Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Here are my results.
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
Page 1 of 3 1 23
 
LinkBack Thread Tools
Old 01-03-2006, 12:15 PM   #1 (permalink)
Registered User
 
originale's Avatar
 
Join Date: Sep 2004
Posts: 441
OS: winXP


should I use stinger
I have norton installed and keep my updates current. I inadvertently clicked on a link on a spam email and now am worried I've brought something into my computer. Shd I use stinger to look? Or will Norton catch it?
originale is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Sponsored Links
Old 01-03-2006, 04:32 PM   #2 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 24,048
OS: WinXP and Vista


Norton may or may not catch it. Stinger attacks specific infections so also may or may not be effective. I would suggest you do the following to be sure nothing has invaded your system:

Please run an online scan using at least 2 of the following:

http://housecall.trendmicro.com/
http://www3.ca.com/virusinfo/virusscan.aspx
http://www.pandasoftware.com/actives..._principal.htm
http://www.bitdefender.com/scan/license.php
http://us.mcafee.com/root/mfs/default.asp
http://security.symantec.com/sscv6/d...d=ie&venid=sym
http://www3.ca.com/virusinfo/virusscan.aspx

Please download HijackThis - this program will help us determine if there are any spyware/malware on your computer. Double-click on the file you just downloaded.
Click on the "Unzip" button to install. It will by default install to the directory - C:\PROGRAM FILES\HIJACKTHIS\

Double click on HijackThis.exe to run the program.

1. If it gives you an intro screen, just choose 'Do a system scan and save a logfile'.
2. If you don't get the intro screen, just hit Scan and then click on Save log.
3. Post the hijackthis.log file along with any results from online scans, in the HijackThis Log Help forum. Do not fix anything in HijackThis since they may be harmless.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-04-2006, 05:58 PM   #3 (permalink)
Registered User
 
originale's Avatar
 
Join Date: Sep 2004
Posts: 441
OS: winXP


Ok-I'm infected NOw what
Ok- here is an update. Phew- it took a long time. I ran trend micro but couldn't run it in Firefox so had to open in Explorer. What is strange was that the other links had to be clicked from Explorer too- ie Panda which I ran. But when I went to this site-techsupportforum and logged in-the site recognized my name but acted as if I wasn't logged in. In Firefox I'm ok.

Anyway, Trend micro couldn't remove two files- I had lots of bad stuff on my system which norton and stinger didn't catch. You were right. But what good is Norton if all this stuff got in. So, it couldn't remove ADW-Hotbar.B and ADW-Hotbar.J. Now what do I do with these two stuck in my system.

With Panda- not sure how it works. I sent 4 files to the lab but it didn't work. Just wouldn't complete the send. It detected 97 spyware, 1 hacker file and 4 of something else. ARe they gone-does Panda remove them?

I'm going to post my Hijack log to the site and see how I'm doing.

thanks for the help.
re: teh donation which I'm happy to give. Is the address at the bottom of the email the name of the person who maintains the site? I've donated before and appreciate the help[- you are all so valuable.

thanks
originale is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-04-2006, 06:01 PM   #4 (permalink)
Registered User
 
originale's Avatar
 
Join Date: Sep 2004
Posts: 441
OS: winXP


Here are my results.
Here is my log. The results of my Trend Micro Scan are that lots of spyware- most removed ex for ADW-Hotbar.B and ADW-Hotbar.J

Panda- couldn't send the files to the lab- the send just wouldn't complete. I had 97 spyware, 1 hijack file, and 4 others of something I can't remembe.r I don't know if Panda removed it all or not. How can I tell? Here is the hijack log. Thanks a lot.

Logfile of HijackThis v1.99.1
Scan saved at 8:53:33 PM, on 1/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Connected\AgentSrv.EXE
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\S3tray2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Connected\CBSysTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\nixon\Local Settings\Temporary Internet Files\Content.IE5\JA5I34LG\HijackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Sympatico
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [BestPopUpKiller] C:\Program Files\BestPopUpKiller\BestPopupKiller.exe /startup
O4 - Startup: Connected TaskBar Icon.LNK = C:\Program Files\Connected\CBSysTray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Connected TaskBar Icon.LNK = C:\Program Files\Connected\CBSysTray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O15 - Trusted Zone: http://groups.msn.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernetwork.com/surferplugin.ocx
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/0167169d...p/RdxIE601.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.9.27.1/ttinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...a/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/tech...ActiveData.cab
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/...chsettings.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Connected Agent Service (AgentSrv) - Connected Corporation - c:\Program Files\Connected\AgentSrv.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: NICSer_WPC54 - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
originale is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-04-2006, 07:34 PM   #5 (permalink)
Professor/Moderator, TSF Design School
 
