Mobile/PDA About Us Advertise here
User User name Password  
  Not registered yet? Register here.
Lost your password? Click here. 		 
  Home   News   Guides   Downloads   Glossary   Hardware   Profiles   Forums   v4  
 Advertise at AfterDawn.com     Link to us!     Private messages     Compose a private message     List of all updated threads     Threads without replies     Search messages
Thursday 28.11.2024 / 11:38
Search AfterDawn Forums:        In English   Suomeksi   På svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > ulwindowseek and ulwindow url problems!
Show topics
 
Forums
Forums
ULWindowSeek and ULWindow URL Problems!
  Jump to:
 
Posted Message
daves86
Newbie
_ 		10. June 2006 @ 04:21 _ Link to this message    Send private message to this user   
I see this is quite a common problem. I'm a complete noob and have no idea what any of it means, other than it's driving me mad! Hijack this report:

Logfile of HijackThis v1.99.1
Scan saved at 13:18:23, on 10/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0L2.EXE
C:\Program Files\Creative\USB SBAudigy2 NX\DVDAudio\CTDVDDet.EXE
C:\Program Files\Creative\USB SBAudigy2 NX\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\478b830a.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\PROGRA~1\ICROSO~1.NET\netdde.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\users32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\David Scammell\Desktop\HijackThis_v1.99.1.exe

F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: adobepnl.ADOBE_PANEL - {5E8FA924-DEF0-4E71-8A82-A11CA0C1413B} - C:\WINDOWS\system32\adobepnl.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus CX6400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0L2.EXE /P19 "EPSON Stylus CX6400" /O6 "USB001" /M "Stylus CX6400"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\USB SBAudigy2 NX\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\USB SBAudigy2 NX\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Transponder] C:\WINDOWS\system32\susp.exe
O4 - HKLM\..\Run: [478b830a.exe] C:\WINDOWS\system32\478b830a.exe
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [478b830a.exe] C:\Documents and Settings\David Scammell\Local Settings\Application Data\478b830a.exe
O4 - HKCU\..\Run: [Ohmt] "C:\PROGRA~1\ICROSO~1.NET\netdde.exe" -vt yazr
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: winbue32 - C:\WINDOWS\SYSTEM32\winbue32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\System32\nvsvc32.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
[ + quote]
Advertisement
_ 		__
-kemisti-
AfterDawn Addict
_ 		10. June 2006 @ 04:38 _ Link to this message    Send private message to this user   
Hi daves86

We need to disable first couple protections that they won't prevent fixes:

http://wiki.castlecops.com/Malware_Removal:_Temporarily_Disable_R...
http://wiki.castlecops.com/Malware_Removal:_Temporarily_Disable_R...

After that:

Look in your control panels add/remove programs for PuritySCAN By OIN, OuterInfo, OIN or similar , click on it and click remove.
Reboot and delete this folder if found:
C:\Program Files\PurityScan

If not listed, download and run this uninstaller:
http://www.outerinfo.com/OiUninstaller.exeUninstaller

http://www.outerinfo.com/howto.html Tutorial for the uninstaller if needed

Reboot when done and delete this folder if found:
C:\Program Files\PurityScan

Then:

Open HijackThis, click do a system scan only, checkmark these and press fix checked:

O2 - BHO: adobepnl.ADOBE_PANEL - {5E8FA924-DEF0-4E71-8A82-A11CA0C1413B} - C:\WINDOWS\system32\adobepnl.dll
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
O4 - HKLM\..\Run: [Transponder] C:\WINDOWS\system32\susp.exe
O4 - HKLM\..\Run: [478b830a.exe] C:\WINDOWS\system32\478b830a.exe
O4 - HKCU\..\Run: [478b830a.exe] C:\Documents and Settings\David Scammell\Local Settings\Application Data\478b830a.exe
O4 - HKCU\..\Run: [Ohmt] "C:\PROGRA~1\ICROSO~1.NET\netdde.exe" -vt yazr <--- may not be present anymore
O20 - Winlogon Notify: winbue32 - C:\WINDOWS\SYSTEM32\winbue32.dll

Please download ewido anti-malware it is a free version of the program -> http://www.ewido.net/en/download/

1. Install ewido anti-malware
2. When installing, under "Additional Options" uncheck..
* Install background guard
* Install scan via context menu
3. Launch ewido, there should be an icon on your desktop, double-click it.
4. The program will now open to the main screen.
5. When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
6. You will need to update ewido to the latest definition files.
* On the left hand side of the main screen click update.
* Then click on Start Update.
7. The update will start and a progress bar will show the updates being installed.
(the status bar at the bottom will display ("Update successful")

If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates -> http://download.ewido.net/ewido-signatures-full-current.exe Make sure to close Ewido before installing the update.

