Sign in to follow this  
seansmall

TheMatrixHasYou

Recommended Posts

Hi everyone. I need some help. I received a virus the other day somehow. My desktop was changed to tell me I had spyware and gave me 2 links to click on to fix it. I didn't click on the links, but I know that was a virus. I fixed that, but my computer is still loaded with viruses. Adware Away finds 4 or so every time I scan after restarting my computer and Ad-Aware SE freezes up after scanning 84,000 files every time. I have also seen TheMatrixHasYou.exe in my processes. I'm going to post my Hijack This log file, can anyone please help me?

Share this post


Link to post
Share on other sites

Logfile of HijackThis v1.99.1

Scan saved at 5:32:43 PM, on 6/11/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\smss.exe

C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GS.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\AOL\1136554450\ee\AOLSoftware.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\WINDOWS\system32\Rundll32.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\Program Files\Lexmark 7100 Series\lxbxmon.exe

C:\Program Files\Lexmark 7100 Series\ezprint.exe

C:\WINDOWS\system32\kernels8.exe

C:\WINDOWS\system32\dxvwzjmq.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe

C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\lxbxcoms.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe

C:\DOCUME~1\SEANPI~1\LOCALS~1\Temp\22494\explorer.exe

C:\WINDOWS\system32\0mcamcap.exe

C:\WINDOWS\system32\TheMatrixHasYou.exe

C:\WINDOWS\system32\dxvwufrp.exe

C:\WINDOWS\system32\dxvwycjn.exe

c:\program files\common files\aol\1136554450\ee\aim6.exe

C:\WINDOWS\system32\dxvwwddq.exe

C:\WINDOWS\system32\dxvwpalk.exe

C:\WINDOWS\system32\dxvwfpli.exe

C:\Documents and Settings\Sean Pierce\Desktop\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://127.0.0.1:80

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1136554450\ee\AOLSoftware.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [panel_its] sound64.exe

O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O4 - HKLM\..\Run: [WUSB54GS] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe

O4 - HKLM\..\Run: [LXBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll,[email protected]

O4 - HKLM\..\Run: [lxbxmon.exe] "C:\Program Files\Lexmark 7100 Series\lxbxmon.exe"

O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7100 Series\ezprint.exe"

O4 - HKLM\..\Run: [system] C:\WINDOWS\system32\kernels8.exe

O4 - HKLM\..\Run: [DCOM Server] C:\WINDOWS\system32\dxvwfpli.exe

O4 - HKLM\..\Run: [0mcamcap] C:\WINDOWS\system32\0mcamcap.exe

O4 - HKLM\..\RunServices: [systemTools] C:\WINDOWS\system32\kernels8.exe

O4 - HKLM\..\RunServices: [0mcamcap] C:\WINDOWS\system32\0mcamcap.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe

O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp

O4 - HKCU\..\Run: [startman] forces_elite.exe

O4 - HKCU\..\Run: [uint32] PasswdMon.exe

O4 - HKCU\..\Run: [setDefaultMIDI] MIDIDef.exe

O4 - HKCU\..\Run: [KillAndClean] "C:\Program Files\KillAndClean\KillAndClean.exe"

O4 - HKCU\..\Run: [0mcamcap] C:\WINDOWS\system32\0mcamcap.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{480BB276-0E97-4D97-B1F0-1BC9E5AF29A7}: NameServer = 85.255.116.66,85.255.112.61

O17 - HKLM\System\CCS\Services\Tcpip\..\{9221EEF1-5E19-4947-860C-27F734F2411B}: NameServer = 85.255.116.66,85.255.112.61

O17 - HKLM\System\CS1\Services\Tcpip\..\{480BB276-0E97-4D97-B1F0-1BC9E5AF29A7}: NameServer = 85.255.116.66,85.255.112.61

O17 - HKLM\System\CS2\Services\Tcpip\..\{480BB276-0E97-4D97-B1F0-1BC9E5AF29A7}: NameServer = 85.255.116.66,85.255.112.61

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll

O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - C:\DOCUME~1\SEANPI~1\LOCALS~1\Temp\22494\explorer.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: lxbx_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbxcoms.exe

O23 - Service: WUSB54GSSVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54GS.exe (file missing)

Share this post


Link to post
Share on other sites

You have a nasty collection of trojans and other things

 

Ugh, you have got a whole bundle of malware. This will take numerous steps to get everything.

 

1. Please download the free trial program Ewido per the following instructions. This is a good trojan scanner and will help to block any further trojan downloads of malware onto your system while we're trying to clean it all up. Should any nasties try to enter your system it should popup a warning and you can block anything new coming in. But first lets install it, update it, and we'll scan later in SAFE MODE.

 

Download, install, and update Ewido AntiMalware (get the free trial version)

http://www.ewido.net/en/download/

 

a. Install Ewido AntiMalware

 

b. Launch Ewido, there should be a big yellowE icon on your desktop, double-click it.

 

c. The program will prompt you to update click the OK button

 

d. The program will now go to the main screen

 

e. On the left hand side of the main screen click on Update

 

f. Click on Start. The update will start and a progress bar will show the updates being installed.

 

g. Do not scan yet. We'll do that later in SAFE MODE. After updating close Ewido and any open programs.

 

*Note: Ewido is a free trial product for 14 days. After that you can purchase it for full features OR you can also keep the free version to use as an on-demand scanner (recommended).

You will still be able to manually update Ewido using the *update* button :)

 

2. Reboot into Safe Mode

You can usually do this by restarting your computer and continually tapping F8 until a menu appears. Highlight Safe Mode and hit enter.

 

How to start the computer in Safe mode

http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

 

3. Once in safe mode, start Ewido AntiMalware

 

a. Click on scanner

 

b. Click on *complete system scan*

 

c. Let the program scan the machine.