Grove's Avatar
 
Join Date: Jun 2005
Location: Australia
Posts: 2,382
OS: Windows XP SP2


Yes, that is the person who is the owner of the site. The site is maintained by a few administrators. Due to the current need, I suggest that you do the PayPal and enter the email at this current time.

If you cannot, simply do the normal donation
__________________
==========================================

Get Help:
TSF Security Forum | HijackThis | MB's 5 Step Process
Get Clean:
AdAware SE | Spybot S&D | CWShredder | Ewido | CleanUp!
Get Protected:
SpywareBlaster | SpywareGuard | Windows Updates | IE-SpyAd


If TSF has helped you, please consider making a donation to help keep the board running.
Grove is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-04-2006, 08:45 PM   #6 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 24,048
OS: WinXP and Vista


Hello originale,

I've merged your posts in the General Security Forum with this thread to keep everything together.

There's not much showing in this log so we'll need another online scan with the results posted here so we can identify, and get rid of what is remaining.

Download CleanUp! (Alternate Link if main link doesn't work) and install it. Do not run it yet.

---------------------------

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading:
* select Show hidden files and folders.
* Uncheck Hide protected operating system files (recommended) option.
* Click Yes to confirm and then click OK.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.

---------------------------

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:

SpyKiller --It’s rogueware (or known to be rogueware in the past) and we highly recommend that you uninstall it. Rogue/Suspect means that these products are of unknown, questionable, or dubious value as anti-spyware protection.

Run a scan in HijackThis. 'Check' each of the following if they still exist (make sure not to miss any):

R3 - Default URLSearchHook is missing
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup

Click 'Fix Checked' and close HijackThis.

---------------------------

Delete the following Folder if it still exists:

C:\Program Files\ SpyKiller

---------------------------

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Standard CleanUp!"
*Uncheck the following:
-Delete Newsgroup cache
-Delete Newsgroup Subscriptions
-Scan local drives for temporary files
Click OK
Press the CleanUp! button to start the program. Reboot/logoff when prompted.
Note: CleanUp! deletes EVERYTHING out of your temp/temporary folders, it does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp! If you have a 64 bit Operating System do NOT run Cleanup and let me know as we will use another utility

Reboot into Normal Mode.

Perform an online scan with Internet Explorer with Panda ActiveScan
** click on "Free use ActiveScan" located on the top right hand corner
  1. Click Check Now & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
  2. Enter your e-mail address, country, and state & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls
Begin the scan by selecting My Computer
  • If it finds any malware, it will offer you a report.
  • Please ignore any entry it finds and wants you to buy the program for removal as we will address this later.
  • Click on see report. Then click Save report
Please post that log in your next reply.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Last edited by Ried; 01-04-2006 at 08:48 PM.
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-05-2006, 02:33 PM   #7 (permalink)
Registered User
 
originale's Avatar
 
Join Date: Sep 2004
Posts: 441
OS: winXP


Please explain the donation process
Thanks- this will take time so I may have to do it tomorrow or on wknd- if I can't find time tonight.

Pls clarify for me re: the urgent need and the what the normal donation route is. I don't understand the message nor the difference. What is the urgent need- and of course, very happy to help.
originale is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-07-2006, 11:10 AM   #8 (permalink)
Analyst, Security Team
 
greyknight17's Avatar
 
Join Date: Jul 2004
Location: New York
Posts: 14,327
OS: Windows 98 & Windows XP Home/Pro

My System

Hi, if the members can, we suggest donating to help our friend jgvernonco. He probably helped a lot of members here in the past already and he has helped setup what we have here today, with all the experts helping here in the Security Center. Donate through paypal to his email to show your support.