Once the updates are installed do the following:

Reboot your computer in SafeMode by doing the following:

1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3. Instead of Windows loading as normal, a menu should appear
4. Select the first option, to run Windows in Safe Mode.

Delete, if found:

C:\WINDOWS\system32\adobepnl.dll
C:\WINDOWS\system32\susp.exe
C:\WINDOWS\system32\478b830a.exe
C:\Documents and Settings\David Scammell\Local Settings\Application Data\478b830a.exe
C:\WINDOWS\system32\users32.exe
C:\WINDOWS\SYSTEM32\winbue32.dll

Then launch ewido:

* Click on scanner
* Click on Complete System Scan and the scan will begin.
* You will be prompted to clean the first infection.
* Select "Perform action on all infections", then proceed.
* Once the scan has completed, there will be a button located on the bottom of the screen named Save report
* Click Save report.
* Save the report .txt file to your desktop or a location where you can find it easily.

Close ewido anti-malware.

Reboot back to normal mode

Send ewido report and a fresh HjT log
[ + quote]

This message has been edited since posting. Last time this message was edited on 10. June 2006 @ 04:38
daves86
Newbie
_ 		10. June 2006 @ 04:51 _ Link to this message    Send private message to this user   
Hi, thanks very much for your swift reply but I'm struggling with the first part!

"Look in your control panels add/remove programs for PuritySCAN By OIN, OuterInfo, OIN or similar , click on it and click remove.
Reboot and delete this folder if found:
C:\Program Files\PurityScan "

There is nothing under any of those names in my add remove section, is it alright to just delete the folder?
[ + quote]
-kemisti-
AfterDawn Addict
_ 		10. June 2006 @ 04:59 _ Link to this message    Send private message to this user   
If there's none of them just do this what I told to do :) Deleting that folder isn't enough :

If not listed, download and run this uninstaller:
http://www.outerinfo.com/OiUninstaller.exe Uninstaller

http://www.outerinfo.com/howto.html Tutorial for the uninstaller if needed

Reboot when done and delete this folder if found:
C:\Program Files\PurityScan

And then continue with rest of fixes.
[ + quote]
daves86
Newbie
_ 		10. June 2006 @ 05:58 _ Link to this message    Send private message to this user   
I apologise!

Anyway, I've done that and gone to find the folder and it doesn't actually exist. Is this going to cause problems later on?
[ + quote]
-kemisti-
AfterDawn Addict
_ 		10. June 2006 @ 06:11 _ Link to this message    Send private message to this user   
No, just continue :) It's really good thing if that folder doesn't exist.
[ + quote]
daves86
Newbie
_ 		10. June 2006 @ 11:21 _ Link to this message    Send private message to this user   
Ok, thanks for the help. Took best part of 4 hours to scan!

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 20:13:49, 10/06/2006
+ Report-Checksum: 496D2E6E

+ Scan result:

