    O2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - (no file)
    O2 - BHO: (no name) - {00000000-C1EC-0345-6EC2-4D0300000000} - (no file)
    O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - (no file)
    O2 - BHO: adobepnl.ADOBE_PANEL - {2513A321-CB50-4C5F-91C5-80342AFACFB1} - C:\WINDOWS\system32\adobepnl.dll (file missing)
    O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)
    O2 - BHO: (no name) - {7b55bb05-0b4d-44fd-81a6-b136188f5deb} - (no file)
    O2 - BHO: (no name) - {8333c319-0669-4893-a418-f56d9249fca6} - (no file)
    O2 - BHO: (no name) - {9c691a33-7dda-4c2f-be4c-c176083f35cf} - (no file)
    O4 - HKLM\..\Run: [Adware.Srv32] C:\WINDOWS\system32\runsrv32.exe
    O20 - Winlogon Notify: winbue32 - winbue32.dll (file missing)

    Reboot and send a fresh HjT log.
     
    -kemisti-, Jun 11, 2006
    #8

Share This Page