The normal donation process is done through here to support the forum. I think danrak (the administrator here for TechSupportForum) might be forwarding donations to help jgvernonco... We thank you for any contribution you can make.
__________________
Please do NOT PM me. Post whatever questions you may have in the forum and we will take a look at it when we get to it. If you have waited for more than 3 days, you may then and ONLY then PM me for assistance. I will take a look at it.
greyknight17 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-07-2006, 11:42 AM   #9 (permalink)
Registered User
 
originale's Avatar
 
Join Date: Sep 2004
Posts: 441
OS: winXP


Is your friend in financial difficulty and that's why you want to help directly? Is he still associated with the site? Because if the money goes to him and not here, then will there be money available to keep the site going? The site is really a lifeline for people such as me.
originale is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-07-2006, 12:22 PM   #10 (permalink)
Analyst, Security Team
 
greyknight17's Avatar
 
Join Date: Jul 2004
Location: New York
Posts: 14,327
OS: Windows 98 & Windows XP Home/Pro

My System

Jgvernonco/John is basically family here at TSF. He was here before most of us helpers/analysts were here. We don't want to go into too many details, but he's disabled and want to move back Arizona where his friends and family are...Read more here (basically the same as what I said). Your donation will be going to a good cause...The site Administrator here (danrak) is also giving John a huge help as he's been here for us when he's needed. So yes, he's definite associated with the site (long time member).

Although the site is not getting as much donations as it does, it will be ok. If you want, you can become a TSF Supporter by donating here also. danrak/Jason will be forwarding the donations to John...if you want, put in the notes in Paypal for jgvernonco...

Don't worry...with generous members like you, I'm sure TSF will last a long time. We still have the resources to keep it running. Thanks again for any contribution...
__________________
Please do NOT PM me. Post whatever questions you may have in the forum and we will take a look at it when we get to it. If you have waited for more than 3 days, you may then and ONLY then PM me for assistance. I will take a look at it.
greyknight17 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-09-2006, 02:58 PM   #11 (permalink)
Registered User
 
originale's Avatar
 
Join Date: Sep 2004
Posts: 441
OS: winXP


Thank you for answering my questions. I will organize my Pay Pal account and send something in. It'll be modest since I"m a fulltime student but you have all helped me so much- it's the least i can do.
originale is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-13-2006, 07:02 AM   #12 (permalink)
Registered User
 
originale's Avatar
 
Join Date: Sep 2004
Posts: 441
OS: winXP


Activescan results
Finally did what you recommended. He are the results from Activescan. So surprised to see spykiller still lurking deep in my system.


Incident Status Location

Spyware:spyware/surfsidekick Not disinfected C:\Documents and Settings\nixon\Application Data\Sskknwrd.dll
Spyware:spyware/altnet Not disinfected Windows Registry
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.advertising.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.fastclick.net/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[media.fastclick.net/]
Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.2o7.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.atdmt.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.doubleclick.net/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.realmedia.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.overture.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.hitbox.com/]
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.bfast.com/]
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.qksrv.net/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.maxserving.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.belnk.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.dist.belnk.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.belnk.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[server.iad.liveperson.net/hc/70062990]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.zedo.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.valueclick.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Microsofte Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.microsofteup.112.2o7.net/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[statse.webtrendslive.com/dcszp7e1v10000omp5r9bmtnv_1o4g]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.ath.belnk.com/]
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.tickle.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.statcounter.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/24/7 Realmedia Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.247realmedia.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.burstnet.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[landing.domainsponsor.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.revenue.net/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Bs.serving-sys Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Bs.serving-sys Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[bs.serving-sys.com/]
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.web.tickle.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.adopt.hbmediapro.com/]
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[counter.hitslink.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.adtech.de/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.apmebf.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.bravenet.com/]
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.clickbank.net/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.com.com/]
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.ct.360i.com/]
Spyware:Cookie/go Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.go.com/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[searchportal.information.com/]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[stat.onestat.com/]
Spyware:Cookie/web-stat Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[www.web-stat.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[70062990]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[dcszp7e1v10000omp5r9bmtnv_1o4g]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[]
Potentially unwanted tool:Application/Processor Not disinfected
originale is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-13-2006, 02:43 PM   #13 (permalink)
Registered User
 
originale's Avatar
 
Join Date: Sep 2004
Posts: 441
OS: winXP


Bump-activescan results. What do you think?
Quote:
Originally Posted by originale
Finally did what you recommended. He are the results from Activescan. So surprised to see spykiller still lurking deep in my system.


