[kylewilk04]

Logfile of HijackThis v1.99.1
Scan saved at 3:44:35 PM, on 24/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Kyle Wilkinson\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ca.red.client.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ca.red.client...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O1 - Hosts: 64.235.252.234 www.hitwgang.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PaltalkWebLogin - {502C3BA4-2C3E-4317-BC29-C0445E82B1F9} - C:\Program Files\Common Files\Paltalk\PaltalkWebLogin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: (no name) - {38cf8762-7461-41ee-b498-12316a2c1c84} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: downloads.emugp.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1142550094578
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Yesterday, my Norton told me I had the peacomm Trojan that seems to be going around, but it claimed it was cleaned. I still felt a little uneasy. Today, I scan again with Zonealarm and McAfee and come up with a couple different ones. I noticed a little later, that my phone had no dial tone (maybe this has nothing to do with it but...). So I turn off my computer, the phone goes back to normal, but when I restart I get to the user select screen, and select my user. I see my backdrop but the computer seems to hang and restart. I think some sort of system failure, and it was. Stop 0x000000F4 (0x00000003, 0x82CFAC38, 0x82CFADAC,0x805F9F88). I had read about someone else having the same trojan, and about a rootkit unhooker. Yet, when I try to run it, it says it has a parasite and to remove it. I do, and continue...but it says error loading a driver.

Can anyone help?
Thanks

EDIT: Okay, I got it to work again, by going back to previous settings. But, I have a feeling I'm not out of the woods yet, it's still a little slow.

Edited by kylewilk04, 25 January 2007 - 12:11 PM.

[Advertisements]

Hello kylewilk04 and Welcome to Geeks to Go!

My name is Joe and I will be helping you today. Sorry for the delay in response. As you can see, the forums are rather busy. Please be patient as I am still in training and all my posts are reviewed by our Expert Instructors prior to posting. With this in mind, there may be a little delay between posts.

Please give me a little bit to look over your log. I will post back some instructions as soon as possible.

[Jrenter2]

Hello kylewilk04 and Welcome to Geeks to Go!

My name is Joe and I will be helping you today. Sorry for the delay in response. As you can see, the forums are rather busy. Please be patient as I am still in training and all my posts are reviewed by our Expert Instructors prior to posting. With this in mind, there may be a little delay between posts.

Please give me a little bit to look over your log. I will post back some instructions as soon as possible.

[kylewilk04]

Thanks for helping, I think I pin-pointed what is causing all this mess. I think it may be my Norton Anti-virus, I tried to uninstall it a few days ago, but it locked up and crashed while it was in the middle of it.

I can't uninstall in Add/Remove Programs, it comes out as an error. But, I can't seem to find the program anywhere. It's not in the programs in Start, neither in Program files. The only way I can seem to get rid of it, is their own Norton removal tool. But, once I use that, my problems come back, and it won't start anymore.

Any ideas, to correct this?

Edited by kylewilk04, 25 January 2007 - 01:19 PM.

[Jrenter2]

Hi kylewilk04,

Thank you for the extra information in the last post. I am currently looking through your log and then will be proposing a fix to my instructors. Upon the clear to go I will post back here with what we will need to do for your computer. I will also address the Norton removal upon my return.

Thanks for your patience!

[Jrenter2]

Hello Kylewilk04

Ok, we have got some issues with your machine. While it may be frustrating, please bear with me as we take care of it. Together we will get through this situation. Before we continue, you may wish to print out these instructions for easy reference during the fix, because part of the fix may require you to be in Safe Mode, which will not allow you to access the Web. You can click the Options drop down near the upper right of the topic. Select Print this topic.

Step 1:

You are currently using HijackThis from your desktop. This really needs to be in a seperate directory. HijackThis creates backups that are needed in case of any recovery issues. Please create a folder on your C:\ drive called HJT, download and unzip or copy HijackThis into that directory. Run the program from that directory from now on.