 

d. While the scan is in progress you will be prompted to clean the first infected file it finds. Choose Remove, then put a check next to Perform action on all infections in the left corner of the box so you don't have to sit and watch Ewido the whole time.

Checkmark the box: *Create encrypted backup in the quarantine* (recommended)

 

Click OK.

 

When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again.

 

4. Reboot back into normal mode.

 

5. Get a free online AV scan at eTrust Antivirus Web Scanner

http://www3.ca.com/securityadvisor/virusinfo/scan.aspx

(if prompted, please *allow* Active X and the install of software - this is needed to scan your system)

It will take a while to download the updates needed, and then you'll be presented with a screen to scan your system. SAVE the report at the end to copy back here please.

 

(This scan to make sure your Wininet.dll is fixed if infected)

 

(Don't forget to *save report* at the end. We need you to post a copy with your topic reply. If no infections are found, there isn't a report to save.)

 

6. Now please scan with HijackThis to produce a new log. Post that log into your topic along with the other requested logs named below.

 

Logs needed in your next post are:

 

Ewido Scan report

 

eTrust online AV report

 

Fresh HijackThis log

Share this post


Link to post
Share on other sites

I downloaded Ewido and updated it. Rebooted into Safe Mode and scanned using it. Ewido would have a problem and need to be closed after scanning 47.6% every time. I tried it 3 different times and the same thing kept happening. What should I do?

Share this post


Link to post
Share on other sites

Post a fresh HijackThis log please.

 

The computer is too infected for the scanner I think. I'll try to eliminate some manually, but I need a new log.

Hopefully the Ewido guard is at least blocking any new malware downloads.

Share this post


Link to post
Share on other sites

Logfile of HijackThis v1.99.1

Scan saved at 9:39:24 AM, on 6/12/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\ewido anti-malware\ewidoctrl.exe

C:\Program Files\ewido anti-malware\ewidoguard.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\smss.exe

C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GS.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\AOL\1136554450\ee\AOLSoftware.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\WINDOWS\system32\Rundll32.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe

C:\Program Files\Lexmark 7100 Series\lxbxmon.exe

C:\Program Files\Lexmark 7100 Series\ezprint.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\lxbxcoms.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Sean Pierce\Desktop\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://127.0.0.1:80

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1136554450\ee\AOLSoftware.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [panel_its] sound64.exe

O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O4 - HKLM\..\Run: [WUSB54GS] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe

O4 - HKLM\..\Run: [LXBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll,[email protected]

O4 - HKLM\..\Run: [lxbxmon.exe] "C:\Program Files\Lexmark 7100 Series\lxbxmon.exe"

O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7100 Series\ezprint.exe"

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe

O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp

O4 - HKCU\..\Run: [startman] forces_elite.exe

O4 - HKCU\..\Run: [uint32] PasswdMon.exe

O4 - HKCU\..\Run: [setDefaultMIDI] MIDIDef.exe

O4 - HKCU\..\Run: [KillAndClean] "C:\Program Files\KillAndClean\KillAndClean.exe"

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{480BB276-0E97-4D97-B1F0-1BC9E5AF29A7}: NameServer = 85.255.116.66,85.255.112.61

O17 - HKLM\System\CCS\Services\Tcpip\..\{9221EEF1-5E19-4947-860C-27F734F2411B}: NameServer = 85.255.116.66,85.255.112.61

O17 - HKLM\System\CS1\Services\Tcpip\..\{480BB276-0E97-4D97-B1F0-1BC9E5AF29A7}: NameServer = 85.255.116.66,85.255.112.61

O17 - HKLM\System\CS2\Services\Tcpip\..\{480BB276-0E97-4D97-B1F0-1BC9E5AF29A7}: NameServer = 85.255.116.66,85.255.112.61

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll

O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe

O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: lxbx_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbxcoms.exe

O23 - Service: WUSB54GSSVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54GS.exe (file missing)

Share this post


Link to post
Share on other sites

Please download FixWareout from one of these sites:

http://downloads.subratam.org/Fixwareout.exe

http://www.bleepingcomputer.com/file...Fixwareout.exe

 

Save it to your desktop and doubleclick on Fixwareout.exe to run it.

Click Next, then Install, make sure "Run fixit" is checked and click Finish.

The fix will begin; follow the prompts.

You will be asked to reboot your computer; please do so.

Your system may take longer than usual to load; this is normal.

Once the desktop loads post the text that will open (report.txt)

Please post that report and a new Hijackthis log please.

Share this post


Link to post
Share on other sites

Fixwareout ver 1.003

Last edited 04/26/2006

Post this report in the forums please

 

Reg Entries that were deleted

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\xedocne

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\nlcalik

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\xedocne

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\gib_ogol

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\repiwoh

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\llun

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\23plhps

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\mgcppp

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\tesvaf

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\32refaselif

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\putesprpgd

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ypszr

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\daolnwodi

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\nlcalik

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\lavinraCputeS

...

 

Microsoft ® Windows Script Host Version 5.6

Random Runs removed from HKLM

...

 

PLEASE NOTE, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

Example ipsec6.exe is lagitamate

 

»»»»» Search by size and names...