Incident Status Location

Spyware:spyware/surfsidekick Not disinfected C:\Documents and Settings\nixon\Application Data\Sskknwrd.dll
Spyware:spyware/altnet Not disinfected Windows Registry
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.advertising.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.fastclick.net/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[media.fastclick.net/]
Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.2o7.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.atdmt.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.doubleclick.net/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.realmedia.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.overture.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.hitbox.com/]
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.bfast.com/]
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.qksrv.net/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.maxserving.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.belnk.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.dist.belnk.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.belnk.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[server.iad.liveperson.net/hc/70062990]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.zedo.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.valueclick.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Microsofte Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.microsofteup.112.2o7.net/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[statse.webtrendslive.com/dcszp7e1v10000omp5r9bmtnv_1o4g]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.ath.belnk.com/]
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.tickle.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.statcounter.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/24/7 Realmedia Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.247realmedia.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.burstnet.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[landing.domainsponsor.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.revenue.net/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Bs.serving-sys Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Bs.serving-sys Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[bs.serving-sys.com/]
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.web.tickle.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.adopt.hbmediapro.com/]
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[counter.hitslink.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.adtech.de/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.apmebf.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.bravenet.com/]
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.clickbank.net/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.com.com/]
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.ct.360i.com/]
Spyware:Cookie/go Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.go.com/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[searchportal.information.com/]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[stat.onestat.com/]
Spyware:Cookie/web-stat Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[www.web-stat.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[70062990]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[dcszp7e1v10000omp5r9bmtnv_1o4g]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[]
Potentially unwanted tool:Application/Processor Not disinfected
originale is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-14-2006, 06:19 AM   #14 (permalink)
Registered User
 
originale's Avatar
 
Join Date: Sep 2004
Posts: 441
OS: winXP


Cry No replies
Hi all: I can't seem to get a reply to this posting. Can somebody please take a look at this? I know that I have spyware and would love to get rid of it- and then figure out how to avoid it again

I also can't activate my Paypal account- may be because I was getting mail a cheque. This would just get to you faster through Pay Pal
originale is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-14-2006, 07:08 PM   #15 (permalink)
Manager Emeritus - Security Center, Expert Analyst, Moderator - Security Team; Rangemaster, TSF Academy & Supporter
 
MicroBell's Avatar
 
Join Date: Sep 2004
Location: Carmichaels, PA-USA
Posts: 6,965
OS: Windows XP-Pro SP2


Send a message via ICQ to MicroBell Send a message via MSN to MicroBell
Hi and Welcome to TSF

Before attacking an adware/spyware problem with hijackthis make sure you have already run the following tools. Download and update the databases on each program before running.
Also make sure you are using the the latest version (1.99.1) of HijackThis and it's installed in it's own folder on the root drive. (C:\HJT)

Download, install, and update Ewido Security Suite
  • Install ewido security suite
  • Launch ewido, there should be a big E icon on your desktop, double-click it.
  • The program will prompt you to update click the OK button
  • The program will now go to the main screen
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Click on Start
The update will start and a progress bar will show the updates being installed.
After the updates are installed, exit Ewido

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
    [X]Scan local drives for temporary files (Please uncheck this option)
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program. Reboot/logoff when prompted.

Reboot into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter.

C:\Documents and Settings\nixon\Application Data\Sskknwrd.dll <--delete that file.

Run Ewido:
  • Click [Scanner]
  • Click [Complete System Scan] to begin scanning.
  • Click [OK] when prompted to clean files
  • With the first file it prompts to clean, select the option - "Perform action on all infections" - & choose clean and click [OK].
  • Once finished, click the [Save report] button
  • Save the report to your desktop
Close Ewido

Reboot back to normal mode.....

Please download Trend Micro™ Anti-Spyware for the Web Utility (by clicking the "Scan and Clean your PC" button).
  • Save it to your desktop.
  • Double-click the new icon on your desktop (tmas-web-scan.exe)
  • It will say "Loading TrendMicro definitions".
  • Once the definitions are loaded, the program will appear to close then re-open.
  • Click "Start Scan"
  • After it's done scanning, click "Scan Results"
  • Make sure all items found have a check next to them, then click "Clean Threats Now".
  • Click Exit.

Then run Panda again and post it's log along with the Ewido log and a new hijackthis log.
__________________
We Are The BORG Spyware KILLER and Adware Destroyer!





