Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sursidekick3


  • Please log in to reply
8 replies to this topic

#1 saxx

saxx

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:52 PM

Posted 10 March 2006 - 06:47 AM

Hi can someone please help me get rid of surfsidekick3, have tried evrything that I know and it keeps coming back for more every time antispyware gets rid and reboots. I tried following instructions on another site, which included renaming HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\ to Windoz, but the file in question seem to create another windows folder as well as the one I just renamed to windoz. Am not experienced in dealing with registry comands and actions, any help would be truly appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 11:04:00, on 10/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Windows Defender\MsMpEng.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
d:\program files\mcafee.com\agent\mcdetect.exe
d:\PROGRA~1\mcafee.com\agent\mctskshd.exe
d:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\Prevx1\PXAgent.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\wdfmgr.exe
D:\WINDOWS\system32\UAService7.exe
D:\WINDOWS\Explorer.EXE
d:\PROGRA~1\mcafee.com\vso\mcshield.exe
D:\WINDOWS\System32\alg.exe
D:\PROGRA~1\mcafee.com\agent\mcagent.exe
D:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
D:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
d:\progra~1\mcafee.com\vso\mcvsescn.exe
D:\Program Files\Windows Defender\MSASCui.exe
D:\Program Files\Prevx1\PXConsole.exe
D:\Program Files\PeerGuardian2\pg2.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = D:\WINDOWS\System\blank.htm
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - D:\Program Files\SurfSideKick 3\SskBho.dll
O1 - Hosts: 205.238.40.1 winmx.com
O1 - Hosts: 205.238.40.1 www.winmx.com
O1 - Hosts: 205.238.40.1 err.winmx.com
O1 - Hosts: 205.238.40.1 c3310.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3311.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3312.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3313.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3314.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3315.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3316.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3317.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3318.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3319.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3310.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3311.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3312.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3313.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3314.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3315.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3316.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3317.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3318.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3319.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3310.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3311.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3312.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3313.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3314.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3315.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3316.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3317.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3318.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3319.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3310.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3311.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3312.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3313.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3314.z1304.winmx.com
O1 - Hosts: 82.195.155.5 c3315.z1304.winmx.com
O1 - Hosts: 82.195.155.5 c3316.z1304.winmx.com
O1 - Hosts: 82.195.155.5 c3317.z1304.winmx.com
O1 - Hosts: 82.195.155.5 c3318.z1304.winmx.com
O1 - Hosts: 82.195.155.5 c3319.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3310.z1305.winmx.com
O1 - Hosts: 205.238.40.1 c3311.z1305.winmx.com
O1 - Hosts: 205.238.40.1 c3312.z1305.winmx.com
O1 - Hosts: 205.238.40.1 c3313.z1305.winmx.com
O1 - Hosts: 205.238.40.1 c3314.z1305.winmx.com
O1 - Hosts: 82.195.155.5 c3315.z1305.winmx.com
O1 - Hosts: 82.195.155.5 c3316.z1305.winmx.com
O1 - Hosts: 82.195.155.5 c3317.z1305.winmx.com
O1 - Hosts: 82.195.155.5 c3318.z1305.winmx.com
O1 - Hosts: 82.195.155.5 c3319.z1305.winmx.com
O1 - Hosts: 205.238.40.1 c3310.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3311.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3312.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3313.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3314.z1306.winmx.com
O1 - Hosts: 82.195.155.5 c3315.z1306.winmx.com
O1 - Hosts: 82.195.155.5 c3316.z1306.winmx.com
O1 - Hosts: 82.195.155.5 c3317.z1306.winmx.com
O1 - Hosts: 82.195.155.5 c3318.z1306.winmx.com
O1 - Hosts: 82.195.155.5 c3319.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3520.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3521.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3522.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3523.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3524.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3525.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3526.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3527.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3528.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3529.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3520.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3521.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3522.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3523.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3524.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3525.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3526.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3527.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3528.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3529.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3520.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3521.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3522.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3523.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3524.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3525.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3526.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3527.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3528.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3529.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3520.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3521.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3522.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3523.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3524.z1304.winmx.com
O1 - Hosts: 82.195.155.5 c3525.z1304.winmx.com
O1 - Hosts: 82.195.155.5 c3526.z1304.winmx.com
O1 - Hosts: 82.195.155.5 c3527.z1304.winmx.com
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - D:\Documents and Settings\All Users.WINDOWS\Application Data\Prevx\pxbho.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - d:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [MCAgentExe] d:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] d:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "d:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "d:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [mousepad] C:\\mousepad1.exe
O4 - HKLM\..\Run: [Windows Defender] "D:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [PrevxOne] D:\Program Files\Prevx1\PXConsole.exe
O4 - HKLM\..\Run: [SurfSideKick 3] D:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [PeerGuardian] D:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [BitComet] "D:\Program Files\BitComet\BitComet.exe"
O4 - HKCU\..\Run: [SurfSideKick 3] D:\Program Files\SurfSideKick 3\Ssk.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by1fd.bay1.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1125393586218
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {FAFF0003-0A01-121A-A1C9-08032B23E0CC} - http://uk.global-acces.com/seed/nat3.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: repairs303169536.dll
O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - d:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - d:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - d:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - D:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - d:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: MSCSPTISRV - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - D:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - D:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - D:\WINDOWS\system32\UAService7.exe


