Hi everyone. I need some help. I received a virus the other day somehow. My desktop was changed to tell me I had spyware and gave me 2 links to click on to fix it. I didn't click on the links, but I know that was a virus. I fixed that, but my computer is still loaded with viruses. Adware Away finds 4 or so every time I scan after restarting my computer and Ad-Aware SE freezes up after scanning 84,000 files every time. I have also seen TheMatrixHasYou.exe in my processes. I'm going to post my Hijack This log file, can anyone please help me?

Logfile of HijackThis v1.99.1
Scan saved at 5:32:43 PM, on 6/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\smss.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GS.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\1136554450\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Lexmark 7100 Series\lxbxmon.exe
C:\Program Files\Lexmark 7100 Series\ezprint.exe
C:\WINDOWS\system32\kernels8.exe
C:\WINDOWS\system32\dxvwzjmq.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\lxbxcoms.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\DOCUME~1\SEANPI~1\LOCALS~1\Temp\22494\explorer.exe
C:\WINDOWS\system32\0mcamcap.exe
C:\WINDOWS\system32\TheMatrixHasYou.exe
C:\WINDOWS\system32\dxvwufrp.exe
C:\WINDOWS\system32\dxvwycjn.exe
c:\program files\common files\aol\1136554450\ee\aim6.exe
C:\WINDOWS\system32\dxvwwddq.exe
C:\WINDOWS\system32\dxvwpalk.exe
C:\WINDOWS\system32\dxvwfpli.exe
C:\Documents and Settings\Sean Pierce\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://127.0.0.1:80
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1136554450\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [panel_its] sound64.exe
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [WUSB54GS] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe
O4 - HKLM\..\Run: [LXBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxbxmon.exe] "C:\Program Files\Lexmark 7100 Series\lxbxmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7100 Series\ezprint.exe"
O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\kernels8.exe
O4 - HKLM\..\Run: [DCOM Server] C:\WINDOWS\system32\dxvwfpli.exe
O4 - HKLM\..\Run: [0mcamcap] C:\WINDOWS\system32\0mcamcap.exe
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\system32\kernels8.exe
O4 - HKLM\..\RunServices: [0mcamcap] C:\WINDOWS\system32\0mcamcap.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [startman] forces_elite.exe
O4 - HKCU\..\Run: [Uint32] PasswdMon.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [KillAndClean] "C:\Program Files\KillAndClean\KillAndClean.exe"
O4 - HKCU\..\Run: [0mcamcap] C:\WINDOWS\system32\0mcamcap.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{480BB276-0E97-4D97-B1F0-1BC9E5AF29A7}: NameServer = 85.255.116.66,85.255.112.61
O17 - HKLM\System\CCS\Services\Tcpip\..\{9221EEF1-5E19-4947-860C-27F734F2411B}: NameServer = 85.255.116.66,85.255.112.61
O17 - HKLM\System\CS1\Services\Tcpip\..\{480BB276-0E97-4D97-B1F0-1BC9E5AF29A7}: NameServer = 85.255.116.66,85.255.112.61
O17 - HKLM\System\CS2\Services\Tcpip\..\{480BB276-0E97-4D97-B1F0-1BC9E5AF29A7}: NameServer = 85.255.116.66,85.255.112.61
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll
O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - C:\DOCUME~1\SEANPI~1\LOCALS~1\Temp\22494\explorer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxbx_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbxcoms.exe
O23 - Service: WUSB54GSSVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54GS.exe (file missing)

Hi Sean, welcome!

Create a HijackThis log and post it back here.

Here's how:

Instructions on creating a HijackThis Log
http://www.lavasoftsupport.com/index.php?showtopic=216

Got it posted just a minute before you asked.

You have a nasty collection of trojans and other things

Ugh, you have got a whole bundle of malware. This will take numerous steps to get everything.

1. Please download the free trial program Ewido per the following instructions. This is a good trojan scanner and will help to block any further trojan downloads of malware onto your system while we're trying to clean it all up. Should any nasties try to enter your system it should popup a warning and you can block anything new coming in. But first lets install it, update it, and we'll scan later in SAFE MODE.

Download, install, and update Ewido AntiMalware (get the free trial version)
http://www.ewido.net/en/download/

a. Install Ewido AntiMalware

b. Launch Ewido, there should be a big yellowE icon on your desktop, double-click it.

c. The program will prompt you to update click the OK button

d. The program will now go to the main screen

e. On the left hand side of the main screen click on Update

f. Click on Start. The update will start and a progress bar will show the updates being installed.

g. Do not scan yet. We'll do that later in SAFE MODE. After updating close Ewido and any open programs.

*Note: Ewido is a free trial product for 14 days. After that you can purchase it for full features OR you can also keep the free version to use as an on-demand scanner (recommended).
You will still be able to manually update Ewido using the *update* button

2. Reboot into Safe Mode
You can usually do this by restarting your computer and continually tapping F8 until a menu appears. Highlight Safe Mode and hit enter.

How to start the computer in Safe mode
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

3. Once in safe mode, start Ewido AntiMalware

a. Click on scanner

b. Click on *complete system scan*

c. Let the program scan the machine.

d. While the scan is in progress you will be prompted to clean the first infected file it finds. Choose Remove, then put a check next to Perform action on all infections in the left corner of the box so you don't have to sit and watch Ewido the whole time.
Checkmark the box: *Create encrypted backup in the quarantine* (recommended)

Click OK.

When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again.

4. Reboot back into normal mode.

5. Get a free online AV scan at eTrust Antivirus Web Scanner
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
(if prompted, please *allow* Active X and the install of software - this is needed to scan your system)
It will take a while to download the updates needed, and then you'll be presented with a screen to scan your system. SAVE the report at the end to copy back here please.

(This scan to make sure your Wininet.dll is fixed if infected)

(Don't forget to *save report* at the end. We need you to post a copy with your topic reply. If no infections are found, there isn't a report to save.)

6. Now please scan with HijackThis to produce a new log. Post that log into your topic along with the other requested logs named below.

Logs needed in your next post are:

Ewido Scan report

eTrust online AV report

Fresh HijackThis log

I downloaded Ewido and updated it. Rebooted into Safe Mode and scanned using it. Ewido would have a problem and need to be closed after scanning 47.6% every time. I tried it 3 different times and the same thing kept happening. What should I do?

Post a fresh HijackThis log please.

The computer is too infected for the scanner I think. I'll try to eliminate some manually, but I need a new log.
Hopefully the Ewido guard is at least blocking any new malware downloads.