Spyware/Adware Removal Tools
Hijackthis
Ad-aware SE
Spybot Search&Destroy
SpywareBlaster
CWShredder
MicroBell is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-14-2006, 07:34 PM   #16 (permalink)
Registered User
 
originale's Avatar
 
Join Date: Sep 2004
Posts: 441
OS: winXP


can't replace with HJT 199.1
I've gone to this site,downloaded the latest version, run an HJT, but when I go back to the HJT folder, it's still the previous version. I don't see any instructions or prompts to replace the HJT file with this new version. I also don't know how the original file was created way back- seems it was automatic. Can you tell me how to do this most basic task?

thanks.
originale is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-15-2006, 01:35 AM   #17 (permalink)
Manager Emeritus - Security Center, Expert Analyst, Moderator - Security Team; Rangemaster, TSF Academy & Supporter
 
MicroBell's Avatar
 
Join Date: Sep 2004
Location: Carmichaels, PA-USA
Posts: 6,965
OS: Windows XP-Pro SP2


Send a message via ICQ to MicroBell Send a message via MSN to MicroBell
That part of my speech was standard to make sure the user has an updated version of HJT. According to your first log..you already have the latest...so no need to update.

In the future...when new versions come out...."Right Click" the link..and save it were the old version was. It will ask you if you want to overwrite the file...just choose yes. If it's a ZIP file..download the ZIP and then extract the EXE to were ever the old version is.
__________________
We Are The BORG Spyware KILLER and Adware Destroyer!





Spyware/Adware Removal Tools
Hijackthis
Ad-aware SE
Spybot Search&Destroy
SpywareBlaster
CWShredder
MicroBell is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-15-2006, 11:27 AM   #18 (permalink)
Registered User
 
originale's Avatar
 
Join Date: Sep 2004
Posts: 441
OS: winXP


All the results-very long
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 12:13:34 AM, 1/15/2006
+ Report-Checksum: A1442F53

+ Scan result:

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
:mozilla.14:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.46:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.47:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.50:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.51:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.53:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.58:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.59:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.60:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.67:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.71:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.72:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.73:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.74:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.78:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.83:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.84:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.87:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.88:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.114:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.128:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.129:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.130:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.131:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.152:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.153:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.154:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.156:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.157:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.158:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.159:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.160:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.161:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.162:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.163:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.164:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.165:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.170:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.171:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.172:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.173:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.174:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.175:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.176:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.177:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.178:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.179:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.180:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.181:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.182:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.183:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.184:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.185:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.186:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.187:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.188:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.189:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.190:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.191:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.192:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.193:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.194:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.195:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.196:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.197:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.198:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.199:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.200:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.201:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.202:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.203:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.204:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.212:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.220:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.221:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.222:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.230:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.231:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.232:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.233:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.236:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.237:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.238:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.239:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.240:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.251:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.252:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.253:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.260:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.261:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.262:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.263:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.264:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.289:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.290:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.291:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.311:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.328:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.329:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.330:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.331:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.332:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.333:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.334:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.335:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.349:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.350:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.351:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.352:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.353:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.365:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.368:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.369:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.370:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.380:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.381:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.382:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.383:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.384:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.385:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.386:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.398:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.409:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.425:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.428:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.429:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
:mozilla.434:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.440:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.452:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.453:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.454:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.455:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.456:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.457:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.461:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.462:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.463:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.464:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.465:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.466:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.467:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.471:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.474:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.501:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.502:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.503:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.504:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.505:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.509:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.536:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup
:mozilla.545:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.546:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.547:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.563:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.564:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.574:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.606:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
:mozilla.611:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.643:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Pro-market : Cleaned with backup
:mozilla.644:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Pro-market : Cleaned with backup
:mozilla.645:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Pro-market : Cleaned with backup
:mozilla.710:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.745:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.746:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.755:C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
C:\Program Files\Connected\COBackup.exe -> Heuristic.Win32.Dialer : Cleaned with backup
C:\System Volume Information\_restore{AA97DD24-26A5-4C07-BBBF-6A829F8BC53C}\RP145\A0025110.exe -> Spyware.Delfin : Cleaned with backup