C:\WINDOWS\SYSTEM32\DMVGD.EXE

C:\WINDOWS\SYSTEM32\IPSEC6.EXE

* csr.exe C:\WINDOWS\System32\CSBXJ.EXE

* csr.exe C:\WINDOWS\System32\CSGZW.EXE

 

»»»»» Misc files

 

»»»»» Checking for older varients covered by the Rem3 tool

 

»»»»»

Search five digit cs, dm and jb files

This WILL/CAN also list Legit Files, Submit them at Virustotal

C:\WINDOWS\SYSTEM32\CSBXJ.EXE 51,217 2006-06-09

C:\WINDOWS\SYSTEM32\CSGZW.EXE 51,200 2006-01-29

C:\WINDOWS\SYSTEM32\DMVGD.EXE 44,032 2004-08-03

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 3:13:58 PM, on 6/12/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\ewido anti-malware\ewidoctrl.exe

C:\Program Files\ewido anti-malware\ewidoguard.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\smss.exe

C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GS.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\AOL\1136554450\ee\AOLSoftware.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\WINDOWS\system32\Rundll32.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe

C:\Program Files\Lexmark 7100 Series\lxbxmon.exe

C:\Program Files\Lexmark 7100 Series\ezprint.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\lxbxcoms.exe

C:\WINDOWS\System32\svchost.exe

C:\Documents and Settings\Sean Pierce\Desktop\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://127.0.0.1:80

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1136554450\ee\AOLSoftware.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [panel_its] sound64.exe

O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O4 - HKLM\..\Run: [WUSB54GS] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe

O4 - HKLM\..\Run: [LXBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll,[email protected]

O4 - HKLM\..\Run: [lxbxmon.exe] "C:\Program Files\Lexmark 7100 Series\lxbxmon.exe"

O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7100 Series\ezprint.exe"

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe

O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp

O4 - HKCU\..\Run: [startman] forces_elite.exe

O4 - HKCU\..\Run: [uint32] PasswdMon.exe

O4 - HKCU\..\Run: [setDefaultMIDI] MIDIDef.exe

O4 - HKCU\..\Run: [KillAndClean] "C:\Program Files\KillAndClean\KillAndClean.exe"

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{480BB276-0E97-4D97-B1F0-1BC9E5AF29A7}: NameServer = 85.255.116.125,85.255.112.109

O17 - HKLM\System\CCS\Services\Tcpip\..\{9221EEF1-5E19-4947-860C-27F734F2411B}: NameServer = 85.255.116.125,85.255.112.109

O17 - HKLM\System\CS1\Services\Tcpip\..\{480BB276-0E97-4D97-B1F0-1BC9E5AF29A7}: NameServer = 85.255.116.125,85.255.112.109

O17 - HKLM\System\CS2\Services\Tcpip\..\{480BB276-0E97-4D97-B1F0-1BC9E5AF29A7}: NameServer = 85.255.116.125,85.255.112.109

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll

O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe

O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: lxbx_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbxcoms.exe

O23 - Service: WUSB54GSSVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54GS.exe (file missing)

Share this post


Link to post
Share on other sites

Some files from that fixwareout report I need to examine, please.

 

Go here to upload the files as attachments

http://www.thespykiller.co.uk/forum/index.php?board=1.0

Just press new topic (Make the subject: For CalamityJane from SeanNeedsHelps at LS ),

fill in a short message & then press the browse button and then navigate to & select these files on your computer, If there is more than 1 file then press the more attachments button for each extra file and browse and select etc and then when all the files are listed in the windows press Post to upload the files

 

Files to upload:

 

C:\WINDOWS\SYSTEM32\CSBXJ.EXE

C:\WINDOWS\SYSTEM32\CSGZW.EXE

C:\WINDOWS\SYSTEM32\DMVGD.EXE

 

(Do not post HJT logs there as they will not get dealt with)

 

You DO NOT need to be a member to upload, anybody can upload the files

 

You will not see the files that have been uploaded as they only show to the authorized users who can download them

.............................................................

Go to your Control Panel and look in Add/Remove programs. If found in the list the following, highlight it and press *remove*

KillAndClean

 

Please make a copy of these instructions to have handy as most steps will need to be done in SAFE MODE with all browsers closed.

 

1. Download SmitfraudFix (by S!Ri) to your Desktop (Win2k/WinXP only!).

http://siri.urz.free.fr/Fix/SmitfraudFix.zip

Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.

 

How to extract (decompress) zipped or compressed files

http://www.lvsonline.com/compresstut/index.shtml

 

Note : process.exe is part of the SmitFraudFix tool and is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky, Panda) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

 

2. Reboot into Safe Mode

You can usually do this by restarting your computer and continually tapping F8 until a menu appears. Highlight Safe Mode and hit enter.

 

How to start the computer in Safe mode

http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

 

3. Open HijackThis and do a *scan only*

When it finishes, checkmark these entries in the list and then press the *fix checked* button

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://127.0.0.1:80

 

O4 - HKLM\..\Run: [panel_its] sound64.exe

 

O4 - HKCU\..\Run: [startman] forces_elite.exe

 

O4 - HKCU\..\Run: [uint32] PasswdMon.exe

 

O4 - HKCU\..\Run: [KillAndClean] "C:\Program Files\KillAndClean\KillAndClean.exe"

 

O17 - HKLM\System\CCS\Services\Tcpip\..\{480BB276-0E97-4D97-B1F0-1BC9E5AF29A7}: NameServer = 85.255.116.125,85.255.112.109

 

O17 - HKLM\System\CCS\Services\Tcpip\..\{9221EEF1-5E19-4947-860C-27F734F2411B}: NameServer = 85.255.116.125,85.255.112.109

 

O17 - HKLM\System\CS1\Services\Tcpip\..\{480BB276-0E97-4D97-B1F0-1BC9E5AF29A7}: NameServer = 85.255.116.125,85.255.112.109

 

O17 - HKLM\System\CS2\Services\Tcpip\..\{480BB276-0E97-4D97-B1F0-1BC9E5AF29A7}: NameServer = 85.255.116.125,85.255.112.109

 

O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll

 

4. Delete these files and folder (if found)

 

sound64.exe

forces_elite.exe

PasswdMon.exe

C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll

C:\Program Files\KillAndClean (folder)

 

5. Open the SmitfraudFix folder and double-click smitfraudfix.cmd

 

Select option #2 - Clean by typing 2 and press Enter.