regards

saxx

BC AdBot (Login to Remove)

 


m

#2 Glaswegian

Glaswegian

    Defender of the Haggis


  • Malware Response Team
  • 79 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Glasgow
  • Local time:10:52 PM

Posted 10 March 2006 - 02:45 PM

Hi and welcome to Bleeping Computer.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

You may wish to Subscribe to this thread (Options) so that you are notified when you receive a reply.

Please be patient with me during this time.
Iain
Win XP Pro / Win 7 Pro
Posted Image

#3 Glaswegian

Glaswegian

    Defender of the Haggis


  • Malware Response Team
  • 79 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Glasgow
  • Local time:10:52 PM

Posted 11 March 2006 - 06:28 AM

Hi saxx and thank you for your patience.


Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.


If there is anything you don't understand, please ask before proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.



Show Hidden Files
Go to My Computer > Tools > Folder Options > View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System files and Folders are showing / visible. Uncheck the Hide protected operating system files option.



Downloads
Download the following reg file to your desktop. FixSsk.reg. Do not use it yet


Please download Cleanup! or use this Alternate Link if the main link does not work and install it. You will use this later.


Download Ewido Security Suite
  • Install Ewido Security Suite
  • When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  • Double-click the icon on Desktop to launch Ewido
You will need to update Ewido to the latest definition files.
  • On the left hand side of the main screen click update.
  • Then click on Start Update.
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update Ewido.
When you have finished updating, EXIT Ewido.



Download MVPS Hosts file . Do not use it yet.



CleanUp!
*NOTE* Cleanup deletes EVERYTHING out of temporary folders and does NOT make backups. If you have any files in any TEMP directory and you need to keep them, then please MOVE THEM NOW!

Open Cleanup! by double-clicking the icon on your desktop (or from Start > All Programs). Set the program up as follows:

Click Options
Move the slider button down to Custom CleanUp!
Check the following:
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Cleanup! All Users
Uncheck the following :Scan local drives for temporary files
Click OK, Press the CleanUp! button to start the program and reboot when prompted.
Note: CleanUp! deletes EVERYTHING out of your temp/temporary folders, it does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these BEFORE running CleanUp! If you have a 64 bit Operating System do NOT run Cleanup and let me know as we will use another utility.



Uninstall Programmes
Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs (if present):

Surf Sidekick 3

It may prompt about whether or not you are sure you want to remove this program. Reply Yes to this prompt. It will then uninstall the program.

If there is no Add/Remove Programs entry for this programs, click on Start, then Run and type the following in the Open: field:

C:\Program Files\SurfSideKick 3\Ssk.exe /u

and press the OK button.

A code will be displayed that it will ask you to enter. Enter this code and reboot. Once back to your desktop continue with the rest of the fix.



Reboot
Reboot your system in Safe Mode (By repeatedly tapping the F8 key (or the appropriate key for your system) until the menu appears).




HijackThis Entries
Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = D:\WINDOWS\System\blank.htm
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - D:\Program Files\SurfSideKick 3\SskBho.dll
O4 - HKLM\..\Run: [mousepad] C:\\mousepad1.exe
O4 - HKLM\..\Run: [SurfSideKick 3] D:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [SurfSideKick 3] D:\Program Files\SurfSideKick 3\Ssk.exe
O16 - DPF: {FAFF0003-0A01-121A-A1C9-08032B23E0CC} - http://uk.global-acces.com/seed/nat3.exe
O20 - AppInit_DLLs: repairs303169536.dll


Please remember to close all other windows, including browsers then click Fix checked.



