Results 1 to 10 of 10

Thread: Microsoft.WindowsSecurityCenter.AntiVirusDisableNotify and Adware/NaviPromo (again!!)

  1. #1
    Member
    Join Date
    Mar 2006
    Posts
    33

    Default Microsoft.WindowsSecurityCenter.AntiVirusDisableNotify and Adware/NaviPromo (again!!)

    Lately, when I run spybot, I keep getting a thing on the list that says: Microsoft.WindowsSecurityCenter.AntiVirusDisableNotify. I tell spybot to fix it and it says it does but it keeps comming back. I tried scanning in safe mode as well and still no luck. I also did a Panda scan and a HJT log. I noticed on the panda scan file that the NaviPromo was there. I had a problem with this about a year ago and got it resolved. The link to the old thread is:

    http://forums.spybot.info/showthread...ighlight=2bsss

    I havn't had any problems with the NaviPromo since it was "resolved" about a year ago so I was surprised to see it in the log. The following are the logs I have. Thank you in advance for any assistance you can provide.

    SpyBot:
    --- Search result list ---
    Microsoft.WindowsSecurityCenter.AntiVirusDisableNotify: Settings (Registry change, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify!=dword:0

    Panda Scan:
    Incident Status Location

    Adware:adware/navipromo Not disinfected c:\windows\system32\zbeqigr_nav.dat
    Adware:adware/webattaker Not disinfected c:\windows\uniq
    Potentially unwanted tool:application/mailskinner Not disinfected c:\program files\MailSkinner
    Dialer:dialer.b Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BE5A7132-329F-4319-B781-2A83BFE51534}
    Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Scott Stewart\Application Data\Mozilla\Firefox\Profiles\default.pcq\cookies.txt[.atwola.com/]
    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Scott Stewart\Application Data\Mozilla\Firefox\Profiles\default.pcq\cookies.txt[.realmedia.com/]
    Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Scott Stewart\My Documents\Other\Installers\smitRem.exe[smitRem/Process.exe]
    Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Tiffany\Application Data\Mozilla\Firefox\Profiles\lkvgn46e.default\cookies.txt[.atwola.com/]
    Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Tiffany\Application Data\Mozilla\Firefox\Profiles\lkvgn46e.default\cookies.txt[.go.com/]
    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Tiffany\Application Data\Mozilla\Firefox\Profiles\lkvgn46e.default\cookies.txt[.realmedia.com/]
    Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Tiffany\Application Data\Mozilla\Firefox\Profiles\lkvgn46e.default\cookies.txt[.toplist.cz/]
    Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Tiffany\Application Data\Mozilla\Firefox\Profiles\lkvgn46e.default\cookies.txt[ad.yieldmanager.com/]
    Potentially unwanted tool:Application/MyWay Not disinfected C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll


    HJT:
    Logfile of HijackThis v1.99.1
    Scan saved at 7:09:09 PM, on 11/16/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS\system32\GEARSEC.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\hphmon05.exe
    C:\WINDOWS\system32\lexpps.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\HJT\HijackThis.exe
    C:\Program Files\Symantec\LiveUpdate\AUpdate.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.d.umn.edu/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
    O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\GEARSEC.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe



    Thanks again for any help.

  2. #2
    Security Expert-Emeritus
    Join Date
    Oct 2005
    Posts
    5,025

    Default

    2bsss
    Uninstall mailskinner and My way search assistant via windows control panel addremove programs.

    then delete there folders if still present
    c:\program files\MailSkinner
    C:\Program Files\MyWaySA

    Post a report from this tool if any FILES show
    F-Secure Blacklight: https://europe.f-secure.com/blacklight/try.shtml
    Click the i accept button near the bottom of that page.
    click the first download button (version with grapichal user interface)
    Download/save (not open) and run blacklite click > scan then > next, next again then exit
    there will be a new txt near blacklite. post it please.
    Important: If any files show Do not rename them YET.....legitimate files can be listed.
    ~~~~~~~~~~~~~~~~~~~~~~~
    Microsoft MVP Windows-Security 2006

  3. #3
    Member
    Join Date
    Mar 2006
    Posts
    33

    Talking

    I could not find Mailskinner in the Add/Remove programs but I did find My Way Search Assistant and I removed it. I found the folder Mailskinner under program files on the C drive and removed it but did not find MywaySA folder in program files. Sorry. ??

    Here is the Backlight log:
    11/16/06 20:38:47 [Info]: BlackLight Engine 1.0.47 initialized
    11/16/06 20:38:47 [Info]: OS: 5.1 build 2600 (Service Pack 2)
    11/16/06 20:38:48 [Note]: 7019 4
    11/16/06 20:38:48 [Note]: 7005 0
    11/16/06 20:39:02 [Note]: 7006 0
    11/16/06 20:39:02 [Note]: 7011 2816
    11/16/06 20:39:02 [Note]: 7026 0
    11/16/06 20:39:02 [Note]: 7026 0
    11/16/06 20:39:19 [Note]: FSRAW library version 1.7.1020
    11/16/06 20:47:36 [Note]: 2000 1012
    11/16/06 20:47:36 [Note]: 2000 1012
    11/16/06 20:48:38 [Note]: 7007 0

    Thank you for the help. I really appreciate it.