Wait for the tool to complete and disk cleanup to finish.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.

The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

 

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually.

 

6. Once back into normal mode, please scan with HijackThis to produce a log. Post that log into your topic along with the other requested logs named below.

 

Logs needed in your next post are:

 

rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed

 

Fresh HijackThis log

 

 

Have you been able to complete a scan with Ewido yet??

Share this post


Link to post
Share on other sites
I was able to complete an Ewido scan. Would you like me to post the report?

Yes, please. It sometimes has false postives and I want to check for those.

Share this post


Link to post
Share on other sites

Logfile of HijackThis v1.99.1

Scan saved at 5:25:16 PM, on 6/13/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\ewido anti-malware\ewidoctrl.exe

C:\Program Files\ewido anti-malware\ewidoguard.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\smss.exe

C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GS.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\AOL\1136554450\ee\AOLSoftware.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\WINDOWS\system32\Rundll32.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe

C:\Program Files\Lexmark 7100 Series\lxbxmon.exe

C:\Program Files\Lexmark 7100 Series\ezprint.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\lxbxcoms.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Sean Pierce\Desktop\HijackThis\HijackThis.exe

 

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1136554450\ee\AOLSoftware.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O4 - HKLM\..\Run: [WUSB54GS] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe

O4 - HKLM\..\Run: [LXBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll,[email protected]

O4 - HKLM\..\Run: [lxbxmon.exe] "C:\Program Files\Lexmark 7100 Series\lxbxmon.exe"

O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7100 Series\ezprint.exe"

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe

O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp

O4 - HKCU\..\Run: [setDefaultMIDI] MIDIDef.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll

O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe

O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: lxbx_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbxcoms.exe

O23 - Service: WUSB54GSSVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54GS.exe (file missing)

 

 

 

 

SmitFraudFix v2.60

 

Scan done at 17:20:42.62, Tue 06/13/2006

Run from C:\Documents and Settings\Sean Pierce\Desktop\SmitfraudFix\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

Fix ran in safe mode

 

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

 

GenericRenosFix by S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

 

Registry Cleaning done.

 

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End

Share this post


Link to post
Share on other sites

---------------------------------------------------------

ewido anti-malware - Scan report

---------------------------------------------------------

 

+ Created on: 4:53:20 PM, 6/13/2006

+ Report-Checksum: E1D077D8

 

+ Scan result:

 

HKLM\SOFTWARE\Classes\CLSID\{2C1CD3D7-86AC-4068-93BC-A02304BB8C34} -> Trojan.Small : Cleaned with backup

[236] C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll -> Proxy.Xorpix.v : Error during cleaning

:mozilla.16:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup

:mozilla.17:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup

:mozilla.18:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup

:mozilla.19:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup

:mozilla.20:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup

:mozilla.21:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup

:mozilla.22:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup

:mozilla.23:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup

:mozilla.24:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup

:mozilla.25:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup

:mozilla.26:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup

:mozilla.27:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup

:mozilla.28:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup

:mozilla.29:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup

:mozilla.30:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup

:mozilla.31:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup

:mozilla.32:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup

:mozilla.33:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup

:mozilla.34:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup

:mozilla.35:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup

:mozilla.36:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup

:mozilla.37:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup

:mozilla.38:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup

:mozilla.39:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup

:mozilla.40:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup

:mozilla.41:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup

:mozilla.42:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup

:mozilla.43:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup

:mozilla.44:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup

:mozilla.49:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Cqcounter : Cleaned with backup

:mozilla.50:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup

:mozilla.51:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup

:mozilla.52:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup

:mozilla.53:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup

:mozilla.54:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup

:mozilla.55:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup

:mozilla.63:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup

:mozilla.64:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup

:mozilla.65:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup

:mozilla.66:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup

:mozilla.67:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup

:mozilla.68:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup

:mozilla.69:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup

:mozilla.70:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup

:mozilla.71:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup

:mozilla.72:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup

:mozilla.73:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup

:mozilla.80:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup

:mozilla.81:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup

:mozilla.82:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup

:mozilla.83:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup

:mozilla.84:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup

:mozilla.87:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup

:mozilla.88:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup

:mozilla.89:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup

:mozilla.90:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup

:mozilla.91:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup

:mozilla.92:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup

:mozilla.93:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup

:mozilla.94:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup

:mozilla.95:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup

:mozilla.97:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup

:mozilla.98:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup

:mozilla.99:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup

:mozilla.100:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup

:mozilla.101:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup

:mozilla.102:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup

:mozilla.103:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup

:mozilla.104:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup

:mozilla.105:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup

:mozilla.106:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup

:mozilla.107:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup

:mozilla.108:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup

:mozilla.109:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup

:mozilla.116:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup

:mozilla.117:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup

:mozilla.118:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup

:mozilla.119:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup

:mozilla.120:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup

:mozilla.121:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup

:mozilla.122:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup

:mozilla.123:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup

:mozilla.124:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup

:mozilla.125:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup

:mozilla.126:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup

:mozilla.127:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup

:mozilla.128:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup

:mozilla.129:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup

:mozilla.130:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup

:mozilla.131:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup

:mozilla.132:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup

:mozilla.133:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup

:mozilla.134:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup

:mozilla.135:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup

:mozilla.136:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup

:mozilla.137:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup

:mozilla.138:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup

:mozilla.139:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup

:mozilla.140:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup

:mozilla.141:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup

:mozilla.143:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup

:mozilla.159:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup

:mozilla.160:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup

:mozilla.161:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup

:mozilla.162:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup

:mozilla.163:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup

:mozilla.164:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup

:mozilla.182:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup

:mozilla.183:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup

:mozilla.184:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup

:mozilla.185:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup

:mozilla.186:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup

:mozilla.187:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup

:mozilla.188:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup

:mozilla.189:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup

:mozilla.190:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup

:mozilla.191:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup

:mozilla.192:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup

:mozilla.193:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup

:mozilla.206:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup

:mozilla.207:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup

:mozilla.210:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup

:mozilla.211:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup

:mozilla.213:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup

:mozilla.218:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup

:mozilla.219:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup

:mozilla.220:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup

:mozilla.221:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup

:mozilla.222:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup

:mozilla.223:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup

:mozilla.224:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup

:mozilla.225:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup

:mozilla.226:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup

:mozilla.228:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup

:mozilla.229:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup

:mozilla.230:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup

:mozilla.231:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup

:mozilla.232:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup

:mozilla.233:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup

:mozilla.234:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup

:mozilla.235:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup

:mozilla.258:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup

:mozilla.290:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup

:mozilla.292:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup

:mozilla.293:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup

:mozilla.294:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup

:mozilla.296:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup

:mozilla.297:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup

:mozilla.298:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup

:mozilla.299:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup

:mozilla.300:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup

:mozilla.301:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup

:mozilla.302:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup

:mozilla.304:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup

:mozilla.305:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup

:mozilla.306:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup

:mozilla.307:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup

:mozilla.308:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup

:mozilla.309:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup

:mozilla.310:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup

:mozilla.311:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup

:mozilla.312:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup

:mozilla.330:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup

:mozilla.331:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup

:mozilla.332:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup

:mozilla.333:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup

:mozilla.335:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup

:mozilla.336:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup

:mozilla.337:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup

:mozilla.338:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup

:mozilla.359:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup

:mozilla.360:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup

:mozilla.361:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup

:mozilla.362:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup

:mozilla.363:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup

:mozilla.412:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup

:mozilla.428:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup

:mozilla.481:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup

:mozilla.482:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup

:mozilla.483:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup

:mozilla.484:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup

:mozilla.485:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup

:mozilla.510:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup

:mozilla.518:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.519:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.520:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.521:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.522:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.523:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.524:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.525:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.526:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.527:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.528:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.529:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.530:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.531:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.532:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.533:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.534:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.535:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.536:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.537:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.538:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.539:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.540:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.541:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.542:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.543:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.544:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.545:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.546:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.547:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.548:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.549:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.550:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.551:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.552:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.553:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.554:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.555:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.556:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.557:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.558:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.559:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.560:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.561:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.562:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.563:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.564:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.565:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.566:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.567:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.575:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup

:mozilla.576:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup

:mozilla.577:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup

:mozilla.578:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup

:mozilla.579:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup

:mozilla.589:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup

:mozilla.590:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup

:mozilla.591:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup

:mozilla.592:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup

:mozilla.593:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup

:mozilla.594:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup

:mozilla.604:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup

:mozilla.605:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup

:mozilla.609:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup

:mozilla.615:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup

:mozilla.643:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.671:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup

:mozilla.674:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup

:mozilla.675:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup

:mozilla.676:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup

:mozilla.677:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup

:mozilla.678:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup

:mozilla.689:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup

:mozilla.690:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup

:mozilla.691:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup

:mozilla.692:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup

:mozilla.693:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup

:mozilla.694:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup

:mozilla.695:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup

:mozilla.696:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup

:mozilla.697:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup

:mozilla.698:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup

:mozilla.699:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup

:mozilla.700:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup

:mozilla.701:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup

:mozilla.702:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup

:mozilla.723:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup

:mozilla.724:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup

:mozilla.734:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup

:mozilla.735:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup

:mozilla.792:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup

:mozilla.793:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup

:mozilla.794:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup

:mozilla.795:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup

:mozilla.796:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup

:mozilla.804:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.820:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.821:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.822:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup

:mozilla.823:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup

:mozilla.843:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.846:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup

:mozilla.847:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup

:mozilla.848:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup

:mozilla.851:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup

:mozilla.858:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup

:mozilla.879:C:\Documents and Settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\gm60ncij.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup

C:\Documents and Settings\Sean Pierce\Cookies\sean [email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup

C:\Documents and Settings\Sean Pierce\Cookies\sean [email protected][1].txt -> TrackingCookie.Doubleclick : Cleaned with backup

Share this post


Link to post
Share on other sites

C:\Documents and Settings\Sean Pierce\Cookies\sean [email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup

C:\Documents and Settings\Sean Pierce\Local Settings\Temp\10.tmp -> Downloader.Agent.afl : Cleaned with backup

C:\Documents and Settings\Sean Pierce\Local Settings\Temp\11.tmp -> Downloader.Small.ciw : Cleaned with backup

C:\Documents and Settings\Sean Pierce\Local Settings\Temp\12.tmp -> Backdoor.Agent.aai : Cleaned with backup

C:\Documents and Settings\Sean Pierce\Local Settings\Temp\13.tmp -> Downloader.Agent.afl : Cleaned with backup

C:\Documents and Settings\Sean Pierce\Local Settings\Temp\14.tmp -> Downloader.Small.ciw : Cleaned with backup

C:\Documents and Settings\Sean Pierce\Local Settings\Temp\7.dlb -> Downloader.Tibs.eo : Cleaned with backup

C:\Documents and Settings\Sean Pierce\Local Settings\Temp\702B.tmp -> Proxy.Agent.kb : Cleaned with backup

C:\Documents and Settings\Sean Pierce\Local Settings\Temp\89DE.tmp -> Proxy.Agent.kb : Cleaned with backup

C:\Documents and Settings\Sean Pierce\Local Settings\Temp\Cookies\sean [email protected][1].txt -> TrackingCookie.Masterstats : Cleaned with backup

C:\Documents and Settings\Sean Pierce\Local Settings\Temp\eonfobde.exe -> Downloader.Tibs.eq : Cleaned with backup

C:\Documents and Settings\Sean Pierce\Local Settings\Temp\F.tmp -> Backdoor.Agent.aai : Cleaned with backup

C:\Documents and Settings\Sean Pierce\Local Settings\Temp\pts5CA.tmp -> Adware.Casino : Cleaned with backup

C:\Documents and Settings\Sean Pierce\Local Settings\Temp\pts5CB.tmp -> Adware.Casino : Cleaned with backup

C:\Documents and Settings\Sean Pierce\Local Settings\Temp\svchost.exe -> Downloader.Agent.aic : Cleaned with backup

C:\Documents and Settings\Sean Pierce\Local Settings\Temp\vx1.game -> Dropper.Small.aps : Cleaned with backup

C:\Documents and Settings\Sean Pierce\Local Settings\Temp\vx2.game -> Proxy.Small.bo : Cleaned with backup

C:\Documents and Settings\Sean Pierce\Local Settings\Temp\vx3.game -> Trojan.Small : Cleaned with backup

C:\Documents and Settings\Sean Pierce\Local Settings\Temp\vx4.game -> Downloader.Small.ctk : Cleaned with backup

C:\Documents and Settings\Sean Pierce\Local Settings\Temp\vx6.game -> Downloader.Small.cxz : Cleaned with backup

C:\RECYCLER\S-1-5-21-789336058-838170752-725345543-1003\Dc117.txt -> TrackingCookie.2o7 : Cleaned with backup

C:\RECYCLER\S-1-5-21-789336058-838170752-725345543-1003\Dc122.exe -> Adware.Casino : Cleaned with backup

C:\RECYCLER\S-1-5-21-789336058-838170752-725345543-1003\Dc123.exe -> Trojan.Favadd.ar : Cleaned with backup

C:\RECYCLER\S-1-5-21-789336058-838170752-725345543-1003\Dc124.exe -> Trojan.Small.gq : Cleaned with backup

C:\RECYCLER\S-1-5-21-789336058-838170752-725345543-1003\Dc126\2238[1].exe -> Trojan.Spambot : Cleaned with backup

C:\RECYCLER\S-1-5-21-789336058-838170752-725345543-1003\Dc128\2238[1].exe -> Trojan.Spambot : Cleaned with backup

C:\RECYCLER\S-1-5-21-789336058-838170752-725345543-1003\Dc133.exe -> Hijacker.Small.kg : Cleaned with backup

C:\RECYCLER\S-1-5-21-789336058-838170752-725345543-1003\Dc134.exe -> Trojan.Hoster : Cleaned with backup

C:\RECYCLER\S-1-5-21-789336058-838170752-725345543-1003\Dc35.txt -> TrackingCookie.Advertising : Cleaned with backup

C:\RECYCLER\S-1-5-21-789336058-838170752-725345543-1003\Dc39.txt -> TrackingCookie.Falkag : Cleaned with backup

C:\RECYCLER\S-1-5-21-789336058-838170752-725345543-1003\Dc40.txt -> TrackingCookie.Atdmt : Cleaned with backup

C:\RECYCLER\S-1-5-21-789336058-838170752-725345543-1003\Dc47.txt -> TrackingCookie.Com : Cleaned with backup

C:\RECYCLER\S-1-5-21-789336058-838170752-725345543-1003\Dc60.txt -> TrackingCookie.Doubleclick : Cleaned with backup

C:\RECYCLER\S-1-5-21-789336058-838170752-725345543-1003\Dc64.txt -> TrackingCookie.Fastclick : Cleaned with backup

C:\RECYCLER\S-1-5-21-789336058-838170752-725345543-1003\Dc80.txt -> TrackingCookie.Mediaplex : Cleaned with backup