Logfile of HijackThis v1.99.1
Scan saved at 9:39:24 AM, on 6/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\smss.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GS.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\1136554450\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
C:\Program Files\Lexmark 7100 Series\lxbxmon.exe
C:\Program Files\Lexmark 7100 Series\ezprint.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\lxbxcoms.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Sean Pierce\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://127.0.0.1:80
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1136554450\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [panel_its] sound64.exe
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [WUSB54GS] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe
O4 - HKLM\..\Run: [LXBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxbxmon.exe] "C:\Program Files\Lexmark 7100 Series\lxbxmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7100 Series\ezprint.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [startman] forces_elite.exe
O4 - HKCU\..\Run: [Uint32] PasswdMon.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [KillAndClean] "C:\Program Files\KillAndClean\KillAndClean.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{480BB276-0E97-4D97-B1F0-1BC9E5AF29A7}: NameServer = 85.255.116.66,85.255.112.61
O17 - HKLM\System\CCS\Services\Tcpip\..\{9221EEF1-5E19-4947-860C-27F734F2411B}: NameServer = 85.255.116.66,85.255.112.61
O17 - HKLM\System\CS1\Services\Tcpip\..\{480BB276-0E97-4D97-B1F0-1BC9E5AF29A7}: NameServer = 85.255.116.66,85.255.112.61
O17 - HKLM\System\CS2\Services\Tcpip\..\{480BB276-0E97-4D97-B1F0-1BC9E5AF29A7}: NameServer = 85.255.116.66,85.255.112.61
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxbx_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbxcoms.exe
O23 - Service: WUSB54GSSVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54GS.exe (file missing)

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/file...Fixwareout.exe

Save it to your desktop and doubleclick on Fixwareout.exe to run it.
Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts.
You will be asked to reboot your computer; please do so.
Your system may take longer than usual to load; this is normal.
Once the desktop loads post the text that will open (report.txt)
Please post that report and a new Hijackthis log please.

Fixwareout ver 1.003
Last edited 04/26/2006
Post this report in the forums please

Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\xedocne
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\nlcalik
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\xedocne
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\gib_ogol
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\repiwoh
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\llun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\23plhps
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\mgcppp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\tesvaf
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\32refaselif
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\putesprpgd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ypszr
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\daolnwodi
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\nlcalik
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\lavinraCputeS
...

Microsoft ® Windows Script Host Version 5.6
Random Runs removed from HKLM
...

PLEASE NOTE, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Example ipsec6.exe is lagitamate

»»»»» Search by size and names...
C:\WINDOWS\SYSTEM32\DMVGD.EXE
C:\WINDOWS\SYSTEM32\IPSEC6.EXE
* csr.exe C:\WINDOWS\System32\CSBXJ.EXE
* csr.exe C:\WINDOWS\System32\CSGZW.EXE

»»»»» Misc files

»»»»» Checking for older varients covered by the Rem3 tool

»»»»»
Search five digit cs, dm and jb files
This WILL/CAN also list Legit Files, Submit them at Virustotal
C:\WINDOWS\SYSTEM32\CSBXJ.EXE 51,217 2006-06-09
C:\WINDOWS\SYSTEM32\CSGZW.EXE 51,200 2006-01-29
C:\WINDOWS\SYSTEM32\DMVGD.EXE 44,032 2004-08-03



Logfile of HijackThis v1.99.1
Scan saved at 3:13:58 PM, on 6/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\smss.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GS.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\1136554450\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
C:\Program Files\Lexmark 7100 Series\lxbxmon.exe
C:\Program Files\Lexmark 7100 Series\ezprint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\lxbxcoms.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Sean Pierce\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://127.0.0.1:80
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1136554450\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [panel_its] sound64.exe
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [WUSB54GS] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe
O4 - HKLM\..\Run: [LXBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxbxmon.exe] "C:\Program Files\Lexmark 7100 Series\lxbxmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7100 Series\ezprint.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [startman] forces_elite.exe
O4 - HKCU\..\Run: [Uint32] PasswdMon.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [KillAndClean] "C:\Program Files\KillAndClean\KillAndClean.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{480BB276-0E97-4D97-B1F0-1BC9E5AF29A7}: NameServer = 85.255.116.125,85.255.112.109
O17 - HKLM\System\CCS\Services\Tcpip\..\{9221EEF1-5E19-4947-860C-27F734F2411B}: NameServer = 85.255.116.125,85.255.112.109
O17 - HKLM\System\CS1\Services\Tcpip\..\{480BB276-0E97-4D97-B1F0-1BC9E5AF29A7}: NameServer = 85.255.116.125,85.255.112.109
O17 - HKLM\System\CS2\Services\Tcpip\..\{480BB276-0E97-4D97-B1F0-1BC9E5AF29A7}: NameServer = 85.255.116.125,85.255.112.109
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxbx_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbxcoms.exe
O23 - Service: WUSB54GSSVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54GS.exe (file missing)

Some files from that fixwareout report I need to examine, please.

Go here to upload the files as attachments
http://www.thespykiller.co.uk/forum/index.php?board=1.0
Just press new topic (Make the subject: For CalamityJane from SeanNeedsHelps at LS ),
fill in a short message & then press the browse button and then navigate to & select these files on your computer, If there is more than 1 file then press the more attachments button for each extra file and browse and select etc and then when all the files are listed in the windows press Post to upload the files

Files to upload:

C:\WINDOWS\SYSTEM32\CSBXJ.EXE
C:\WINDOWS\SYSTEM32\CSGZW.EXE
C:\WINDOWS\SYSTEM32\DMVGD.EXE

(Do not post HJT logs there as they will not get dealt with)

You DO NOT need to be a member to upload, anybody can upload the files

You will not see the files that have been uploaded as they only show to the authorized users who can download them
.............................................................
Go to your Control Panel and look in Add/Remove programs. If found in the list the following, highlight it and press *remove*
KillAndClean

Please make a copy of these instructions to have handy as most steps will need to be done in SAFE MODE with all browsers closed.

1. Download SmitfraudFix (by S!Ri) to your Desktop (Win2k/WinXP only!).
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.

How to extract (decompress) zipped or compressed files
http://www.lvsonline.com/compresstut/index.shtml

Note : process.exe is part of the SmitFraudFix tool and is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky, Panda) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

2. Reboot into Safe Mode
You can usually do this by restarting your computer and continually tapping F8 until a menu appears. Highlight Safe Mode and hit enter.