File Deletions
Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist. (let me know if you fail to find/delete any)

D:\Program Files\SurfSideKick 3
C:\\ mousepad1.exe <- - Go to Start > Search to find this file
repairs303169536.dll <- - Go to Start > Search to find this file
Sskknwrd.dll <- - Go to Start > Search to find this file
Ssk.log <- - Go to Start > Search to find this file
SskUpdater.exe <- - Go to Start > Search to find this file
Ssk.exe <- - Go to Start > Search to find this file



MVPS HOSTS File
From within Host.zip, double click on MVPS.bat and allow it to run.



Fixssk.reg
Double-click on fixssk.reg and say Yes when it asks if you would like to merge the data into the Registry.


Ewido
Run Ewido with it's updated definitions (...it's important that all windows must be closed)
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • NOTE: During some scans with Ewido it is finding cases of false positives.
  • You will need to step through the process of cleaning files one-by-one.
  • If Ewido detects a file you KNOW to be legitimate, select none as the action.
  • DO NOT select "Perform action on all infections"
  • If you are unsure of any entry found select none for now.
  • When the scan is finished, click the Save Report button at the bottom of the screen.
  • Save the report to your desktop
Close Ewido

NOTE: Ewido scan will require at least an hour.



Reboot
Reboot your system in Normal Mode.



Online Scan

Perform an online scan with Internet Explorer with Panda ActiveScan

Click on the "Free To Use ActiveScan" located on the top right hand corner.

1. Click Check Now and a "pop up" window will appear. *Please ensure that your pop up blocker doesn't block it *
2. Enter your e-mail address, country, and state & click Scan Now * The download of the 8 MB Panda's ActiveX control will take place *

Begin the scan by selecting My Computer
  • If it finds any malware, it will offer you a report.
  • Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
  • Click on See report then click Save report
*You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
*Turn off the real time scanner of any existing antivirus program while performing the online scan




Logs required
Ewido Log
Panda Log
HijackThis Log


Please also advise how your system is performing now.
Iain
Win XP Pro / Win 7 Pro
Posted Image

#4 saxx

saxx
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:52 PM

Posted 14 March 2006 - 08:15 AM

Hi again

I am not sure but I think it is gone!. I finished the ewido scan and then rebooted to normal mode. I then searched for the files that I was unable to search in safe mode and only found 1 of the files taht you listed
[/b]
D:/Documents and settings/owner/application data/ Sskknwrd.dll

I then returned to safe mode and deleted this file.

Had a problem with the panda scan though, not sure what the problem with my internet explorer is, for some reason it has problems reading some java text buttons, like the one that says scan now on the panda site, when I look at address or information that is displayed in the bottom left corner when trying to click a button it displays this [b]javascript () . This is a problem that i have had for ages now and coudnt work out what was wrong, so I just downloaded firefox instead, which doesnt have any such problems. Any way as panda scan only recognizes IExp, i couldnt run the scan. Any coments on this IE problem would be apreciated.


just one final thing

For future protection what would you recomend in programs that are free to use.

I am running mcaffe antivirus and windows defender, which is normally pretty good, but got its ass kicked by SSK3.

Hijack this log

Logfile of HijackThis v1.99.1
Scan saved at 10:26:09, on 14/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Windows Defender\MsMpEng.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
D:\Program Files\ewido anti-malware\ewidoctrl.exe
d:\program files\mcafee.com\agent\mcdetect.exe
d:\PROGRA~1\mcafee.com\agent\mctskshd.exe
d:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\UAService7.exe
d:\PROGRA~1\mcafee.com\vso\mcshield.exe
D:\WINDOWS\Explorer.EXE
D:\PROGRA~1\mcafee.com\agent\mcagent.exe
D:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
D:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
d:\progra~1\mcafee.com\vso\mcvsescn.exe
D:\Program Files\Windows Defender\MSASCui.exe
D:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - D:\Documents and Settings\All Users.WINDOWS\Application Data\Prevx\pxbho.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - d:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [MCAgentExe] d:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] D:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "d:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "d:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Defender] "D:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [PrevxOne] D:\Program Files\Prevx1\PXConsole.exe
O4 - HKCU\..\Run: [PeerGuardian] D:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [BitComet] "D:\Program Files\BitComet\BitComet.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by1fd.bay1.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1125393586218
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - d:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - d:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - d:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - D:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - d:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: MSCSPTISRV - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - D:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - D:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - D:\WINDOWS\system32\UAService7.exe