HKLM\SOFTWARE\Alexa Internet -> Adware.Alexa : Cleaned with backup
HKLM\SOFTWARE\Classes\AlxTB.BHO -> Adware.Alexa : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\DailyToolbar.DLL -> Adware.DailyToolbar : Cleaned with backup
HKLM\SOFTWARE\Classes\Bridge.brdg -> Adware.BlazeFind : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E52DEDBB-D168-4BDB-B229-C48160800E81} -> Hijacker.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\DailyToolbar.IEBand -> Adware.DailyToolbar : Cleaned with backup
HKLM\SOFTWARE\Classes\DailyToolbar.SysMgr -> Adware.DailyToolbar : Cleaned with backup
HKLM\SOFTWARE\Classes\IEToolbar.AffiliateCtl -> Adware.DailyToolbar : Cleaned with backup
HKLM\SOFTWARE\Classes\jao.jao -> Adware.BlazeFind : Cleaned with backup
HKLM\SOFTWARE\Classes\PopMenu.Menu -> Adware.Alexa : Cleaned with backup
HKLM\SOFTWARE\Classes\Popup.PopupKiller -> Adware.Alexa : Cleaned with backup
HKLM\SOFTWARE\Classes\WinRes.WindowsResources.1 -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Clickspring -> Adware.PurityScan : Cleaned with backup
HKLM\SOFTWARE\DailyToolbar -> Adware.DailyToolbar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e52dedbb-d168-4bdb-b229-c48160800e81} -> Hijacker.Generic : Cleaned with backup
HKLM\SOFTWARE\NIX Solutions -> Adware.DailyToolbar : Cleaned with backup
HKLM\SOFTWARE\NIX Solutions\DailyToolbar -> Adware.DailyToolbar : Cleaned with backup
HKLM\SOFTWARE\RespondMiter -> Adware.VX2 : Cleaned with backup
HKU\S-1-5-21-3589927890-269536213-248915221-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E52DEDBB-D168-4BDB-B229-C48160800E81} -> Hijacker.Generic : Cleaned with backup
[244] C:\WINDOWS\system32\winbue32.dll -> Trojan.Agent.vg : Cleaned with backup
:mozilla.38:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.39:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.40:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.41:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.42:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.43:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.44:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.45:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.46:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.47:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.48:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.49:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.50:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.51:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.52:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.53:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.54:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.55:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.56:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.57:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.58:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.59:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.60:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.61:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.64:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.77:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.78:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.87:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.88:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.89:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.90:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.113:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.114:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.115:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.116:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.117:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.118:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.119:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.120:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.121:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.122:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.123:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.124:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.125:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.126:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.127:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.128:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.129:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.130:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.131:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.132:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.133:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.134:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.135:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.139:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.182:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.24:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.25:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.26:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.27:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.28:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.29:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.30:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.31:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.32:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.33:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.34:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.35:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.36:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.37:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.38:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.39:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.40:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.41:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.42:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.43:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.44:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.45:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.46:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.47:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.64:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.77:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.78:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.87:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.88:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.89:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.90:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.113:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.114:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.115:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.116:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.117:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.118:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.119:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.120:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.121:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.122:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.123:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.124:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.125:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.126:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.127:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.128:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.129:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.130:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.131:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.132:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.133:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.134:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.135:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.139:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.182:C:\Documents and Settings\David Scammell\Application Data\Mozilla\Firefox\Profiles\default.dff\cookiesnew.txt -> TrackingCookie.Valueclick : Cleaned with backup
C:\Documents and Settings\David Scammell\Cookies\david scammell@112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\David Scammell\Cookies\david scammell@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned with backup
C:\Documents and Settings\David Scammell\Cookies\david scammell@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned with backup
C:\Documents and Settings\David Scammell\Cookies\david scammell@adtech[2].txt -> TrackingCookie.Adtech : Cleaned with backup
C:\Documents and Settings\David Scammell\Cookies\david scammell@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\David Scammell\Cookies\david scammell@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\David Scammell\Cookies\david scammell@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\David Scammell\Cookies\david scammell@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\David Scammell\Cookies\david scammell@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\David Scammell\Desktop\backups\backup-20060610-150101-559.dll -> Not-A-Virus.Hoax.Win32.Renos.dm : Cleaned with backup
C:\Documents and Settings\David Scammell\Local Settings\Temp\win3B.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
C:\Documents and Settings\David Scammell\Local Settings\Temporary Internet Files\Content.IE5\67O565QT\srvefb[1].exe -> Trojan.Dialer.oy : Cleaned with backup
C:\Documents and Settings\David Scammell\Local Settings\Temporary Internet Files\Content.IE5\67O565QT\srvktn[1].exe -> Trojan.Dialer.oy : Cleaned with backup
C:\Documents and Settings\David Scammell\Local Settings\Temporary Internet Files\Content.IE5\67O565QT\srvmdy[1].exe -> Trojan.Dialer.oy : Cleaned with backup
C:\Documents and Settings\David Scammell\Local Settings\Temporary Internet Files\Content.IE5\67O565QT\srvzuz[1].exe -> Trojan.Dialer.oy : Cleaned with backup
C:\Documents and Settings\David Scammell\Local Settings\Temporary Internet Files\Content.IE5\CZMH4BKF\rdgGB2405[1].exe -> Dialer.GBDialer.g : Cleaned with backup
C:\Documents and Settings\David Scammell\Local Settings\Temporary Internet Files\Content.IE5\SBIN0F05\rdgGB2404[1].exe -> Dialer.GBDialer.g : Cleaned with backup
C:\Documents and Settings\David Scammell\Local Settings\Temporary Internet Files\Content.IE5\SBIN0F05\srvhvi[1].exe -> Trojan.Dialer.oy : Cleaned with backup
C:\Documents and Settings\David Scammell\Local Settings\Temporary Internet Files\Content.IE5\SBIN0F05\srvmfh[1].exe -> Trojan.Dialer.oy : Cleaned with backup
C:\Documents and Settings\David Scammell\Local Settings\Temporary Internet Files\Content.IE5\SBMRQT4J\wizip32[1].exe -> Hijacker.Small.kx : Cleaned with backup
C:\WINDOWS\system32\abooripo.exe -> Trojan.Small : Cleaned with backup
C:\WINDOWS\system32\dhwjdkyk.exe -> Downloader.VB.aan : Cleaned with backup
C:\WINDOWS\system32\jlkqimpn.exe -> Trojan.Small : Cleaned with backup
C:\WINDOWS\system32\nptvubuq.exe -> Trojan.Small : Cleaned with backup
C:\WINDOWS\system32\oceojykz.exe -> Trojan.Small : Cleaned with backup
C:\WINDOWS\system32\ofkqnbaj.phk -> Trojan.Agent.qe : Cleaned with backup
C:\WINDOWS\system32\phqghume.exe -> Trojan.Small : Cleaned with backup
C:\WINDOWS\system32\qjrkvy.exe -> Not-A-Virus.Hoax.Win32.Renos.dm : Cleaned with backup
C:\WINDOWS\system32\tcrnzadx.exe -> Trojan.Small : Cleaned with backup
C:\WINDOWS\system32\winbue32.dll -> Trojan.Agent.vg : Cleaned with backup
C:\WINDOWS\system32\winflash.dll -> Not-A-Virus.Hoax.Win32.Renos.dm : Cleaned with backup
C:\WINDOWS\Temp\win44.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
C:\WINDOWS\Temp\win56.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
C:\WINDOWS\Temp\win9.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
C:\WINDOWS\winres.dll -> Downloader.IstBar.ff : Cleaned with backup