C:\WINDOWS\csrss.dll -> Trojan.Liewar.ab : Cleaned with backup

C:\WINDOWS\smssa.dll -> Trojan.Liewar.ab : Cleaned with backup

C:\WINDOWS\system32\csbxj.exe -> Downloader.Agent.uj : Cleaned with backup

C:\WINDOWS\system32\csgzw.exe -> Downloader.Agent.uj : Cleaned with backup

C:\WINDOWS\system32\csure.exe -> Downloader.Agent.uj : Cleaned with backup

C:\WINDOWS\system32\di.exe -> Downloader.Small.awa : Cleaned with backup

C:\WINDOWS\system32\dlh9jkdq7.exe -> Downloader.Tibs.eo : Cleaned with backup

C:\WINDOWS\system32\dmvgd.exe -> Trojan.Pakes : Cleaned with backup

C:\WINDOWS\system32\dxvwavlx.exe -> Trojan.Spambot : Cleaned with backup

C:\WINDOWS\system32\dxvwcbkn.exe -> Trojan.Spambot : Cleaned with backup

C:\WINDOWS\system32\dxvwccjw.exe -> Trojan.Spambot : Cleaned with backup

C:\WINDOWS\system32\dxvwdcvl.exe -> Trojan.Spambot : Cleaned with backup

C:\WINDOWS\system32\dxvwdopr.exe -> Trojan.Spambot : Cleaned with backup

C:\WINDOWS\system32\dxvwfdvx.exe -> Trojan.Spambot : Cleaned with backup

C:\WINDOWS\system32\dxvwfgsc.exe -> Trojan.Spambot : Cleaned with backup

C:\WINDOWS\system32\dxvwfotz.exe -> Trojan.Spambot : Cleaned with backup

C:\WINDOWS\system32\dxvwfpli.exe -> Trojan.Spambot : Cleaned with backup

C:\WINDOWS\system32\dxvwgqtq.exe -> Trojan.Spambot : Cleaned with backup

C:\WINDOWS\system32\dxvwhddh.exe -> Trojan.Spambot : Cleaned with backup

C:\WINDOWS\system32\dxvwhqrg.exe -> Trojan.Spambot : Cleaned with backup

C:\WINDOWS\system32\dxvwhuuu.exe -> Trojan.Spambot : Cleaned with backup

C:\WINDOWS\system32\dxvwidxa.exe -> Trojan.Spambot : Cleaned with backup

C:\WINDOWS\system32\dxvwjfqr.exe -> Trojan.Spambot : Cleaned with backup

C:\WINDOWS\system32\dxvwjiin.exe -> Trojan.Spambot : Cleaned with backup

C:\WINDOWS\system32\dxvwjoeo.exe -> Trojan.Spambot : Cleaned with backup

C:\WINDOWS\system32\dxvwjtfn.exe -> Trojan.Spambot : Cleaned with backup

C:\WINDOWS\system32\dxvwjvaf.exe -> Trojan.Spambot : Cleaned with backup

C:\WINDOWS\system32\dxvwjyyu.exe -> Trojan.Spambot : Cleaned with backup

C:\WINDOWS\system32\dxvwkhqy.exe -> Trojan.Spambot : Cleaned with backup

C:\WINDOWS\system32\dxvwkwnt.exe -> Trojan.Spambot : Cleaned with backup

C:\WINDOWS\system32\dxvwlmcz.exe -> Trojan.Spambot : Cleaned with backup

C:\WINDOWS\system32\dxvwmgci.exe -> Trojan.Spambot : Cleaned with backup

C:\WINDOWS\system32\dxvwmuyx.exe -> Trojan.Spambot : Cleaned with backup

C:\WINDOWS\system32\dxvwmzgy.exe -> Trojan.Spambot : Cleaned with backup

C:\WINDOWS\system32\dxvwntxt.exe -> Trojan.Spambot : Cleaned with backup

C:\WINDOWS\system32\dxvwoxub.exe -> Trojan.Spambot : Cleaned with backup

C:\WINDOWS\system32\dxvwozhh.exe -> Trojan.Spambot : Cleaned with backup

C:\WINDOWS\system32\dxvwpalk.exe -> Trojan.Spambot : Cleaned with backup

C:\WINDOWS\system32\dxvwpcqn.exe -> Trojan.Spambot : Cleaned with backup

C:\WINDOWS\system32\dxvwperc.exe -> Trojan.Spambot : Cleaned with backup

C:\WINDOWS\system32\dxvwplea.exe -> Trojan.Spambot : Cleaned with backup

C:\WINDOWS\system32\dxvwproq.exe -> Trojan.Spambot : Cleaned with backup

C:\WINDOWS\system32\dxvwqdch.exe -> Trojan.Spambot : Cleaned with backup

C:\WINDOWS\system32\dxvwqwfi.exe -> Trojan.Spambot : Cleaned with backup

C:\WINDOWS\system32\dxvwseug.exe -> Trojan.Spambot : Cleaned with backup

C:\WINDOWS\system32\dxvwstdj.exe -> Trojan.Spambot : Cleaned with backup

C:\WINDOWS\system32\dxvwszfv.exe -> Trojan.Spambot : Cleaned with backup

C:\WINDOWS\system32\dxvwtkbf.exe -> Trojan.Spambot : Cleaned with backup

C:\WINDOWS\system32\dxvwtlka.exe -> Trojan.Spambot : Cleaned with backup

C:\WINDOWS\system32\dxvwtnjx.exe -> Trojan.Spambot : Cleaned with backup

C:\WINDOWS\system32\dxvwtnvd.exe -> Trojan.Spambot : Cleaned with backup

C:\WINDOWS\system32\dxvwtrdw.exe -> Trojan.Spambot : Cleaned with backup

C:\WINDOWS\system32\dxvwufrp.exe -> Trojan.Spambot : Cleaned with backup

C:\WINDOWS\system32\dxvwulwq.exe -> Trojan.Spambot : Cleaned with backup

C:\WINDOWS\system32\dxvwurbv.exe -> Trojan.Spambot : Cleaned with backup

C:\WINDOWS\system32\dxvwvqky.exe -> Trojan.Spambot : Cleaned with backup

C:\WINDOWS\system32\dxvwvvwy.exe -> Trojan.Spambot : Cleaned with backup

C:\WINDOWS\system32\dxvwwddq.exe -> Trojan.Spambot : Cleaned with backup

C:\WINDOWS\system32\dxvwyapu.exe -> Trojan.Spambot : Cleaned with backup

C:\WINDOWS\system32\dxvwycjn.exe -> Trojan.Spambot : Cleaned with backup

C:\WINDOWS\system32\dxvwzjmq.exe -> Trojan.Spambot : Cleaned with backup

C:\WINDOWS\system32\dxvwzqwv.exe -> Trojan.Spambot : Cleaned with backup

C:\WINDOWS\system32\idownload.exe -> Downloader.Small.buy : Cleaned with backup

C:\WINDOWS\system32\ipod.raw.exe -> Proxy.Lager.bj : Cleaned with backup

C:\WINDOWS\system32\rzspy.exe -> Adware.Raze : Cleaned with backup

C:\WINDOWS\system32\taskdir.exe -> Proxy.Lager.bj : Cleaned with backup

C:\WINDOWS\system32\vxgame1.exe -> Dropper.Small.aps : Cleaned with backup

C:\WINDOWS\system32\vxgame4.exe -> Downloader.Small.ctk : Cleaned with backup

C:\WINDOWS\system32\__delete_on_reboot__0mcamcap.exe -> Proxy.Small.bo : Cleaned with backup

C:\WINDOWS\taskmgr.dll -> Trojan.Liewar.ab : Cleaned with backup

C:\WINDOWS\Temp\16F4.tmp -> Proxy.Agent.kb : Cleaned with backup

C:\WINDOWS\Temp\66EA.tmp -> Proxy.Agent.kb : Cleaned with backup

C:\WINDOWS\Temp\82B0.tmp -> Proxy.Agent.kb : Cleaned with backup

C:\WINDOWS\Temp\D5DD.tmp -> Proxy.Agent.kb : Cleaned with backup

C:\WINDOWS\Temp\E20.tmp -> Proxy.Agent.kb : Cleaned with backup

C:\WINDOWS\uvchost.dll -> Trojan.Liewar.ab : Cleaned with backup

C:\WINDOWS\winlogon.dll -> Trojan.Liewar.ab : Cleaned with backup

 

 

::Report End

Share this post


Link to post
Share on other sites

That was a really badly infested computer.