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 00:54:58, 14/03/2006
+ Report-Checksum: 783193B

+ Scan result:

HKLM\SOFTWARE\Effective-i -> Adware.EffectiveBrandToolbar : Cleaned with backup
HKLM\SOFTWARE\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup
HKLM\SOFTWARE\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup
HKU\S-1-5-21-220523388-2000478354-682003330-1003\Software\Effective-i -> Adware.EffectiveBrandToolbar : Cleaned with backup
HKU\S-1-5-21-220523388-2000478354-682003330-1003\Software\Effective-i\TheSearchAccelerator -> Adware.EffectiveBrandToolbar : Cleaned with backup
HKU\S-1-5-21-220523388-2000478354-682003330-1003\Software\Effective-i\TheSearchAccelerator\IE5 -> Adware.EffectiveBrandToolbar : Cleaned with backup
HKU\S-1-5-21-220523388-2000478354-682003330-1003\Software\IST -> Adware.ISTBar : Cleaned with backup
HKU\S-1-5-21-220523388-2000478354-682003330-1003\Software\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup
HKU\S-1-5-21-220523388-2000478354-682003330-1003\Software\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup
C:\Documents and Settings\sax\Cookies\sax@a-1shz2prbmdj6wvny-1sez2pra2dj6wjliapazegpa-1dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\sax\Cookies\sax@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup
C:\Documents and Settings\sax\Cookies\sax@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\sax\Cookies\sax@stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\sax\Cookies\sax@y-1shz2prbmdj6wvny-1sez2pra2dj6wfk4ugcjmdoqmdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\sax\Cookies\sax@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4cjcpadpqwdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\sax\Cookies\sax@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4snd5wcpwudj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\sax\Cookies\sax@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkogncjekog2dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\sax\Cookies\sax@y-1shz2prbmdj6wvny-1sez2pra2dj6wjl4cjczehqawdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\sax\Cookies\sax@y-1shz2prbmdj6wvny-1sez2pra2dj6wjliqlc5wkoq6dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\sax\Cookies\sax@y-1shz2prbmdj6wvny-1sez2pra2dj6wjliqodzefpgudj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\sax\Cookies\sax@y-1shz2prbmdj6wvny-1sez2pra2dj6wjloqpczcbqaudj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\sax\Cookies\sax@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlowmcpcfpaqdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\sax\Cookies\sax@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyuldzagoqudj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.15:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.24:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.25:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.26:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.27:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.28:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.29:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.30:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Kmpads : Cleaned with backup
:mozilla.31:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Kmpads : Cleaned with backup
:mozilla.46:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.47:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.48:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.49:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.58:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
:mozilla.59:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.60:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.61:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.63:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.64:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.65:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.70:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.72:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.73:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.74:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.76:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.77:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.78:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.79:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.80:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.81:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.82:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.83:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.84:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.85:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.86:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.87:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.88:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.92:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.93:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.94:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.97:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.98:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.99:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.100:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.101:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.102:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.103:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.104:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.105:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.106:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.110:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.117:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Directnetadvertising : Cleaned with backup
:mozilla.119:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup
:mozilla.141:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.142:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.143:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.144:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.145:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.146:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.147:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.148:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.149:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.150:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.151:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.152:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.153:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.155:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.156:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.157:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.163:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.164:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.165:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.171:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup
:mozilla.172:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned with backup
:mozilla.174:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Spylog : Cleaned with backup
:mozilla.179:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Trafic : Cleaned with backup
:mozilla.180:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.181:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.213:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.218:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.224:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.225:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.227:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.228:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.229:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.230:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.231:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.232:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.233:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.234:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.239:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.242:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.277:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.278:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.279:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.297:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.298:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.299:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.300:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.301:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.302:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.304:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Adviva : Cleaned with backup
:mozilla.305:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.308:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.309:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.310:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.311:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.312:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.329:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.334:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.335:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.364:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.365:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.372:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.373:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.374:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.381:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.387:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.397:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.403:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.404:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.405:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.428:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.429:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.430:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.438:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.456:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup
:mozilla.458:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.473:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.474:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.475:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.476:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.477:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.478:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.479:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.480:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.490:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup
:mozilla.492:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup
:mozilla.514:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.526:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.530:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.531:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.534:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.535:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.542:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Weborama : Cleaned with backup
:mozilla.543:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Weborama : Cleaned with backup
:mozilla.592:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.614:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.626:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.627:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.628:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.629:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.630:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.631:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.632:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.633:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.634:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.635:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.638:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.642:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.645:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned with backup
:mozilla.649:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.651:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.652:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.657:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.658:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.662:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.664:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.667:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.670:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.671:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.680:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.689:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.692:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.696:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.697:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.698:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.699:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.700:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.701:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.705:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.707:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.708:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.710:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.718:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.730:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7rwz5ph6.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup
D:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWFX5_0001_N57M2112NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned with backup
D:\WINDOWS\Downloaded Program Files\UWFX5_0001_N57M2112NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned with backup


::Report End

andy

#5 Glaswegian

Glaswegian

    Defender of the Haggis


  • Malware Response Team
  • 79 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Glasgow
  • Local time:10:52 PM

Posted 14 March 2006 - 05:57 PM

Hi again Andy


Clear your Firefox cookies. From the open browser, go to Tools > Options > Privacy > Cookies > Clear


Clear your IE cookies. Start > Settings > Control Panel > Internet Options > General tab > under Temporary files, click on Delete Cookies


Downloads
Download IE-Spyad - Extract the contents to a new folder. IE-SPYAD will place thousands of bad websites in the Restricted Zone of Internet Explorer.
From within the folder, double-click install.bat
Select Option #2 - Install the new IE-SPYAD list.
Then return to the main menu.
Select option #4 - Add the old porn sites domain

Download MVPS Hosts file - From within Host.zip, double click on MVPS.bat & allow it to run. This will replace your current Hosts file with one that will block known adware and spy websites.

Download SpywareBlaster. Install & update SpywareBlaster with the latest definitions.
After you have updated, click the button - enable protection for all unprotected items.
SpywareBlaster can help prevent spyware installing in the first place.


Any joy with repairing IE? How is your system performing now?

If you can, please try the Panda scan again. Let me know if you still have problems.

Please post the Panda Log (if possible) and a fresh HijackThis Log.
Iain
Win XP Pro / Win 7 Pro
Posted Image

#6 saxx

saxx
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:52 PM

Posted 15 March 2006 - 07:14 AM

Hi Iain

I have downloaded a few security apps, such as spybot s & d, adaware se, spyware blaster and hosts secure. Will probably keep windows defender on as well and have mcaffe, so should be well protected now. Need to get in the habit of making backups.

I tried to fix my IE6, but with no joy, i followed the method 1, using the windows xp disc to restore files, but it is no different, really dont understand, could there be things that are either checked or not checked in internet options maybe??

andy

#7 Glaswegian

Glaswegian

    Defender of the Haggis


  • Malware Response Team
  • 79 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Glasgow
  • Local time:10:52 PM

Posted 15 March 2006 - 02:22 PM

Andy

Let's try re-registering IEs dll files again.

With all browser windows closed, Go to Start->Run and copy and paste each of the following into the box, hitting ok after each:

regsvr32 softpub.dll
regsvr32 wintrust.dll
regsvr32 initpki.dll
regsvr32 dssenh.dll
regsvr32 rsaenh.dll
regsvr32 gpkcsp.dll
regsvr32 sccbase.dll
regsvr32 slbcsp.dll
regsvr32 cryptdlg.dll


Now reboot and try using Internet Explorer again.

Let me know if this helps.
Iain
Win XP Pro / Win 7 Pro
Posted Image

#8 saxx

saxx
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:52 PM

Posted 20 March 2006 - 05:55 AM

Hi

Have tried re registering the files you listed, all files were installed correctly.

Unfortunately there is no change in the current state of my IE6

regards

andy

#9 Glaswegian

Glaswegian

    Defender of the Haggis


  • Malware Response Team
  • 79 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Glasgow
  • Local time:10:52 PM

Posted 20 March 2006 - 05:48 PM

Andy

Try these options.

First, click the 'Tools' tab on internet explorer then click 'Options'. Check that your security levels are low enough to allow active X controls. Then check the advanced tab to make sure active X is enabled.

Another option is to go to start > run and type sfc /scannow - note the space between sfc and the slash - and click OK. You will need your windows CD. This will run the system file checker and replace any needed files.

Can you also post a fresh HijackThis Log please and let's see what's happening with your system at the moment.

Edited by Glaswegian, 20 March 2006 - 05:54 PM.

Iain
Win XP Pro / Win 7 Pro
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users