STEPS For Creating Folder1. Please go to My Computer, open your C:\ drive, Select: New >> Folder and name the folder HJT.

2. Download or copy HijackThis to the new folder:

3. If downloaded, Double Click on 'HijackThis.zip' to extract and install HijackThis.exe to the new folder.
Step 2:

We must disable the Real-Time Protection features for Windows Defender and Spyware Doctor as they may interfere with the changes we need to make.

For Windows Defender:
To disable Real-Time Protection:

• Go to "Tools" | "General Settings"
• Scroll down to "Real-time protection options"
• Uncheck "Turn on real-time protection (recommended)"
• Remember to reactivate this feature when we have finished all our work.

For Spyware Doctor:1. From within Spyware Doctor, click the "OnGuard" button on the left side.
2. Uncheck "Activate OnGuard".
Step 3:

Please download GMER from here

• Unzip it and double click the gmer.exe file
• Select rootkit tab.
• Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
• Press scan
• When it has finished press save & post back the log it makes
• Repeat the proces with the Autostarts tab and do the same there

Step 4:

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ca.red.client.../search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ca.red.client...//www.yahoo.com
O3 - Toolbar: (no name) - {38cf8762-7461-41ee-b498-12316a2c1c84} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present - Please confirm that you have put the following restrictions / controlled options yourself as an administrator

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

Reboot your computer.

Step 5:

I would like to see what programs you have installed on your system. Please provide me with a Uninstall List by doing the following:

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save. (copy and paste the results in your next post.)

In your next reply, please include the following:
GMER report
New HijackThis log
Uninstall List

[kylewilk04]

Hello again, thanks for responding.

The only problem I ran into, is that when I cleaned those entries and rebooted. It crashed after selecting a user, which is happening every time I reboot I found out before reading your instructions. The only way I can get back to regular mode, is by selecting "last known good config.". So, right now I'm in safe mode.

And the rootkit is too long to post, it crashes Firefox every time I try to copy/paste it in. (5.35Mb!)

So, I had to upload to rapidshare:

http://rapidshare.co...ootkit.txt.html

EDIT: Just a little more information, I decided to go back to regular mode, by selecting that last good config. and I ran HFT again, and it appears those entries are gone. So, I'm not sure why I couldn't get back by just rebooting.

Attached Files

•  uninstall_list.txt   6.33KB   139 downloads
•  autostart.txt   15.29KB   153 downloads

Edited by kylewilk04, 26 January 2007 - 02:19 PM.

[kylewilk04]

NEW HJT Log:

Logfile of HijackThis v1.99.1
Scan saved at 12:38:25 PM, on 26/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Explorer.EXE
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O1 - Hosts: 64.235.252.234 www.hitwgang.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PaltalkWebLogin - {502C3BA4-2C3E-4317-BC29-C0445E82B1F9} - C:\Program Files\Common Files\Paltalk\PaltalkWebLogin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: downloads.emugp.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1142550094578
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Edited by kylewilk04, 26 January 2007 - 12:11 PM.

[Jrenter2]

Hello Kylewilk04

Sorry for the delay in response. As you can see, the forums are rather busy. Thanks for the logs. Please post your logs in the forums instead of making attachments. They are not formatted, so they are harder to read when they are sent as attachments.

Ok...let's continue on and knock this one out.

Step 1

COMPLETE NORTON ANTIVIRUS REMOVAL - (Files and Folders ONLY)

• Go to Start --> Control Panel --> Add/Remove Programs.
  Move down till you get to the Norton entry.
• Click Change --> Remove All.
• Restart your computer when asked.
  