How to start the computer in Safe mode
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

3. Open HijackThis and do a *scan only*
When it finishes, checkmark these entries in the list and then press the *fix checked* button

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://127.0.0.1:80

O4 - HKLM\..\Run: [panel_its] sound64.exe

O4 - HKCU\..\Run: [startman] forces_elite.exe

O4 - HKCU\..\Run: [Uint32] PasswdMon.exe

O4 - HKCU\..\Run: [KillAndClean] "C:\Program Files\KillAndClean\KillAndClean.exe"

O17 - HKLM\System\CCS\Services\Tcpip\..\{480BB276-0E97-4D97-B1F0-1BC9E5AF29A7}: NameServer = 85.255.116.125,85.255.112.109

O17 - HKLM\System\CCS\Services\Tcpip\..\{9221EEF1-5E19-4947-860C-27F734F2411B}: NameServer = 85.255.116.125,85.255.112.109

O17 - HKLM\System\CS1\Services\Tcpip\..\{480BB276-0E97-4D97-B1F0-1BC9E5AF29A7}: NameServer = 85.255.116.125,85.255.112.109

O17 - HKLM\System\CS2\Services\Tcpip\..\{480BB276-0E97-4D97-B1F0-1BC9E5AF29A7}: NameServer = 85.255.116.125,85.255.112.109

O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll

4. Delete these files and folder (if found)

sound64.exe
forces_elite.exe
PasswdMon.exe
C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll
C:\Program Files\KillAndClean (folder)

5. Open the SmitfraudFix folder and double-click smitfraudfix.cmd

Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually.

6. Once back into normal mode, please scan with HijackThis to produce a log. Post that log into your topic along with the other requested logs named below.

Logs needed in your next post are:

rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed

Fresh HijackThis log


Have you been able to complete a scan with Ewido yet??

I was able to complete an Ewido scan. Would you like me to post the report?

Yes, please. It sometimes has false postives and I want to check for those.

Oh, and is Adaware working properly now? Can you get through a scan with it?

Logfile of HijackThis v1.99.1
Scan saved at 5:25:16 PM, on 6/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\smss.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GS.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\1136554450\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
C:\Program Files\Lexmark 7100 Series\lxbxmon.exe
C:\Program Files\Lexmark 7100 Series\ezprint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\lxbxcoms.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Sean Pierce\Desktop\HijackThis\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1136554450\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [WUSB54GS] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe
O4 - HKLM\..\Run: [LXBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxbxmon.exe] "C:\Program Files\Lexmark 7100 Series\lxbxmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7100 Series\ezprint.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxbx_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbxcoms.exe
O23 - Service: WUSB54GSSVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54GS.exe (file missing)




SmitFraudFix v2.60

Scan done at 17:20:42.62, Tue 06/13/2006
Run from C:\Documents and Settings\Sean Pierce\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 4:53:20 PM, 6/13/2006
+ Report-Checksum: E1D077D8

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{2C1CD3D7-86AC-4068-93BC-A02304BB8C34} -> Trojan.Small : Cleaned with backup
[236] C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll -> Proxy.Xorpix.v : Error during cleaning
:mozilla.16:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Cqcounter : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.134:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.135:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.141:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.143:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.159:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.160:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.161:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.162:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.163:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.164:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.182:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.183:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.184:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.185:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.186:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.187:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.188:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.189:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.190:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.191:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.192:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.193:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.206:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.207:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.210:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.211:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.213:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.218:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.219:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.220:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.221:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.222:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.223:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.224:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.225:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.226:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.228:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.229:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.230:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.231:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.232:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.233:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.234:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.235:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.258:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.290:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.292:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.293:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.294:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.296:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.297:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.298:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.299:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.300:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.301:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.302:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.304:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.305:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.306:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.307:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.308:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.309:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.310:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.311:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.312:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.330:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.331:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.332:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.333:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.335:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.336:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.337:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.338:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.359:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.360:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.361:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.362:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.363:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.412:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.428:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.481:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.482:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.483:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.484:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.485:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.510:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.518:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.519:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.520:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.521:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.522:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.523:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.524:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.525:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.526:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.527:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.528:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.529:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.530:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.531:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.532:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.533:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.534:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.535:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.536:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.537:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.538:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.539:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.540:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.541:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.542:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.543:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.544:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.545:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.546:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.547:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.548:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.549:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.550:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.551:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.552:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.553:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.554:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.555:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.556:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.557:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.558:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.559:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.560:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.561:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.562:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.563:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.564:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.565:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.566:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.567:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.575:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.576:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.577:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.578:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.579:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.589:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.590:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.591:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.592:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.593:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.594:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.604:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.605:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.609:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.615:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.643:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.671:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.674:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.675:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.676:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.677:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.678:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.689:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.690:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.691:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.692:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.693:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.694:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.695:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.696:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.697:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.698:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.699:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.700:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.701:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.702:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.723:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.724:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.734:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.735:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.792:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.793:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.794:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.795:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.796:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.804:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.820:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.821:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.822:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.823:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.843:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.846:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup
:mozilla.847:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup
:mozilla.848:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup
:mozilla.851:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.858:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.879:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Sean Pierce\Cookies\sean pierce@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Sean Pierce\Cookies\sean pierce@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup

C:\Documents and Settings\Sean Pierce\Cookies\sean pierce@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Sean Pierce\Local Settings\Temp\10.tmp -> Downloader.Agent.afl : Cleaned with backup
C:\Documents and Settings\Sean Pierce\Local Settings\Temp\11.tmp -> Downloader.Small.ciw : Cleaned with backup
C:\Documents and Settings\Sean Pierce\Local Settings\Temp\12.tmp -> Backdoor.Agent.aai : Cleaned with backup
C:\Documents and Settings\Sean Pierce\Local Settings\Temp\13.tmp -> Downloader.Agent.afl : Cleaned with backup
C:\Documents and Settings\Sean Pierce\Local Settings\Temp\14.tmp -> Downloader.Small.ciw : Cleaned with backup
C:\Documents and Settings\Sean Pierce\Local Settings\Temp\7.dlb -> Downloader.Tibs.eo : Cleaned with backup
C:\Documents and Settings\Sean Pierce\Local Settings\Temp\702B.tmp -> Proxy.Agent.kb : Cleaned with backup
C:\Documents and Settings\Sean Pierce\Local Settings\Temp\89DE.tmp -> Proxy.Agent.kb : Cleaned with backup
C:\Documents and Settings\Sean Pierce\Local Settings\Temp\Cookies\sean pierce@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Sean Pierce\Local Settings\Temp\eonfobde.exe -> Downloader.Tibs.eq : Cleaned with backup
C:\Documents and Settings\Sean Pierce\Local Settings\Temp\F.tmp -> Backdoor.Agent.aai : Cleaned with backup
C:\Documents and Settings\Sean Pierce\Local Settings\Temp\pts5CA.tmp -> Adware.Casino : Cleaned with backup
C:\Documents and Settings\Sean Pierce\Local Settings\Temp\pts5CB.tmp -> Adware.Casino : Cleaned with backup
C:\Documents and Settings\Sean Pierce\Local Settings\Temp\svchost.exe -> Downloader.Agent.aic : Cleaned with backup
C:\Documents and Settings\Sean Pierce\Local Settings\Temp\vx1.game -> Dropper.Small.aps : Cleaned with backup
C:\Documents and Settings\Sean Pierce\Local Settings\Temp\vx2.game -> Proxy.Small.bo : Cleaned with backup
C:\Documents and Settings\Sean Pierce\Local Settings\Temp\vx3.game -> Trojan.Small : Cleaned with backup
C:\Documents and Settings\Sean Pierce\Local Settings\Temp\vx4.game -> Downloader.Small.ctk : Cleaned with backup
C:\Documents and Settings\Sean Pierce\Local Settings\Temp\vx6.game -> Downloader.Small.cxz : Cleaned with backup
C:\RECYCLER\S-1-5-21-789336058-838170752-725345543-1003\Dc117.txt -> TrackingCookie.2o7 : Cleaned with backup
C:\RECYCLER\S-1-5-21-789336058-838170752-725345543-1003\Dc122.exe -> Adware.Casino : Cleaned with backup
C:\RECYCLER\S-1-5-21-789336058-838170752-725345543-1003\Dc123.exe -> Trojan.Favadd.ar : Cleaned with backup
C:\RECYCLER\S-1-5-21-789336058-838170752-725345543-1003\Dc124.exe -> Trojan.Small.gq : Cleaned with backup
C:\RECYCLER\S-1-5-21-789336058-838170752-725345543-1003\Dc126\2238[1].exe -> Trojan.Spambot : Cleaned with backup
C:\RECYCLER\S-1-5-21-789336058-838170752-725345543-1003\Dc128\2238[1].exe -> Trojan.Spambot : Cleaned with backup
C:\RECYCLER\S-1-5-21-789336058-838170752-725345543-1003\Dc133.exe -> Hijacker.Small.kg : Cleaned with backup
C:\RECYCLER\S-1-5-21-789336058-838170752-725345543-1003\Dc134.exe -> Trojan.Hoster : Cleaned with backup
C:\RECYCLER\S-1-5-21-789336058-838170752-725345543-1003\Dc35.txt -> TrackingCookie.Advertising : Cleaned with backup
C:\RECYCLER\S-1-5-21-789336058-838170752-725345543-1003\Dc39.txt -> TrackingCookie.Falkag : Cleaned with backup
C:\RECYCLER\S-1-5-21-789336058-838170752-725345543-1003\Dc40.txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\RECYCLER\S-1-5-21-789336058-838170752-725345543-1003\Dc47.txt -> TrackingCookie.Com : Cleaned with backup
C:\RECYCLER\S-1-5-21-789336058-838170752-725345543-1003\Dc60.txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\RECYCLER\S-1-5-21-789336058-838170752-725345543-1003\Dc64.txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\RECYCLER\S-1-5-21-789336058-838170752-725345543-1003\Dc80.txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\WINDOWS\csrss.dll -> Trojan.Liewar.ab : Cleaned with backup
C:\WINDOWS\smssa.dll -> Trojan.Liewar.ab : Cleaned with backup
C:\WINDOWS\system32\csbxj.exe -> Downloader.Agent.uj : Cleaned with backup
C:\WINDOWS\system32\csgzw.exe -> Downloader.Agent.uj : Cleaned with backup
C:\WINDOWS\system32\csure.exe -> Downloader.Agent.uj : Cleaned with backup
C:\WINDOWS\system32\di.exe -> Downloader.Small.awa : Cleaned with backup
C:\WINDOWS\system32\dlh9jkdq7.exe -> Downloader.Tibs.eo : Cleaned with backup
C:\WINDOWS\system32\dmvgd.exe -> Trojan.Pakes : Cleaned with backup
C:\WINDOWS\system32\dxvwavlx.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\system32\dxvwcbkn.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\system32\dxvwccjw.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\system32\dxvwdcvl.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\system32\dxvwdopr.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\system32\dxvwfdvx.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\system32\dxvwfgsc.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\system32\dxvwfotz.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\system32\dxvwfpli.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\system32\dxvwgqtq.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\system32\dxvwhddh.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\system32\dxvwhqrg.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\system32\dxvwhuuu.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\system32\dxvwidxa.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\system32\dxvwjfqr.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\system32\dxvwjiin.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\system32\dxvwjoeo.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\system32\dxvwjtfn.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\system32\dxvwjvaf.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\system32\dxvwjyyu.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\system32\dxvwkhqy.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\system32\dxvwkwnt.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\system32\dxvwlmcz.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\system32\dxvwmgci.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\system32\dxvwmuyx.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\system32\dxvwmzgy.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\system32\dxvwntxt.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\system32\dxvwoxub.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\system32\dxvwozhh.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\system32\dxvwpalk.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\system32\dxvwpcqn.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\system32\dxvwperc.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\system32\dxvwplea.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\system32\dxvwproq.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\system32\dxvwqdch.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\system32\dxvwqwfi.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\system32\dxvwseug.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\system32\dxvwstdj.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\system32\dxvwszfv.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\system32\dxvwtkbf.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\system32\dxvwtlka.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\system32\dxvwtnjx.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\system32\dxvwtnvd.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\system32\dxvwtrdw.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\system32\dxvwufrp.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\system32\dxvwulwq.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\system32\dxvwurbv.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\system32\dxvwvqky.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\system32\dxvwvvwy.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\system32\dxvwwddq.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\system32\dxvwyapu.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\system32\dxvwycjn.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\system32\dxvwzjmq.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\system32\dxvwzqwv.exe -> Trojan.Spambot : Cleaned with backup
C:\WINDOWS\system32\idownload.exe -> Downloader.Small.buy : Cleaned with backup
C:\WINDOWS\system32\ipod.raw.exe -> Proxy.Lager.bj : Cleaned with backup
C:\WINDOWS\system32\rzspy.exe -> Adware.Raze : Cleaned with backup
C:\WINDOWS\system32\taskdir.exe -> Proxy.Lager.bj : Cleaned with backup
C:\WINDOWS\system32\vxgame1.exe -> Dropper.Small.aps : Cleaned with backup
C:\WINDOWS\system32\vxgame4.exe -> Downloader.Small.ctk : Cleaned with backup
C:\WINDOWS\system32\__delete_on_reboot__0mcamcap.exe -> Proxy.Small.bo : Cleaned with backup
C:\WINDOWS\taskmgr.dll -> Trojan.Liewar.ab : Cleaned with backup
C:\WINDOWS\Temp\16F4.tmp -> Proxy.Agent.kb : Cleaned with backup
C:\WINDOWS\Temp\66EA.tmp -> Proxy.Agent.kb : Cleaned with backup
C:\WINDOWS\Temp\82B0.tmp -> Proxy.Agent.kb : Cleaned with backup
C:\WINDOWS\Temp\D5DD.tmp -> Proxy.Agent.kb : Cleaned with backup
C:\WINDOWS\Temp\E20.tmp -> Proxy.Agent.kb : Cleaned with backup
C:\WINDOWS\uvchost.dll -> Trojan.Liewar.ab : Cleaned with backup
C:\WINDOWS\winlogon.dll -> Trojan.Liewar.ab : Cleaned with backup