::Report End
Logfile of HijackThis v1.99.0
Scan saved at 2:23:07 PM, on 1/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\S3tray2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Connected\CBSysTray.exe
c:\Program Files\Connected\AgentSrv.EXE
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Sympatico
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [BestPopUpKiller] C:\Program Files\BestPopUpKiller\BestPopupKiller.exe /startup
O4 - Startup: Connected TaskBar Icon.LNK = C:\Program Files\Connected\CBSysTray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Connected TaskBar Icon.LNK = C:\Program Files\Connected\CBSysTray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O15 - Trusted Zone: http://groups.msn.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernetwork.com/surferplugin.ocx
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/0167169d...p/RdxIE601.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1137276678265
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.9.27.1/ttinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...a/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/tech...ActiveData.cab
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/...chsettings.cab
O23 - Service: Connected Agent Service - Connected Corporation - c:\Program Files\Connected\AgentSrv.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: NICSer_WPC54 - Unknown - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: Norton AntiVirus Client - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe


Incident Status Location

Spyware:spyware/surfsidekick Not disinfected C:\Documents and Settings\nixon\Application Data\Sskknwrd.dll
Spyware:spyware/altnet Not disinfected Windows Registry
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.advertising.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.fastclick.net/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[media.fastclick.net/]
Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.2o7.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.atdmt.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.doubleclick.net/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.realmedia.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.overture.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.hitbox.com/]
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.bfast.com/]
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.qksrv.net/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.maxserving.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.belnk.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.dist.belnk.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.belnk.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[server.iad.liveperson.net/hc/70062990]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.zedo.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.valueclick.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Microsofte Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.microsofteup.112.2o7.net/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[statse.webtrendslive.com/dcszp7e1v10000omp5r9bmtnv_1o4g]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.ath.belnk.com/]
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.tickle.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.statcounter.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/24/7 Realmedia Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.247realmedia.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.burstnet.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[landing.domainsponsor.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.revenue.net/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Bs.serving-sys Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Bs.serving-sys Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[bs.serving-sys.com/]
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.web.tickle.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.adopt.hbmediapro.com/]
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[counter.hitslink.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.adtech.de/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.apmebf.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.bravenet.com/]
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.clickbank.net/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.com.com/]
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.ct.360i.com/]
Spyware:Cookie/go Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[.go.com/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[searchportal.information.com/]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[stat.onestat.com/]
Spyware:Cookie/web-stat Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[www.web-stat.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[70062990]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[dcszp7e1v10000omp5r9bmtnv_1o4g]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\nixon\Application Data\Mozilla\Firefox\Profiles\zn6po35x.Default User\cookies.txt[]
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\syste
originale is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-15-2006, 07:25 PM   #19 (permalink)
Manager Emeritus - Security Center, Expert Analyst, Moderator - Security Team; Rangemaster, TSF Academy & Supporter
 
MicroBell's Avatar
 
Join Date: Sep 2004
Location: Carmichaels, PA-USA
Posts: 6,965
OS: Windows XP-Pro SP2


Send a message via ICQ to MicroBell Send a message via MSN to MicroBell
Download KillBox http://www.bleepingcomputer.com/file...re/KillBox.zip

Open add/remove programs and remove BestPopUpKiller IF listed.

Run hijackthis and fix the following entrys:

O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [BestPopUpKiller] C:\Program Files\BestPopUpKiller\BestPopupKiller.exe /startup
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernetwork.com/surferplugin.ocx
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/0167169d...p/RdxIE601.cab

C:\Program Files\BestPopUpKiller<--delete that folder


Run KILL box. Paste the following locations into KILL BOX one at a time. Checkmark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion…say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot.

C:\WINDOWS\syste
C:\Documents and Settings\nixon\Application Data\Sskknwrd.dll

Once you reboot..post another Panda and Hijackthis log.
__________________
We Are The BORG Spyware KILLER and Adware Destroyer!





Spyware/Adware Removal Tools
Hijackthis
Ad-aware SE
Spybot Search&Destroy
SpywareBlaster
CWShredder
MicroBell is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-16-2006, 06:59 AM   #20 (permalink)
Registered User
 
originale's Avatar
 
Join Date: Sep 2004
Posts: 441
OS: winXP


problem
I don't know what to do with Killbox. It says to type full path of file to delete but I don't know what to put in there.

I never had best pop up killer- I use Firefox

I didn't have 04-HKLM run: KernelFaultCheck- so couldn't check that off in HJT/

Cd you let me know what to put into killbox?

thanks
originale is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
 
Page 1 of 3 1 23

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 05:01 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84