  Next,
• Go to Start --> My Computer --> Program Files.
• Right click on each Symantec folder and select Delete.
• Go to Start --> My Computer --> Program Files --> Common Files.
  Right click on each Symantec folder and select Delete.
• Go to Start --> Search --> All Files and Folders --> More Advanced Options.
  Place a check in each option EXCEPT "Case sensitive"
  In the box, type in Norton. When the search is complete, every NORTON folder entry that comes up right click and choose "Delete".
• Go to Start --> Search --> All Files and Folders --> More Advanced Options.
  Place a check in each option EXCEPT "Case sensitive"
  In the box, type in Symantec
  When the search is complete, every Symantec folder entry that comes up right click and choose "Delete".
• Restart your computer.

Step 2

First download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program

• Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
• Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
• On the main screen select the icon "Update" then select the "Update now" link.
  • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
• Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
• Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
• Under "Reports"
  • Select "Automatically generate report after every scan"
  • Un-Select "Only if threats were found"
  Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.
  
• Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
  
  IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  
• Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
• Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
• AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
  
  Once the scan is complete do the following:
• If you have any infections you will prompted, then select "Apply all actions"
• Next select the "Reports" icon at the top.
• Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  
• Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.

Step 3

1. Download ComboFix.exe using either of these links:

BleepingComputer

Techsupportforum.com

2. Double click on combofix.exe & follow the prompts to allow the tool to run.

3. When it has finished, it will produce a log for you. Post that log & a fresh HJT log in your next reply

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

Please reply back with the following:
AVG Scan report
Combofix report
New HJT log
Status of your computer now

[kylewilk04]

Okay, here is what happened. Step 1, I couldn't do. I went into Add/Remove programs, found Symantec Anti-Virus, and clicked change. So far so good, the wizard came up and it started, about 3/4 the way in, it stops and says it can't find or read Antivirus.msi in C:/Windows/Installer. So, it stops, and seems to reverse everything and exit.

Step 2, the only thing I couldn't do here, was restart normally, so I had to go to start with last good config.

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:49:40 AM 27/01/2007

+ Scan result:



HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Adware.WebSearch : Cleaned with backup (quarantined).
:mozilla.11:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.16:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.17:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.647:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.648:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.649:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.650:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.16:C:\Documents and Settings\Robert Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.g0w\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.17:C:\Documents and Settings\Robert Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.g0w\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.185:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.186:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.187:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.188:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.189:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.190:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.192:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.193:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.194:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.195:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.197:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.200:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.202:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.203:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.204:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.205:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.27:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.28:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.29:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.30:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.31:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.32:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.33:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.34:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.35:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.36:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.378:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.37:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.38:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.39:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.577:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.691:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.753:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.757:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.825:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.838:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.859:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.128:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.129:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.130:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.131:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.132:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.133:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.134:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.136:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.145:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.146:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.147:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.20:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.21:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.22:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.23:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.24:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.279:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.280:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.458:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.459:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.460:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.463:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.464:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.64:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.65:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.66:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.67:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.68:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.740:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.78:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.79:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.80:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.81:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.82:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.85:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.86:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Kyle Wilkinson\Cookies\kyle [email protected][2].txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.709:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.248:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.249:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.250:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.251:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.456:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.457:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.458:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.459:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.351:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.352:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.357:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.358:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.363:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.366:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.672:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.673:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.798:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.100:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.241:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.242:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.243:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.245:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.246:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.86:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.88:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.89:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.90:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.91:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.50:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.50:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.7:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.829:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.461:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.716:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.792:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.793:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.794:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.916:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.359:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.364:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.365:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.77:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.810:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.811:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.812:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.32:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.336:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.337:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.338:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.339:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.33:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.340:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.341:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.342:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.34:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.35:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.36:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.37:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.411:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.412:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.413:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.415:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.421:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.425:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.44:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.64:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.698:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies.txt -> TrackingCookie.Clickbank : Cleaned.
:mozilla.595:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.600:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.684:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.685:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.887:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.888:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.160:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Com : Cleaned.
:mozilla.161:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Com : Cleaned.
:mozilla.162:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Com : Cleaned.
:mozilla.163:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Com : Cleaned.
:mozilla.164:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Com : Cleaned.
:mozilla.207:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Com : Cleaned.
:mozilla.208:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Com : Cleaned.
:mozilla.55:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Com : Cleaned.
:mozilla.868:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Cqcounter : Cleaned.
:mozilla.124:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.15:C:\Documents and Settings\Robert Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.g0w\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.56:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.568:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.569:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.570:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.571:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.814:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.815:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.816:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.817:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.818:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.114:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.115:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.116:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.117:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.256:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.257:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.257:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.258:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.259:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.259:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.260:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.261:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.265:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.267:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.258:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.260:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.261:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.262:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.263:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.264:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.266:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.353:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.354:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.355:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.356:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.65:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.66:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.298:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.299:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.300:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.301:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.302:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.303:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.304:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.305:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.306:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.307:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.308:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.526:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.527:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.528:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.572:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.573:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.574:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.575:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.719:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.720:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.721:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.722:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.723:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.724:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.725:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.726:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.727:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.729:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.750:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.751:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.752:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.776:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.777:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.846:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.908:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.909:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.932:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.944:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.868:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Information : Cleaned.
:mozilla.613:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies.txt -> TrackingCookie.Kmpads : Cleaned.
:mozilla.740:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.874:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.206:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.59:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.182:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.183:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.184:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.662:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.665:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.666:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.158:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.159:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.162:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.163:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.164:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.580:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.581:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.582:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.583:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.775:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.776:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.777:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.778:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.761:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.762:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.549:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.550:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.583:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.584:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.585:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.586:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.881:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.882:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.15:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.18:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.19:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.348:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.349:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.350:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.867:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.900:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.788:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.789:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.571:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.572:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.573:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.574:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.575:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.576:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.610:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.611:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.612:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.613:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.614:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.615:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.849:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.850:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.851:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.465:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.466:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.467:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-1.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.150:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.151:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.152:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.153:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.154:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.155:C:\Documents and Settings\Kyle Wilkinson\Application Data\Mozilla\Firefox\Profiles\default.85f\cookies-2.txt -> TrackingCookie.Statcounter : Cleaned.
:mozil

[kylewilk04]

Step 3, went off without a hitch.

"Kyle Wilkinson" - 07-01-27 11:58:31 Service Pack 2
ComboFix 07-01-25 - Running from: "C:\Documents and Settings\Kyle Wilkinson\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\INSTALL.LOG


((((((((((((((((((((((((((((((( Files Created from 2006-12-27 to 2007-01-27 ))))))))))))))))))))))))))))))))))


2007-01-27 11:08 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-01-27 11:08 <DIR> d-------- C:\Program Files\Grisoft
2007-01-26 11:51 80 --a------ C:\WINDOWS\gmer_uninstall.cmd
2007-01-26 11:49 <DIR> d-------- C:\HJT
2007-01-25 17:44 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2007-01-23 22:54 <DIR> d-------- C:\DOCUME~1\KYLEWI~2\Application Data\MailFrontier
2007-01-23 22:39 75,512 --a------ C:\WINDOWS\zllsputility.exe
2007-01-23 22:37 1,087,216 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-01-23 22:37 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-01-23 16:07 <DIR> d-------- C:\WINDOWS\Performance
2007-01-23 16:05 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Microsoft Corporation
2007-01-22 17:07 <DIR> d-------- C:\Program Files\TuneUp Utilities 2007
2007-01-22 16:36 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-01-22 15:59 <DIR> d-------- C:\Program Files\Windows Defender
2007-01-10 08:35 <DIR> d-------- C:\WINDOWS\ie7updates
2007-01-08 16:49 <DIR> d-------- C:\WINDOWS\WBEM
2007-01-08 16:49 <DIR> d-------- C:\WINDOWS\system32\en-US
2007-01-08 16:48 <DIR> d--h-c--- C:\WINDOWS\ie7
2007-01-08 16:46 121,856 --------- C:\WINDOWS\system32\xmllite.dll
2007-01-08 16:45 <DIR> d-------- C:\WINDOWS\network diagnostic
2006-12-31 22:45 <DIR> d-------- C:\Program Files\Common Files\Moonlight
2006-12-31 22:36 <DIR> d-------- C:\DOCUME~1\KYLEWI~2\Application Data\DivX
2006-12-31 22:33 97,280 --a------ C:\WINDOWS\system32\ff_realaac.dll
2006-12-31 22:33 79,872 --a------ C:\WINDOWS\system32\ff_tremor.dll
2006-12-31 22:33 741,376 --a------ C:\WINDOWS\system32\audxlib.dll
2006-12-31 22:33 673,782 --a------ C:\WINDOWS\system32\unins000.exe
2006-12-31 22:33 5,120 --a------ C:\WINDOWS\system32\ff_vfw.dll
2006-12-31 22:33 40,960 --a------ C:\WINDOWS\system32\ff_liba52.dll
2006-12-31 22:33 38,400 --a------ C:\WINDOWS\system32\ff_unrar.dll
2006-12-31 22:33 245,760 --a------ C:\WINDOWS\system32\ff_libfaad2.dll
2006-12-31 22:33 225,280 --a------ C:\WINDOWS\system32\ff_kernelDeint.dll
2006-12-31 22:33 155,648 --a------ C:\WINDOWS\system32\ff_libdts.dll
2006-12-31 22:33 122,880 --a------ C:\WINDOWS\system32\ff_samplerate.dll
2006-12-31 22:19 <DIR> d-------- C:\WINDOWS\system32\languages
2006-12-31 22:19 <DIR> d-------- C:\WINDOWS\system32\help
2006-12-31 22:19 <DIR> d-------- C:\WINDOWS\system32\custom matrices
2006-12-30 15:41 51,072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys
2006-12-30 15:41 30,592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys
2006-12-30 15:41 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\Application Data\TEMP


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-27 11:53 -------- d-------- C:\Program Files\mozilla firefox
2007-01-27 11:03 -------- d-------- C:\DOCUME~1\KYLEWI~2\Application Data\utorrent
2007-01-26 21:20 -------- d-------- C:\Program Files\steam
2007-01-25 20:46 -------- d--h----- C:\Program Files\installshield installation information
2007-01-23 17:03 96256 --a------ C:\WINDOWS\system32\drivers\sptd6093.sys
2007-01-23 16:55 -------- d-------- C:\Program Files\world of warcraft
2007-01-23 15:26 -------- d-------- C:\Program Files\spyware doctor
2007-01-23 14:18 -------- d-------- C:\DOCUME~1\KYLEWI~2\Application Data\limewire
2007-01-22 17:07 -------- d-------- C:\Program Files\Common Files\wise installation wizard
2007-01-22 17:06 -------- d-------- C:\Program Files\tuneup utilities 2006
2007-01-22 16:12 -------- d-------- C:\DOCUME~1\KYLEWI~2\Application Data\my games
2007-01-21 12:15 -------- d-------- C:\DOCUME~1\KYLEWI~2\Application Data\adobeum
2007-01-09 21:50 124469 --a------ C:\DOCUME~1\KYLEWI~2\Application Data\cosmos prefs
2006-12-31 22:47 -------- d-------- C:\Program Files\Common Files\elecard
2006-12-31 22:45 -------- d-------- C:\Program Files\xamp studio
2006-12-31 22:36 -------- d-------- C:\Program Files\divx
2006-12-30 10:49 403968 --a------ C:\WINDOWS\system32\libmplayer.dll
2006-12-30 10:49 3165184 --a------ C:\WINDOWS\system32\libavcodec.dll
2006-12-30 10:49 26624 --a------ C:\WINDOWS\system32\ff_wmv9.dll
2006-12-30 10:49 143360 --a------ C:\WINDOWS\system32\ff_theora.dll
2006-12-30 10:49 118784 --a------ C:\WINDOWS\system32\ff_libmad.dll
2006-12-30 10:49 114688 --a------ C:\WINDOWS\system32\libmpeg2_ff.dll
2006-12-30 10:00 200704 --a------ C:\WINDOWS\system32\tomsmocomp_ff.dll
2006-12-26 23:08 -------- d-------- C:\Program Files\Common Files\real
2006-12-19 16:53 24072 --a------ C:\WINDOWS\system32\uxtuneup.dll
2006-12-17 15:29 -------- d-------- C:\DOCUME~1\KYLEWI~2\Application Data\vso
2006-12-15 18:50 -------- d-------- C:\DOCUME~1\KYLEWI~2\Application Data\ventrilo
2006-12-15 18:45 -------- d-------- C:\Program Files\ventrilo
2006-12-12 11:30 520192 --a------ C:\WINDOWS\system32\divxsm.exe
2006-12-12 11:30 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2006-12-12 11:30 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2006-12-12 11:30 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2006-12-12 11:25 806912 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2006-12-12 11:25 806912 --a------ C:\WINDOWS\system32\divx_xx07.dll
2006-12-12 11:25 790528 --a------ C:\WINDOWS\system32\divx_xx11.dll
2006-12-12 11:25 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2006-12-12 11:25 635486 --a------ C:\WINDOWS\system32\divx.dll
2006-12-12 11:25 593920 --a------ C:\WINDOWS\system32\dpugui11.dll
2006-12-12 11:25 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2006-12-12 11:25 53248 --a------ C:\WINDOWS\system32\dpugui10.dll
2006-12-12 11:25 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2006-12-12 11:25 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2006-12-12 11:25 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2006-12-12 11:25 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2006-12-12 11:24 12288 --a------ C:\WINDOWS\system32\divxwmpexttype.dll
2006-12-12 11:24 118784 --a------ C:\WINDOWS\system32\divxcodecupdatechecker.exe
2006-12-05 20:01 -------- d---s---- C:\Program Files\xfire
2006-12-05 16:23 -------- d-------- C:\DOCUME~1\KYLEWI~2\Application Data\xfire
2006-11-29 11:15 -------- d-------- C:\Program Files\windows media connect 2
2006-11-08 00:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-07 21:03 6049280 --------- C:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-11-07 21:03 180736 --------- C:\WINDOWS\system32\ieui.dll
2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-11-07 03:26 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce\CTStartup]
"CTStartup"="\"C:\\Program Files\\Creative\\Splash Screen\\CTEaxSpl.EXE\" /play"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BrStDvPt"
"hkey"="HKLM"
"command"="C:\\Program Files\\Brother\\Brmfl04a\\BrStDvPt.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SsAAD"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Sony\\SONICS~1\\SsAAD.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SSBkgdupdate"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Scansoft Shared\\SSBkgdUpdate\\SSBkgdupdate.exe\" -Embedding -boot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SSScsiSV"=dword:00000003
"SPTISRV"=dword:00000003
"iPodService"=dword:00000003
"Adobe LM Service"=dword:00000003
"ose"=dword:00000003
"Symantec Core LC"=dword:00000002

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"Ghp`amfUbrhLds"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=""
"NoFind"=dword:00000000
"NoFavoritesMenu"=dword:00000000
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
@=""
"NoCommonGroups"=dword:00000000
"HideClock"=dword:00000000
"NoLowDiskSpaceChecks"=dword:00000000
"NoCDBurning"=dword:00000000
"NoStartMenuPinnedList"=dword:00000000
"NoStartMenuMFUprogramsList"=dword:00000000
"NoStartMenuSubFolders"=dword:00000000
"ClearRecentDocsOnExit"=dword:00000000
"NoDeletePrinter"=dword:00000000
"NoAddPrinter"=dword:00000000
"NoNetworkConnections"=dword:00000000
"NoChangeStartMenu"=dword:00000000
"NoViewContextMenu"=dword:00000000
"NoFileMenu"=dword:00000000
"NoShellSearchButton"=dword:00000000
"NoRecentDocsNetHood"=dword:00000000
"NoChangeAnimation"=dword:00000000
"NoChangeKeyboardNavigationIndicators"=dword:00000000
"[email protected]"=dword:00000000
"[email protected]"=dword:00000000
"MnOndNeg"=dword:00000000
"MnQtm"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\DisallowRun]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\RestrictRun]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