 

I think we better check for a rootkit. I've run into that stubborn 020 artm_new.dll before.

 

Post a report from this tool

 

Download the free beta trial of this tool from F-Secure called Blacklight

F-Secure Blacklight: http://www.f-secure.com/blacklight/try.shtml

Doubleclick on bibeta.exe to run it.

Click the *I accept* button near the bottom of that page.

Download and run blacklite click > scan then > next, next again then exit

there will be a new text file near blacklite.Post it please. The text file is named:

fsbl.xxxxxxx.log (the xxxxxxx stand for numbers)

!!Do not rename any files yet

..................

And also from this tool

 

Please download Rootkit Revealer

http://www.sysinternals.com/utilities/rootkitrevealer.html

 

(link is at the very bottom of the page)

Unzip it to your desktop.

Open the rootkitrevealer folder and double-click rootkitrevealer.exe

Click the Scan button (bottom right)

It may take a while to scan (don't do anything while it's running)

When it's done, go up to File > Save. Choose to save it to your desktop.

Open rootkitrevealer.txt on your desktop and copy the entire contents and paste them here

Share this post


Link to post
Share on other sites

06/13/06 20:37:16 [info]: BlackLight Engine 1.0.37 initialized

06/13/06 20:37:16 [info]: OS: 5.1 build 2600 (Service Pack 2)

06/13/06 20:37:16 [Note]: 7019 4

06/13/06 20:37:16 [Note]: 7005 0

06/13/06 20:37:35 [Note]: 7006 0

06/13/06 20:37:35 [Note]: 7011 1112

06/13/06 20:37:36 [Note]: 7026 0

06/13/06 20:37:36 [Note]: 7026 0

06/13/06 20:37:51 [Note]: FSRAW library version 1.7.1015

06/13/06 20:41:55 [Note]: 7007 0

Share this post


Link to post
Share on other sites

Ok, that's 1 and it's clear ...I'll wait for the 2nd one (RootkitRevealer can take a while - don't do anything while it's scanning. Leave the PC idle during the scan)

Share this post


Link to post
Share on other sites

And that one is clear as well :wub:

 

I think you're good to go unless you see any remaining problems. Edit: Wrong! We still have the 020 item to deal with and I just got your uploaded files. Please see my post further down.

 

Some final cleanup steps and prevention recommendations for you are all that remain, I think.

 

Navigate to C:\Windows\Temp

Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.

 

Navigate to C:\Documents and Settings\(EVERY LISTED USER)\Local Settings\Temp

Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.

 

Clean out your Temporary Internet files.

  • Quit Internet Explorer and quit any instances of Windows Explorer.
  • Click Start, click Control Panel, and then double-click Internet Options.
  • On the General tab, click Delete Files under Temporary Internet Files.
  • In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
     
  • Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
  • Click OK.

Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.

....................................................

 

Now that your PC is clean, make sure all programs are running properly and then you'll need to reset your restore point in Windows XP.......why?

 

One of the best features of Windows ME or XP is the System Restore option, however if a malware infects a computer with this operating system it can be backed up in the System Restore folder. Therefore, clearing the restore points is necessary after malware removal.

 

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

 

(winXP)

 

1. Turn off System Restore.

Go to Start and right-click on *My Computer*.

Click Properties.

Click the System Restore tab.

Put a Checkmark in the box next to "Turn off System Restore".

Click Apply, and then click OK.

 

2. Reboot.

 

3. Turn ON System Restore.

Go to Start and right-click on *My Computer*.

Click Properties.

Click the System Restore tab.

Remove the checkmark next to "Turn off System Restore".

Click Apply, and then click OK.

 

How to Turn On and Turn Off System Restore in Windows XP

http://support.microsoft.com/default.aspx?...kb;en-us;310405

 

Next, I highly recommend you get some extra protection to prevent future infections. Here are some things you can do and some free programs to help :).

How do I prevent Browser Hijacks and Spyware?

http://www.dslreports.com/faq/13620

 

I'm happy to see you have SP2 installed. That will address numerous security issues in your Operating System and IE

Make sure that you keep your Operating System and IE updated with the latest Critical Security Updates from Microsoft...they usually come out once a month, on the 2nd Tuesday of each month. This is the first step in malware prevention, as many nasties now take advantage of new exploits and if not patched, you are vulnerable!

Windows Update

http://update.microsoft.com/microsoftupdate/

 

And see this link for instructions on how to configure the enhanced security features in SP2:

http://www.microsoft.com/technet/security/...xp/iesecxp.mspx

 

I also highly recommend to get the free tool, Microsoft Baseline Security Analyzer (MBSA) from Microsoft to analyze your PC security for prevention purposes.

 

MBSA Version 2.0 will scan for common system misconfigurations on Windows 2000, Windows XP, and Windows Server 2003 systems. This program will identify the system security weaknesses in your browser and operating system and provides easy instructions to correct them. This includes any missing critical Windows security updates, system vulnerabilities and your IE Browser security settings. Get the download here:

Microsoft Baseline Security Analyzer

http://www.microsoft.com/technet/security/...s/mbsahome.mspx

Choose MBSAsetup-EN.msi = (English Version) or the language appropriate for you.

Share this post


Link to post
Share on other sites
Sign in to follow this