::Report End

Logfile of HijackThis v1.99.1
Scan saved at 20:18:15, on 10/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0L2.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Creative\USB SBAudigy2 NX\DVDAudio\CTDVDDet.EXE
C:\Program Files\Creative\USB SBAudigy2 NX\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\David Scammell\Desktop\HijackThis_v1.99.1.exe

F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - (no file)
O2 - BHO: (no name) - {00000000-C1EC-0345-6EC2-4D0300000000} - (no file)
O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: adobepnl.ADOBE_PANEL - {2513A321-CB50-4C5F-91C5-80342AFACFB1} - C:\WINDOWS\system32\adobepnl.dll (file missing)
O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7b55bb05-0b4d-44fd-81a6-b136188f5deb} - (no file)
O2 - BHO: (no name) - {8333c319-0669-4893-a418-f56d9249fca6} - (no file)
O2 - BHO: (no name) - {9c691a33-7dda-4c2f-be4c-c176083f35cf} - (no file)
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {ffd2825e-0785-40c5-9a41-518f53a8261f} - (no file)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus CX6400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0L2.EXE /P19 "EPSON Stylus CX6400" /O6 "USB001" /M "Stylus CX6400"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\USB SBAudigy2 NX\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\USB SBAudigy2 NX\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [Adware.Srv32] C:\WINDOWS\system32\runsrv32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: winbue32 - winbue32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\System32\nvsvc32.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

Also, looks like it's gone so thanks so much!! Still it's early days and could pop up back at any moment I suppose.

Is there anything else you suggest that I do?
[ + quote]
Advertisement
_ 		__
 
_
-kemisti-
AfterDawn Addict
_ 		11. June 2006 @ 00:57 _ Link to this message    Send private message to this user   
Still something to do :)

Disable WinPatrol and SpywareDoctor first that they won't prevent fixes.

Open HijackThis, click do a system scan only, checkmark these and press fix checked:

O2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - (no file)
O2 - BHO: (no name) - {00000000-C1EC-0345-6EC2-4D0300000000} - (no file)
O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - (no file)
O2 - BHO: adobepnl.ADOBE_PANEL - {2513A321-CB50-4C5F-91C5-80342AFACFB1} - C:\WINDOWS\system32\adobepnl.dll (file missing)
O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)
O2 - BHO: (no name) - {7b55bb05-0b4d-44fd-81a6-b136188f5deb} - (no file)
O2 - BHO: (no name) - {8333c319-0669-4893-a418-f56d9249fca6} - (no file)
O2 - BHO: (no name) - {9c691a33-7dda-4c2f-be4c-c176083f35cf} - (no file)
O4 - HKLM\..\Run: [Adware.Srv32] C:\WINDOWS\system32\runsrv32.exe
O20 - Winlogon Notify: winbue32 - winbue32.dll (file missing)

Reboot and send a fresh HjT log.
[ + quote]
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > ulwindowseek and ulwindow url problems!
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2024 by AfterDawn Ltd.

  IDG TechNetwork