::Report End

Adaware SE is working for me now.

That was a really badly infested computer.

I think we better check for a rootkit. I've run into that stubborn 020 artm_new.dll before.

Post a report from this tool

Download the free beta trial of this tool from F-Secure called Blacklight
F-Secure Blacklight: http://www.f-secure.com/blacklight/try.shtml
Doubleclick on bibeta.exe to run it.
Click the *I accept* button near the bottom of that page.
Download and run blacklite click > scan then > next, next again then exit
there will be a new text file near blacklite.Post it please. The text file is named:
fsbl.xxxxxxx.log (the xxxxxxx stand for numbers)
!!Do not rename any files yet
..................
And also from this tool

Please download Rootkit Revealer
http://www.sysinternals.com/utilities/rootkitrevealer.html

(link is at the very bottom of the page)
Unzip it to your desktop.
Open the rootkitrevealer folder and double-click rootkitrevealer.exe
Click the Scan button (bottom right)
It may take a while to scan (don't do anything while it's running)
When it's done, go up to File > Save. Choose to save it to your desktop.
Open rootkitrevealer.txt on your desktop and copy the entire contents and paste them here

06/13/06 20:37:16 [Info]: BlackLight Engine 1.0.37 initialized
06/13/06 20:37:16 [Info]: OS: 5.1 build 2600 (Service Pack 2)
06/13/06 20:37:16 [Note]: 7019 4
06/13/06 20:37:16 [Note]: 7005 0
06/13/06 20:37:35 [Note]: 7006 0
06/13/06 20:37:35 [Note]: 7011 1112
06/13/06 20:37:36 [Note]: 7026 0
06/13/06 20:37:36 [Note]: 7026 0
06/13/06 20:37:51 [Note]: FSRAW library version 1.7.1015
06/13/06 20:41:55 [Note]: 7007 0

Ok, that's 1 and it's clear ...I'll wait for the 2nd one (RootkitRevealer can take a while - don't do anything while it's scanning. Leave the PC idle during the scan)

HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed 6/13/2006 8:46 PM 80 bytes Data mismatch between Windows API and raw hive data.

And that one is clear as well

I think you're good to go unless you see any remaining problems. Edit: Wrong! We still have the 020 item to deal with and I just got your uploaded files. Please see my post further down.

Some final cleanup steps and prevention recommendations for you are all that remain, I think.

Navigate to C:\Windows\Temp
Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.

Navigate to C:\Documents and Settings\(EVERY LISTED USER)\Local Settings\Temp
Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.

Clean out your Temporary Internet files.

• Quit Internet Explorer and quit any instances of Windows Explorer.
• Click Start, click Control Panel, and then double-click Internet Options.
• On the General tab, click Delete Files under Temporary Internet Files.
• In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
  
• Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
• Click OK.

Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.
....................................................

Now that your PC is clean, make sure all programs are running properly and then you'll need to reset your restore point in Windows XP.......why?

One of the best features of Windows ME or XP is the System Restore option, however if a malware infects a computer with this operating system it can be backed up in the System Restore folder. Therefore, clearing the restore points is necessary after malware removal.

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(winXP)

1. Turn off System Restore.
Go to Start and right-click on *My Computer*.
Click Properties.
Click the System Restore tab.
Put a Checkmark in the box next to "Turn off System Restore".
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
Go to Start and right-click on *My Computer*.
Click Properties.
Click the System Restore tab.
Remove the checkmark next to "Turn off System Restore".
Click Apply, and then click OK.

How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/default.aspx?...kb;en-us;310405

Next, I highly recommend you get some extra protection to prevent future infections. Here are some things you can do and some free programs to help .
How do I prevent Browser Hijacks and Spyware?
http://www.dslreports.com/faq/13620

I'm happy to see you have SP2 installed. That will address numerous security issues in your Operating System and IE
Make sure that you keep your Operating System and IE updated with the latest Critical Security Updates from Microsoft...they usually come out once a month, on the 2nd Tuesday of each month. This is the first step in malware prevention, as many nasties now take advantage of new exploits and if not patched, you are vulnerable!
Windows Update
http://update.microsoft.com/microsoftupdate/

And see this link for instructions on how to configure the enhanced security features in SP2:
http://www.microsoft.com/technet/security/...xp/iesecxp.mspx

I also highly recommend to get the free tool, Microsoft Baseline Security Analyzer (MBSA) from Microsoft to analyze your PC security for prevention purposes.

MBSA Version 2.0 will scan for common system misconfigurations on Windows 2000, Windows XP, and Windows Server 2003 systems. This program will identify the system security weaknesses in your browser and operating system and provides easy instructions to correct them. This includes any missing critical Windows security updates, system vulnerabilities and your IE Browser security settings. Get the download here:
Microsoft Baseline Security Analyzer
http://www.microsoft.com/technet/security/...s/mbsahome.mspx
Choose MBSAsetup-EN.msi = (English Version) or the language appropriate for you.