  4. #4
    Security Expert-Emeritus
    Join Date
    Oct 2005
    Posts
    5,025

    Default

    Delete these two files
    c:\windows\system32\zbeqigr_nav.dat
    c:\windows\uniq

    smitrem isnt needed delete it
    C:\Documents and Settings\Scott Stewart\My Documents\Other\Installers\smitRem.exe

    Run Panda online again and post its report.

    These detections
    Microsoft.WindowsSecurityCenter.AntiVirusDisableNotify
    I would set SpyBot to ignore them
    http://www.safer-networking.org/en/faq/46.html
    ~~~~~~~~~~~~~~~~~~~~~~~
    Microsoft MVP Windows-Security 2006

  5. #5
    Member
    Join Date
    Mar 2006
    Posts
    33

    Default

    I will disable the security thing on SpyBot, although I never changed anything in it. Does my Norton anti-virus do it automatically?

    Here is the PandaScan log file:
    Incident Status Location

    Dialer:dialer.b Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BE5A7132-329F-4319-B781-2A83BFE51534}
    Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Scott Stewart\Application Data\Mozilla\Firefox\Profiles\default.pcq\cookies.txt[.atwola.com/]
    Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Scott Stewart\Application Data\Mozilla\Firefox\Profiles\default.pcq\cookies.txt[.zedo.com/]
    Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Scott Stewart\Application Data\Mozilla\Firefox\Profiles\default.pcq\cookies.txt[www.burstbeacon.com/]
    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Scott Stewart\Application Data\Mozilla\Firefox\Profiles\default.pcq\cookies.txt[.realmedia.com/]
    Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Scott Stewart\My Documents\Other\Installers\smitRem.exe[smitRem/Process.exe]
    Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Tiffany\Application Data\Mozilla\Firefox\Profiles\lkvgn46e.default\cookies.txt[.advertising.com/]
    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Tiffany\Application Data\Mozilla\Firefox\Profiles\lkvgn46e.default\cookies.txt[.doubleclick.net/]
    Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Tiffany\Application Data\Mozilla\Firefox\Profiles\lkvgn46e.default\cookies.txt[.advertising.com/]
    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Tiffany\Application Data\Mozilla\Firefox\Profiles\lkvgn46e.default\cookies.txt[.atdmt.com/]
    Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Tiffany\Application Data\Mozilla\Firefox\Profiles\lkvgn46e.default\cookies.txt[.advertising.com/]
    Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Tiffany\Application Data\Mozilla\Firefox\Profiles\lkvgn46e.default\cookies.txt[ad.yieldmanager.com/]
    Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Tiffany\Application Data\Mozilla\Firefox\Profiles\lkvgn46e.default\cookies.txt[.mediaplex.com/]
    Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Tiffany\Application Data\Mozilla\Firefox\Profiles\lkvgn46e.default\cookies.txt[.questionmarket.com/]
    Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Tiffany\Application Data\Mozilla\Firefox\Profiles\lkvgn46e.default\cookies.txt[.tradedoubler.com/]
    Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Tiffany\Application Data\Mozilla\Firefox\Profiles\lkvgn46e.default\cookies.txt[.atwola.com/]
    Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Tiffany\Application Data\Mozilla\Firefox\Profiles\lkvgn46e.default\cookies.txt[.go.com/]
    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Tiffany\Application Data\Mozilla\Firefox\Profiles\lkvgn46e.default\cookies.txt[.realmedia.com/]
    Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Tiffany\Application Data\Mozilla\Firefox\Profiles\lkvgn46e.default\cookies.txt[.toplist.cz/]

    Thanks again for all the help.

    2bsss

  6. #6
    Security Expert-Emeritus
    Join Date
    Oct 2005
    Posts
    5,025

    Default

    Is your norton behaving normal .

    Did you read the article about the windows security center.

    Unless norton is acting wierd or you have spyware problems i think your good to go
    ~~~~~~~~~~~~~~~~~~~~~~~
    Microsoft MVP Windows-Security 2006

  7. #7
    Member
    Join Date
    Mar 2006
    Posts
    33

    Default

    I did read the article about windows security center. Norton has kind of been acting funny. Once in a while, probably once a week, a little window pops up saying something to the effect of auto protect is disabled. I wish I wrote it down word for word last time it did it.

    2bsss

  8. #8
    Security Expert-Emeritus
    Join Date
    Oct 2005
    Posts
    5,025

    Default

    2bsss
    I dont think you have malware/spyware, could be a buggy norton
    what version is it you have ?
    Consider replacing it with another avtivirus product

    You could try step four five and six here
    http://service1.symantec.com/SUPPORT...04092415251106
    ~~~~~~~~~~~~~~~~~~~~~~~
    Microsoft MVP Windows-Security 2006

  9. #9
    Member
    Join Date
    Mar 2006
    Posts
    33

    Default

    LonnyRJones, Thanks for all the help. I tried the norton fix on the norton site but it couldn't find any symantec software installed (but I do have Norton antivirus version 9 installed), so you are probably right in that my norton is messed up. I will think about getting a different anti virus software program. Thanks again for your help.

  10. #10
    Security Expert-Emeritus
    Join Date
    Oct 2005
    Posts
    5,025

    Default

    Im Glad we could help
    Since the problems are solved Im going to close the topic now, this keeps others with similar problems from posting there logs/question here, they should start a new topic.

    If you should need to post another log for the same PC let one of us know via a PM (personal message).
    ~~~~~~~~~~~~~~~~~~~~~~~
    Microsoft MVP Windows-Security 2006

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •