suspected spyfalcon infection

Question

haruka108 0 Light Poster

17 Years Ago

flashing virus alert in system tray. this is the hijackthis log i got. please help

Logfile of HijackThis v1.99.1
Scan saved at 1:00:36 AM, on 5/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HP_Owner\My Documents\HijackThis.exe

O2 - BHO: Nothing - {f79fd28e-36ee-4989-aa61-9dd8e30a82fa} - C:\WINDOWS\system32\hp861C.tmp (file missing)
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [FAhid] C:\IPen32\Fahid.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [9PTig] C:\WINDOWS\xnlnb.exe
O4 - HKLM\..\Run: [??"h'???r?WC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xnlnb.exe
O4 - HKLM\..\Run: [庋勷????佒?媺C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xnlnb.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [eMule] C:\Program Files\emule\emule.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [USBDetector] C:\USBStorage\USBDetector.exe
O4 - HKLM\..\Run: [Gene USB Monitor] C:\WINDOWS\system32\USBMonit.exe
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [7cb8d337.exe] C:\WINDOWS\system32\7cb8d337.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [7cb8d337.exe] C:\Documents and Settings\HP_Owner\Local Settings\Application Data\7cb8d337.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Palo Alto Software Update Manager 8.0.lnk = C:\Program Files\Common Files\Palo Alto Software\8.0\PAS8_Update.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\sslaunch.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 蚚IS狟婥 - C:\Program Files\IS\IS.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://cgi.verizon.net/bookmarks/bmredir.asp?region=west&bw=dsl&cd=4.0&bm=ho_home
O16 - DPF: {04063354-A10E-4427-A1EC-F3CC81587BC6} (Mines Control) - http://www.worldwinner.com/games/v40/mines/mines.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {41D1977F-4161-4720-800F-EA4903983A38} (Jigsaw Genius Control) - http://www.worldwinner.com/games/v42/jigsaw/jigsaw.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5EE92643-21CE-4949-903F-39439DCC3944} (Shapetris Control) - http://www.worldwinner.com/games/v42/shape/shape.cab
O16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} (MabinogiWebAvatarRenderer Class) - http://avatar.mabinogi.jp/3drender/renderer/mabiweb_JP.2005.2.2.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://www.worldwinner.com/games/v55/cubis/cubis.cab
O16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} (Tile City Control) - http://www.worldwinner.com/games/v41/tilecity/tilecity.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winwcn32 - winwcn32.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

windows-virus

5 Contributors
12 Replies
700 Views
2 Days Discussion Span
Latest Post 17 Years Ago Latest Post by haruka108

All 12 Replies

DMR 152 Wombat At Large

17 Years Ago

Judging by the (abnormally short) list of running processes at the beginning of your log, it looks like you ran HJT while booted in Safe Mode. If so, please run HJT while booted normally and post that log.

DMR 152 Wombat At Large

17 Years Ago

That's better; thanks. I have to log off now, but one of our other troubleshooters should be coming online soon. Hopefully they'll pick up on this before I return tomorrow night.

DMR 152 Wombat At Large

17 Years Ago

Your log shows signs of multiple infections. Don't worry though, we'll get you on the road to recovery very shortly.

Gotta go now, seriously. It's 1:15AM in my world, and [IMG]http://www.stevewolfonline.com/Downloads/DMR/Visuals/sleep.gif[/IMG] [IMG]http://www.stevewolfonline.com/Downloads/DMR/Visuals/sleep2.gif[/IMG]

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

haruka108 0 Light Poster · Answer 1 · 2006-05-18T12:48:24+00:00

here. thanks.

Logfile of HijackThis v1.99.1
Scan saved at 2:47:59 AM, on 5/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\IPen32\Fahid.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\program files\common files\installshield\updateservice\issch.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\QuickTime\qttask.exe
C:\USBStorage\USBDetector.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\7cb8d337.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Common Files\Palo Alto Software\8.0\PAS8_Update.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Documents and Settings\HP_Owner\My Documents\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