Awesome, thanks so much for your help.

You're quite welcome, Sean. I'm glad we could help

Ok, we're not done yet Sean.

I just got your uploaded files at the upload site.
http://www.thespykiller.co.uk/forum/index.php?topic=1853.0

Are those 3 files still on your system? The Ewido report showed that it deleted them. Please look and let me know. If found you need to delete these:
C:\WINDOWS\SYSTEM32\CSBXJ.EXE
C:\WINDOWS\SYSTEM32\CSGZW.EXE
C:\WINDOWS\SYSTEM32\DMVGD.EXE

Also, please scan wtih HijackThis and post a fresh log. I need to see if that 020 item is still there and we'll need to get rid of it.

I've been out of town, so I haven't been able to take care of this for a couple of days. I don't have any of those 3 files on the computer, but I do have file called "comdlj32.dll". Ewido keeps finding it, but can't clean it. AdAware can't delete it, so I don't know what to do. I'll post a new HijackThis log in a second.

Logfile of HijackThis v1.99.1
Scan saved at 2:27:50 PM, on 6/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\smss.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GS.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\1136554450\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Lexmark 7100 Series\lxbxmon.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
C:\Program Files\Lexmark 7100 Series\ezprint.exe
C:\WINDOWS\system32\spoolsvv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
c:\program files\common files\aol\1136554450\ee\aim6.exe
C:\WINDOWS\system32\lxbxcoms.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Sean Pierce\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gophersearch.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gophersearch.com/
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ohb - {E8888041-B24A-4B0B-911B-12B018E43F21} - C:\WINDOWS\system32\rlmtcs.dll (file missing)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1136554450\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [WUSB54GS] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe
O4 - HKLM\..\Run: [LXBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxbxmon.exe] "C:\Program Files\Lexmark 7100 Series\lxbxmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7100 Series\ezprint.exe"
O4 - HKLM\..\Run: [spoolsvv] C:\WINDOWS\system32\spoolsvv.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxbx_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbxcoms.exe
O23 - Service: WUSB54GSSVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54GS.exe (file missing)

Open HijackThis and choose *scan only*
When it finishes, checkmark these entries and press the *fix checked* button

O2 - BHO: ohb - {E8888041-B24A-4B0B-911B-12B018E43F21} - C:\WINDOWS\system32\rlmtcs.dll (file missing)

O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll

Close HiackThis
.............................................
Please download the Killbox by Option^Explicit.
http://www.downloads.subratam.org/KillBox.zip

Unzip/Extract the contents to your desktop
How to extract (decompress) zipped or compressed files
http://www.lvsonline.com/compresstut/index.shtml

1. Open Killbox by clicking on Killbox.exe

2. Select *Delete on Reboot* in the first column



3. Copy the following text shown in bold below to clipboard by highlighting the bold text and press Control + C
C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll

4. Paste the clipboard contents into the white box that says: Full Path of File to Delete

5. Press the red button with the white x in it.



6. You will receive a prompt stating that files will be deleted on next reboot. Do you want to reboot now?

(Choose yes, if ready to reboot or no, if you need to close some other open items first.)

7. You can close all programs and any open windows.

8. Reboot your computer.

Back in normal mode, please scan once more with HijackThis and post a fresh log please.

Also post the Ewido scan log so I can see the file it's having a problem with.

Logfile of HijackThis v1.99.1
Scan saved at 4:32:13 PM, on 6/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GS.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\1136554450\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
C:\Program Files\Lexmark 7100 Series\lxbxmon.exe
C:\Program Files\Lexmark 7100 Series\ezprint.exe
C:\WINDOWS\system32\spoolsvv.exe
C:\WINDOWS\system32\ctfmon.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1136554450\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [WUSB54GS] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe
O4 - HKLM\..\Run: [LXBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxbxmon.exe] "C:\Program Files\Lexmark 7100 Series\lxbxmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7100 Series\ezprint.exe"
O4 - HKLM\..\Run: [spoolsvv] C:\WINDOWS\system32\spoolsvv.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab

Sorry about splitting up my HijackThis log over multiple posts. My internet is all screwed up and it's having trouble posting here. Also, Mozilla Firefox isn't connecting to the internet. I'll try to get the rest posted as soon as possible.

C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
C:\WINDOWS\system32\lxbxcoms.exe
c:\program files\common files\aol\1136554450\ee\aim6.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ewido anti-malware\SecuritySuite.exe
C:\Documents and Settings\Sean Pierce\Desktop\HijackThis\HijackThis.exe

Ok, don't know if it's the computer or this website right now, but I'm having trouble posting anything, even from my laptop.

Nevermind, apparently I can post anything but the contents of the logfiles.

That's weird. Can you put the log file into a zip file and attach it to a reply?

(in the reply box, scroll down and you see the File Attachments section where you can browse to the logfile on your computer)

I compressed it to a .rar file and tried to upload it, but it says I am "not permitted to upload a file with that file extension."

Can you upload either the log file or rar to your upload thread here?
http://www.thespykiller.co.uk/forum/index.php?topic=1853.0

That will take most file types as access to download them is restricted to authorized persons only.

I was able to upload the file to the other forum.

And, got it! But, guess what! I can't seem to get a post to go through on this thread with the log either. So it's not just you! I will try to start a new topic (maybe this one is polluted? )

Nope - even a new topic doesn't take. We'll stay here and I'll analyze this without posting the log. And post back with a reply with my findings (hopefully) ...something about this log is evil?

*test*...works (it's just the log that won't work for some reason)

Open HijackThis and do a *scan only*
When it finishes, checkmark these entries and press *fix checked*

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gophersearch.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gophersearch.com/

F2 - REG:system.ini: UserInit=userinit.exe

O4 - HKLM\..\Run: [spoolsvv] C:\WINDOWS\system32\spoolsvv.exe

O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll

O23 - Service: Windows Management Updater (WinManUpdater) - Unknown owner - C:\WINDOWS\smss.exe (file missing)
.............................
Please download the Killbox by Option^Explicit.
http://www.downloads.subratam.org/KillBox.zip

Unzip/Extract the contents to your desktop
How to extract (decompress) zipped or compressed files
http://www.lvsonline.com/compresstut/index.shtml

1. Open Killbox by clicking on Killbox.exe

2. Select *Delete on Reboot* in the first column



3. Press the *All Files* button IMPORTANT STEP!



4. Copy the following text shown in bold below to clipboard by highlighting the bold text and press Control + C

C:\WINDOWS\system32\spoolsvv.exe
C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll
C:\WINDOWS\smss.exe

5. In Killbox, select the "File" tab at the top

6. Choose "Paste from Clipboard" in the drop down menu

7. Press the red button with the white x in it.

8. You will receive a prompt stating that files will be deleted on next reboot. Do you want to reboot now?

(Choose yes, if ready to reboot or no, if you need to close some other open items first.)