HKLM\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
UxTuneUp


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J]
Shell\AutoRun\command J:\LaunchBFII.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d702fda-d859-11d9-a745-f1500869012c}]
Shell\AutoRun\command E:\Install.exe



~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20070126-123223-131
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
backup-20070126-123223-979
O3 - Toolbar: (no name) - {38cf8762-7461-41ee-b498-12316a2c1c84} - (no file)
backup-20070126-123223-863
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
backup-20070126-123223-476
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ca.red.client...//www.yahoo.com
backup-20070126-123223-460
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
backup-20070126-123223-681
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ca.red.client.../search/ie.html

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

Completion time: 07-01-27 12:09:50


-----------------------------------------------------------------------------------------|

HJT LOG:

Logfile of HijackThis v1.99.1
Scan saved at 12:14:57 PM, on 27/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\system32\ZoneLabs\avsys\Monitor.exe
C:\sUBs\ComboFix.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\Explorer.EXE
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O1 - Hosts: 64.235.252.234 www.hitwgang.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PaltalkWebLogin - {502C3BA4-2C3E-4317-BC29-C0445E82B1F9} - C:\Program Files\Common Files\Paltalk\PaltalkWebLogin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: downloads.emugp.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1142550094578
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


System Status:

I still can't restart normally, and everytime I have to select "Start With Last Known Good Config" to start in regular mode. Norton won't come off, seems that some files may have been deleted or corrupted. And overall it may be a bit sluggish. But besides that, everthing works well.

Edited by kylewilk04, 27 January 2007 - 11:31 AM.

[Jrenter2]

Hi Kylewilk04

Let's go ahead and reinstall Norton so that everything is back where it belongs and then do an uninstall from Add/Remove Programs. There will probably be 3, 4 or more items in Add/Remove Programs that you will need to uninstall related to Norton (Norton AV, LiveUpdate, Common Components etc). Look for anything Norton or Symantec related and uninstall them (some parts will require that other parts have been uninstalled first and will tell you so).

When complete, post back here with another HJT log and how things went.

Edited by Jrenter2, 27 January 2007 - 07:12 PM.

[kylewilk04]

Okay, I tried to re-install, but it stopped at Starting Services, and after 20-25 mins, it stopped and gave an error:

Error 1920 Service Symantec Anti-virus failed to start. Verify you have sufficient privileges to start system services

But, I am that Administrator on my computer. Should I try this in safe mode, or will it not make any difference?

[Jrenter2]

Hi kylewilk04

What version of NAV do you have? Hang tight and we will find out why this is happening. There are a couple reasons, so we want to try and nail it on the head the first round.

[kylewilk04]

I have Symantec Antivirus Corporate Version :10.2.0.199

[Jrenter2]

Good Morning Kylewilk04

After looking at your last post, like I had said, there are many reasons for this error and also many solutions. At this time, I am going to direct you to a website that will show you exactly how to uninstall the files and folders from you system for this version of Symantec program.

Please follow this link and follow the directions given. If afterwards it still won't come off your system, it would be best to contact Symantec Support Team for further directions on this matter. Symantec Manual Uninstall

When you have completed this, post back with the results and a new HJT log and how your computer is functioning now and we will take a final look for any malware that may reside on here along with some helpful suggestions.