O2 - BHO: Nothing - {f79fd28e-36ee-4989-aa61-9dd8e30a82fa} - C:\WINDOWS\system32\hp861C.tmp (file missing)
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [FAhid] C:\IPen32\Fahid.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [9PTig] C:\WINDOWS\xnlnb.exe
O4 - HKLM\..\Run: [??"h'???r?WC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xnlnb.exe
O4 - HKLM\..\Run: [庋勷????佒?媺C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xnlnb.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [eMule] C:\Program Files\emule\emule.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [USBDetector] C:\USBStorage\USBDetector.exe
O4 - HKLM\..\Run: [Gene USB Monitor] C:\WINDOWS\system32\USBMonit.exe
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [7cb8d337.exe] C:\WINDOWS\system32\7cb8d337.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [7cb8d337.exe] C:\Documents and Settings\HP_Owner\Local Settings\Application Data\7cb8d337.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Palo Alto Software Update Manager 8.0.lnk = C:\Program Files\Common Files\Palo Alto Software\8.0\PAS8_Update.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\sslaunch.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 蚚IS狟婥 - C:\Program Files\IS\IS.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://cgi.verizon.net/bookmarks/bmredir.asp?region=west&bw=dsl&cd=4.0&bm=ho_home
O16 - DPF: {04063354-A10E-4427-A1EC-F3CC81587BC6} (Mines Control) - http://www.worldwinner.com/games/v40/mines/mines.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {41D1977F-4161-4720-800F-EA4903983A38} (Jigsaw Genius Control) - http://www.worldwinner.com/games/v42/jigsaw/jigsaw.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5EE92643-21CE-4949-903F-39439DCC3944} (Shapetris Control) - http://www.worldwinner.com/games/v42/shape/shape.cab
O16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} (MabinogiWebAvatarRenderer Class) - http://avatar.mabinogi.jp/3drender/renderer/mabiweb_JP.2005.2.2.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://www.worldwinner.com/games/v55/cubis/cubis.cab
O16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} (Tile City Control) - http://www.worldwinner.com/games/v41/tilecity/tilecity.cab
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: gopher - {79EAC9E4-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll
O18 - Protocol: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winwcn32 - winwcn32.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

haruka108 0 Light Poster · Answer 2 · 2006-05-18T14:09:51+00:00

thank you very much. i've been trying to find solution, but couldn't find anything.

a little update: i don't know if i did something, but the system tray icon is gone, but the popup still comes every minute or so.

Burton1 2 Junior Poster in Training · Answer 3 · 2006-05-18T22:19:53+00:00

Lets get started. I have to 2, but ill will make a quick fix. Someone else will also help you.

Please follow these in order.

Step 1

Welcome,
Please follow the instructions provided, you may want to print out these instructions and use them as a reference.

Please download ewido anti-malware it is a free version of the program.

Install ewido anti-malware
When installing, under "Additional Options" uncheck..
- Install background guard
- Install scan via context menu
Launch ewido, there should be an icon on your desktop, double-click it.
The program will now open to the main screen.
When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
You will need to update ewido to the latest definition files.
- On the left hand side of the main screen click update.
- Then click on Start Update.
The update will start and a progress bar will show the updates being installed.
(the status bar at the bottom will display ("Update successful")

If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Once the updates are installed do the following:

Click on scanner
Click on Complete System Scan and the scan will begin.
You will be prompted to clean the first infection.
Select "Perform action on all infections", then proceed.
Once the scan has completed, there will be a button located on the bottom of the screen named Save report
Click Save report.
Save the report .txt file to your desktop or a location where you can find it easily.

Close ewido anti-malware.

Step 2

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

tayspen 28 <Insert title here> Team Colleague · Answer 4 · 2006-05-19T00:52:07+00:00

Ineed you have a few, along with the above part of the fox, lets have Ewido, take out waht it can before we proceed manually.

Please download ewido anti-malware it is a free version of the program.

Install ewido anti-malware
When installing, under "Additional Options" uncheck..
- Install background guard
- Install scan via context menu
Launch ewido, there should be an icon on your desktop, double-click it.
The program will now open to the main screen.
When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
You will need to update ewido to the latest definition files.
- On the left hand side of the main screen click update.
- Then click on Start Update.
The update will start and a progress bar will show the updates being installed.
(the status bar at the bottom will display ("Update successful" )

If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Once the updates are installed do the following:

Open up Ewido
Click on scanner
Click on Complete System Scan and the scan will begin.
You will be prompted to clean the first infection.
Select "Perform action on all infections", then proceed.
Once the scan has completed, there will be a button located on the bottom of the screen named Save report
Click Save report.
Save the report .txt file to your desktop or a location where you can find it easily.
Close ewido anti-malware.

Reboot.

Post the ewido log, and a new HJT log.

haruka108 0 Light Poster · Answer 5 · 2006-05-19T03:16:41+00:00

here's the ewido log:

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 5:01:23 PM, 5/18/2006
+ Report-Checksum: B06FEB92

+ Scan result:

[1924] C:\WINDOWS\system32\fyhhxw.dll -> Trojan.Fakealert : Cleaned with backup
[1920] C:\Documents and Settings\HP_Owner\Local Settings\Application Data\7cb8d337.exe -> Downloader.Tiny.bw : Cleaned with backup
C:\!KillBox\winwcn32.dll -> Trojan.Agent.qt : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.6:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.7:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.8:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.9:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.10:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.11:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.12:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.13:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.14:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.15:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.16:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.17:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.18:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.19:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.20:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
:mozilla.77:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.78:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.79:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.80:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.81:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.82:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.83:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.84:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.85:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.86:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.87:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.88:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.89:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.90:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.91:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.92:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.94:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.97:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.98:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.99:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.100:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.101:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.102:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.103:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.104:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.105:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.106:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.107:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.108:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.109:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.112:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.113:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.114:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.115:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.116:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.117:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.118:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.119:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.120:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.121:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.122:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.123:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.124:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.160:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.161:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.162:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.163:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.164:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.166:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned with backup
:mozilla.167:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Spylog : Cleaned with backup
:mozilla.168:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup
:mozilla.183:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.184:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.185:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.186:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.187:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.188:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.189:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.190:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.191:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.204:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.205:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.206:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.207:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.208:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.209:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.210:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.211:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.212:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.213:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.214:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.215:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.216:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.217:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.218:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.219:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.220:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.221:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.222:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.223:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.224:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.225:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.226:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.227:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.228:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.229:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.230:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.231:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.232:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.233:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.234:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.235:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.236:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.237:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.238:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.239:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.240:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.241:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.242:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.243:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.244:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.245:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.246:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.247:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.248:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.249:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.250:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.251:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.252:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.263:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.264:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.278:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.279:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.280:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.281:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.282:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.284:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.285:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.286:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.287:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.308:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.314:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.315:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.316:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.317:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.318:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.319:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.320:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.321:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.322:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.326:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.327:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.328:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.329:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.330:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.331:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.332:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.333:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.334:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.335:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.336:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.337:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.338:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.339:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.340:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.341:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.342:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.343:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.344:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.354:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.355:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.356:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.357:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.358:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.371:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.372:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.373:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.374:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.375:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.376:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.377:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.378:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.436:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.437:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.438:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.439:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.440:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.441:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.459:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.460:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.461:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.469:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.470:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.471:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.472:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.473:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.474:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.475:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.476:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.477:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.478:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.479:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.480:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.481:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.482:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.483:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.484:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.485:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.486:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.487:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.488:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.489:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.490:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.491:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.492:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.493:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.494:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.495:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.496:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.497:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.498:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.499:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.500:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.501:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.502:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.503:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.504:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.505:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.506:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.507:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.508:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.509:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.510:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.511:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.512:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.513:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.514:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.515:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.516:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.517:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.518:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.519:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.520:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.521:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.522:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.523:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.524:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.526:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.533:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.534:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.535:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.536:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.545:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.546:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.550:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup
:mozilla.551:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup
:mozilla.552:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup
:mozilla.553:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup
:mozilla.573:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.578:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.584:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.626:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup
:mozilla.643:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.644:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.663:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.675:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.676:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.677:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.678:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.679:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.680:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.681:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.682:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.683:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.684:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.685:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.686:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.687:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.688:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.689:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.690:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.691:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.692:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.722:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.723:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.729:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.730:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.731:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.732:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.733:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.750:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup
:mozilla.751:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Directnetadvertising : Cleaned with backup
:mozilla.752:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Directnetadvertising : Cleaned with backup
:mozilla.753:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Directnetadvertising : Cleaned with backup
:mozilla.777:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.778:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.779:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.780:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.781:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.822:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup
:mozilla.823:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup
:mozilla.834:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.835:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.854:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Weborama : Cleaned with backup
:mozilla.855:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Weborama : Cleaned with backup
:mozilla.856:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Weborama : Cleaned with backup
:mozilla.908:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.909:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.923:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.924:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.925:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.931:C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wrb0ru2k.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned with backup
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\7cb8d337.exe -> Downloader.Tiny.bw : Cleaned with backup
C:\WINDOWS\system32\7cb8d337.exe -> Downloader.Tiny.bw : Cleaned with backup
C:\WINDOWS\system32\fyhhxw.dll -> Trojan.Fakealert : Cleaned with backup

::Report End

-----------------------------------------------------------------------------

here's the HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 5:15:00 PM, on 5/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\svchost.exe
C:\IPen32\Fahid.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\program files\common files\installshield\updateservice\issch.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\QuickTime\qttask.exe
C:\USBStorage\USBDetector.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Common Files\Palo Alto Software\8.0\PAS8_Update.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HP_Owner\My Documents\HijackThis\HijackThis.exe

O2 - BHO: Nothing - {f79fd28e-36ee-4989-aa61-9dd8e30a82fa} - C:\WINDOWS\system32\hp861C.tmp (file missing)
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [FAhid] C:\IPen32\Fahid.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [9PTig] C:\WINDOWS\xnlnb.exe
O4 - HKLM\..\Run: [??"h'???r?WC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xnlnb.exe
O4 - HKLM\..\Run: [庋勷????佒?媺C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xnlnb.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [eMule] C:\Program Files\emule\emule.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [USBDetector] C:\USBStorage\USBDetector.exe
O4 - HKLM\..\Run: [Gene USB Monitor] C:\WINDOWS\system32\USBMonit.exe
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [7cb8d337.exe] C:\Documents and Settings\HP_Owner\Local Settings\Application Data\7cb8d337.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Palo Alto Software Update Manager 8.0.lnk = C:\Program Files\Common Files\Palo Alto Software\8.0\PAS8_Update.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\sslaunch.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 蚚IS狟婥 - C:\Program Files\IS\IS.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O14 - IERESET.I

Kn10 0 Light Poster · Answer 6 · 2006-05-19T08:14:38+00:00

If any of the above dont work, give this a shot:
http://www.technibble.com/how-to-remove-spyfalcon/

tayspen 28 <Insert title here> Team Colleague · Answer 7 · 2006-05-19T22:48:07+00:00

Smitfraudfix, almost always works on that faimly of infections. :).

Speaking of which, we need to see that log, before we continue.

Sorry Burton, I didn't even see you posted ewido instuctions in the post above mine :)

haruka108 0 Light Poster · Answer 8 · 2006-05-20T00:21:41+00:00

SmitFraudFix v2.45

Scan done at 14:20:51.88, 05/19/2006 Fri
Run from C:\Documents and Settings\HP_Owner\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600]

C:\

C:\WINDOWS

C:\WINDOWS\system

C:\WINDOWS\Web

C:\WINDOWS\system32

C:\Documents and Settings\HP_Owner\Application Data

Start Menu

C:\DOCUME~1\HP_Owner\FAVORI~1

Desktop

C:\Program Files

Corrupted keys

Desktop Components

Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{e04408db-4812-4478-8d4d-e46edcffd3b6}"="AutoDisc Ware"

[HKEY_CLASSES_ROOT\CLSID\{e04408db-4812-4478-8d4d-e46edcffd3b6}\InProcServer32]
@="C:\WINDOWS\system32\fyhhxw.dll"

[HKEY_CURRENT_USER\Software\Classes\CLSID\{e04408db-4812-4478-8d4d-e46edcffd3b6}\InProcServer32]
@="C:\WINDOWS\system32\fyhhxw.dll"

Scanning wininet.dll infection

End

haruka108 0 Light Poster · Answer 9 · 2006-05-21T03:50:04+00:00

for some reason, that one didn't show right...

SmitFraudFix v2.45

Scan done at 17:49:23.49, 05/20/2006 Sat
Run from C:\Documents and Settings\HP_Owner\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600]

C:\

C:\WINDOWS

C:\WINDOWS\system

C:\WINDOWS\Web

C:\WINDOWS\system32

C:\Documents and Settings\HP_Owner\Application Data

Start Menu

C:\DOCUME~1\HP_Owner\FAVORI~1

Desktop

C:\Program Files

Corrupted keys

Desktop Components

Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{e04408db-4812-4478-8d4d-e46edcffd3b6}"="AutoDisc Ware"

[HKEY_CLASSES_ROOT\CLSID\{e04408db-4812-4478-8d4d-e46edcffd3b6}\InProcServer32]
@="C:\WINDOWS\system32\fyhhxw.dll"

[HKEY_CURRENT_USER\Software\Classes\CLSID\{e04408db-4812-4478-8d4d-e46edcffd3b6}\InProcServer32]
@="C:\WINDOWS\system32\fyhhxw.dll"

Scanning wininet.dll infection

End

suspected spyfalcon infection

Recommended Answers Collapse Answers

All 12 Replies

Recommended Answers