9. You can close all programs and any open windows.

10. Reboot your computer.

Note: Backups will be stored in the following directory created on the Hard-drive (usually C):
C:\!KillBox

11. Navigate to the Killbox backup folder:
C:\!KillBox

a. Right–click the file or folder

b. Point to Send To

c. Then click Compressed (zipped) Folder

This will make a compressed folder, identified by a zipper icon, which displays the same name as the file you compressed.
C:\!KillBox.zip

12. Go here to upload the files as attachments
http://www.thespykiller.co.uk/forum/index.php?topic=1853.0

File to upload: C:\!KillBox

Got the files, thanks!

Can you reboot and scan with HijackThis and post a fresh HijackThis log?

spoolsvv.exe was the only thing in there...some sort of Spambot. I'll be submitting this one for detection!
Complete scanning result of "spoolsvv.exe", received in VirusTotal at 06.21.2006, 03:10:32 (CET).

Antivirus Version Update Result
AntiVir 6.35.0.13 06.20.2006 TR/Crypt.F.Gen
Authentium 4.93.8 06.20.2006 no virus found
Avast 4.7.844.0 06.20.2006 no virus found
AVG 386 06.20.2006 Downloader.Tibs
BitDefender 7.2 06.21.2006 GenPack:Generic.Malware.SMY.C5D6B29A
CAT-QuickHeal 8.00 06.20.2006 no virus found
ClamAV devel-20060426 06.21.2006 no virus found
DrWeb 4.33 06.20.2006 Trojan.Spambot
eTrust-InoculateIT 23.72.43 06.20.2006 no virus found
eTrust-Vet 12.6.2267 06.21.2006 Win32/Vxidl!generic
Ewido 3.5 06.20.2006 no virus found
Fortinet 2.77.0.0 06.21.2006 PossibleThreat!05824
F-Prot 3.16f 06.20.2006 no virus found
Ikarus 0.2.65.0 06.20.2006 no virus found
Kaspersky 4.0.2.24 06.21.2006 no virus found
McAfee 4789 06.21.2006 no virus found
Microsoft 1.1481 06.21.2006 no virus found
NOD32v2 1.1611 06.20.2006 probably unknown NewHeur_PE virus
Norman 5.90.21 06.20.2006 no virus found
Panda 9.0.0.4 06.20.2006 Suspicious file
Sophos 4.06.0 06.20.2006 no virus found
Symantec 8.0 06.21.2006 Trojan.Fivesec
TheHacker 5.9.8.162 06.20.2006 no virus found
UNA 1.83 06.20.2006 no virus found
VBA32 3.11.0 06.20.2006 Trojan.Spambot
VirusBuster 4.3.7:9 06.20.2006 no virus found

Aditional Information
File size: 27634 bytes
MD5: 6d5113db367dff6e6d2b5b33b562fabd
SHA1: 25e922707ef48673a758ac467ea926e4d382bd33

Logfile of HijackThis v1.99.1
Scan saved at 10:11:36 PM, on 6/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GS.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\1136554450\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
C:\Program Files\Lexmark 7100 Series\lxbxmon.exe
C:\Program Files\Lexmark 7100 Series\ezprint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
c:\program files\common files\aol\1136554450\ee\aim6.exe
C:\WINDOWS\system32\lxbxcoms.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Sean Pierce\Desktop\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1136554450\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [WUSB54GS] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe
O4 - HKLM\..\Run: [LXBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxbxmon.exe] "C:\Program Files\Lexmark 7100 Series\lxbxmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7100 Series\ezprint.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxbx_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbxcoms.exe
O23 - Service: Windows Management Updater (WinManUpdater) - Unknown owner - C:\WINDOWS\smss.exe (file missing)
O23 - Service: WUSB54GSSVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54GS.exe (file missing)

Looking better!

Open HijackThis and do a *scan only*
Checkmark this item in the list and press the *fix checked* button

O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll (file missing)
................
Ewido has a newer updated version, 4.0 just released.

Uninstall the present Ewido program please. You can choose *No* when it asks if you want to remove the quarantine and reports. But continue on with the uninstall. Then, this will require a reboot

Next, download, install, update and scan with the new v. 4.0 and post a log if it finds anything

http://www.ewido.net/en/download/

Also, when done, please post a fresh HijackThis log

+ Created at: 3:27:59 PM 6/22/2006

+ Scan result:



C:\!KillBox.zip/!KillBox/spoolsvv.exe -> Proxy.Agent.kn : Cleaned with backup (quarantined).
C:\!KillBox.zip/!KillBox/spoolsvv.exe( 1) -> Proxy.Agent.kn : Cleaned with backup (quarantined).
C:\!KillBox\spoolsvv.exe -> Proxy.Agent.kn : Cleaned with backup (quarantined).
C:\!KillBox\spoolsvv.exe( 1) -> Proxy.Agent.kn : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\art3BC9.tmp -> Proxy.Agent.kn : Cleaned with backup (quarantined).

::Report end



Logfile of HijackThis v1.99.1
Scan saved at 3:30:38 PM, on 6/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GS.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\1136554450\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Lexmark 7100 Series\lxbxmon.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
C:\Program Files\Lexmark 7100 Series\ezprint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
c:\program files\common files\aol\1136554450\ee\aim6.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\lxbxcoms.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Documents and Settings\Sean Pierce\Desktop\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1136554450\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [WUSB54GS] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe
O4 - HKLM\..\Run: [LXBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxbxmon.exe] "C:\Program Files\Lexmark 7100 Series\lxbxmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7100 Series\ezprint.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxbx_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbxcoms.exe
O23 - Service: Windows Management Updater (WinManUpdater) - Unknown owner - C:\WINDOWS\smss.exe (file missing)
O23 - Service: WUSB54GSSVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54GS.exe (file missing)

I missed one:

Scan with HijackThis and checkmark this entry, then press the *fix checked* button

O23 - Service: Windows Management Updater (WinManUpdater) - Unknown owner - C:\WINDOWS\smss.exe (file missing)

It looks good. How are things looking on your end?

Hi, my computer is infected so I came looking for a fix. Have downloaded and run the program and have this log file to post but computer is still infected. Can anyone help me to get rid of this please.

Many thanks in advance.


Fixwareout ver 1.003
Last edited 07/1/2006
Post this report in the forums please

Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}8A99A25D7DC3-994A-FAB4-18CB-BE774382{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}6A422AC692CA-A0BB-0DB4-C825-F416DAA5{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0EA8A4B42B80-E1FB-7CC4-ECCE-D7F22134{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}DA39BAE12690-AEE9-C594-F52E-88AE31D5{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A5D8232F8D45-08FA-7274-FFE4-8DBF682A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4FA960B57581-9E2B-1184-9F05-E3FE2BCC{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\sjlmd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3C446AC6F932-A45B-E174-7CB2-6DE05B5D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D3DB14E7B1A6-4D5A-49D4-E4A4-D53BD9F3{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\swen
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ogol
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\eno
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\llun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\eerht
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ruof
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\evif
...

Microsoft ® Windows Script Host Version 5.6
Random Runs removed from HKLM
"dmljs.exe"=-
...

PLEASE NOTE, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Example ipsec6.exe is legitimate

»»»»» Search by size and names...
* csr.exe C:\WINDOWS\System32\CSLWA.EXE
* csr.exe C:\WINDOWS\System32\CSGJC.EXE
* csr.exe C:\WINDOWS\System32\CSARQ.EXE
* csr.exe C:\WINDOWS\System32\CSPKQ.EXE
* csr.exe C:\WINDOWS\System32\CSGZJ.EXE

»»»»» Misc files
* thequicklink C:\WINDOWS\System32\{FB172~1.DLL
* thequicklink C:\WINDOWS\System32\{D2BB1~1.DLL
* thequicklink C:\WINDOWS\System32\{71EBE~1.DLL
* thequicklink C:\WINDOWS\System32\{679E8~1.DLL

»»»»» Checking for older varients covered by the Rem3 tool

»»»»»
Search five digit cs, dm and jb files
This WILL/CAN also list Legit Files, Submit them at Virustotal
C:\WINDOWS\SYSTEM32\CSLWA.EXE 51,251 2006-07-08
C:\WINDOWS\SYSTEM32\CSGJC.EXE 51,251 2006-07-08
C:\WINDOWS\SYSTEM32\CSARQ.EXE 51,251 2006-07-01
C:\WINDOWS\SYSTEM32\CSPKQ.EXE 51,251 2006-07-08
C:\WINDOWS\SYSTEM32\CSGZJ.EXE 51,251 2006-07-08
C:\WINDOWS\SYSTEM32\DMMGJ.EXE 44,127 2001-08-23
C:\WINDOWS\SYSTEM32\DMKEQ.EXE 44,127 2001-08-23
C:\WINDOWS\SYSTEM32\DMAQV.EXE 44,127 2001-08-23
C:\WINDOWS\SYSTEM32\DMFUE.EXE 44,127 2001-08-23
C:\WINDOWS\SYSTEM32\DMLJS.EXE 44,127 2001-08-23
C:\WINDOWS\SYSTEM32\DMRHL.EXE 44,130 2001-08-23
Other suspects
Directory of C:\WINDOWS\system32
{679E86A9-FFF7-406A-B7D9-F1D00ECAE3E0}.dll
{71EBE794-CFE1-4AF8-AFF6-6CE78711C4C8}.dll
{D2BB1710-B8CA-48D9-A083-2053E4115718}.dll
{FB172EBB-69A6-447D-8EFB-63646DB8985C}.dll
{3F9DB35D-4A4E-4D94-A5D4-6A1B7E41BD3D}.exe
{D5B50ED6-2BC7-471E-B54A-239F6CA644C3}.exe
{CCB2EF3E-50F9-4811-B2E9-18575B069AF4}.exe
{A286FBD8-4EFF-4727-AF80-54D8F2328D5A}.exe
{5D13EA88-E25F-495C-9EEA-09621EAB93AD}.exe
{43122F7D-ECCE-4CC7-BF1E-08B24B4A8AE0}.exe
{5AAD614F-528C-4BD0-BB0A-AC296CA224A6}.exe
{ABBC9624-47AE-4661-8C79-6543D25E6D8C}.exe
{4D8C35E9-A490-411F-A413-8F7B082A22A3}.exe
{73CB3942-C607-4E42-A55D-9FEFEFE3A6BF}.exe
{DDEF6FFC-9F05-4640-A9FB-3D2611FA45B8}.exe
{61C24DEF-D7D8-4204-9943-477B1D469F4F}.exe
{63D8140A-33A5-4107-85B0-9A49F6C0CA5F}.exe
{9AB9F6E2-9BFD-4F4B-9F28-8415942F505C}.exe
{CA196E04-86A1-465F-A11E-4E701660F5AD}.exe
{313B9332-1FB9-4DBB-97BD-542D8D8006BC}.exe
{46992D1C-D2C7-432A-BBB7-95526C6163DB}.exe
{8427B787-EAE1-4894-B02F-1E057C6DFA76}.exe
{8ECF2976-0A83-4838-B4AB-D90C455B12F6}.exe
{5193A5F3-0DC1-4522-85F2-59A241F743DF}.exe
{F75F173B-9CB0-4B93-9D3A-1EA74CF636B4}.exe
{F3EB3F68-C5E7-480A-A6CF-BE7B0AE6BB0C}.exe
{8AC26F93-F38C-4F84-BF05-A6A0C2477BAC}.exe
{592C729A-F037-43EE-AF2A-25234FA3F832}.exe
{18920E20-70BA-4DD3-B7B5-B94695CF5445}.exe

I think I have fixed this so anyone who was going to help thanks but I nailed it.

I have AVG which shows you the files and viruses but only removes the viruses and not the file generating the viruses.

That file shows up on AVG first when you do a scan as a red coloured exe file that AVG cannot read but identifies.

This file changes it's name everytime you start up your computer.

I downloaded Hijack This and did a scan......I then compared the file names in Hijack This to the red unreadable file that AVG shows you in the first seconds of it's scan and viola there was a match.

I used Hijack This to fix that file.

Prior to this I disabled the system restore box in the Control Panel in "System".

After scanning and fixing the file I re-enabled the system restore box, shut the computer down, restarted and AVG did not come up with the unreadable red file.

I think that did the trick.

You should only check the matching file shown in both AVG and Hijack This though and no other box.