Okay. I restarted to Safe Mode and ran SpySweeper. It found two more things. Here's the log:
********
9:30 PM: |··· Start of Session, Monday, October 10, 2005 ···|
9:30 PM: Spy Sweeper started
9:30 PM: Sweep initiated using definitions version 552
9:30 PM: Starting Memory Sweep
9:31 PM: Memory Sweep Complete, Elapsed Time: 00:01:13
9:31 PM: Starting Registry Sweep
9:31 PM: Registry Sweep Complete, Elapsed Time:00:00:14
9:31 PM: Starting Cookie Sweep
9:31 PM: Found Spy Cookie: atwola cookie
9:31 PM: dad@atwola[1].txt (ID = 2255)
9:31 PM: Cookie Sweep Complete, Elapsed Time: 00:00:03
9:31 PM: Starting File Sweep
9:33 PM: Found Adware: gain-supported software
9:33 PM: 00058072.txt (ID = 61395)
9:38 PM: File Sweep Complete, Elapsed Time: 00:07:09
9:38 PM: Full Sweep has completed. Elapsed time 00:08:55
9:38 PM: Traces Found: 2
9:39 PM: Removal process initiated
9:39 PM: Quarantining All Traces: atwola cookie
9:39 PM: Quarantining All Traces: gain-supported software
9:39 PM: Removal process completed. Elapsed time 00:00:25
********
8:36 PM: |··· Start of Session, Monday, October 10, 2005 ···|
8:36 PM: Spy Sweeper started
8:36 PM: Sweep initiated using definitions version 552
8:36 PM: Starting Memory Sweep
8:39 PM: Memory Sweep Complete, Elapsed Time: 00:02:55
8:39 PM: Starting Registry Sweep
8:39 PM: Found Adware: comet cursor
8:39 PM: HKU\WRSS_Profile_S-1-5-21-1645522239-1757981266-725345543-1005\software\microsoft\internet explorer\toolbar\webbrowser\ || {fe6bc4ef-5676-484b-88ae-883323913256} (ID = 106731)
8:39 PM: Found Adware: ist istbar
8:39 PM: HKLM\software\classes\typelib\{67907b3c-a6ef-4a01-99ad-3fcd5f526429}\ (7 subtraces) (ID = 129103)
8:39 PM: HKCR\typelib\{67907b3c-a6ef-4a01-99ad-3fcd5f526429}\ (7 subtraces) (ID = 129190)
8:39 PM: Found Adware: winad
8:39 PM: HKCR\appid\loaderx.exe\ (1 subtraces) (ID = 147150)
8:39 PM: HKCR\appid\{735c5a0c-f79f-47a1-8ca1-2a2e482662a8}\ (1 subtraces) (ID = 147151)
8:39 PM: HKLM\software\classes\appid\loaderx.exe\ (1 subtraces) (ID = 147164)
8:39 PM: HKLM\software\classes\appid\{735c5a0c-f79f-47a1-8ca1-2a2e482662a8}\ (1 subtraces) (ID = 147165)
8:39 PM: HKLM\software\classes\typelib\{15696ae2-6ea4-47f4-bea6-a3d32693efc7}\ (9 subtraces) (ID = 147176)
8:39 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mediaaccx.dll\ (2 subtraces) (ID = 147191)
8:39 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\mediaaccx.dll (ID = 147221)
8:39 PM: HKCR\typelib\{15696ae2-6ea4-47f4-bea6-a3d32693efc7}\ (9 subtraces) (ID = 147244)
8:39 PM: Registry Sweep Complete, Elapsed Time:00:00:11
8:39 PM: Starting Cookie Sweep
8:39 PM: Found Spy Cookie: yieldmanager cookie
8:39 PM:
[email protected][2].txt (ID = 3751)
8:39 PM: Found Spy Cookie: atwola cookie
8:39 PM: dad@atwola[1].txt (ID = 2255)
8:39 PM: Found Spy Cookie: realmedia cookie
8:39 PM: dad@realmedia[1].txt (ID = 3235)
8:39 PM: Found Spy Cookie: 2o7.net cookie
8:39 PM: mom@2o7[1].txt (ID = 1957)
8:39 PM: Found Spy Cookie: overture cookie
8:39 PM:
[email protected][1].txt (ID = 3106)
8:39 PM: Found Spy Cookie: centrport net cookie
8:39 PM: sam@centrport[1].txt (ID = 2374)
8:39 PM: Found Spy Cookie: 247realmedia cookie
8:39 PM: eric@247realmedia[1].txt (ID = 1953)
8:39 PM: eric@2o7[2].txt (ID = 1957)
8:39 PM: Found Spy Cookie: 64.62.232 cookie
8:39 PM:
[email protected][1].txt (ID = 1987)
8:39 PM: Found Spy Cookie: about cookie
8:39 PM: eric@about[1].txt (ID = 2037)
8:39 PM:
[email protected][2].txt (ID = 3751)
8:39 PM: Found Spy Cookie: adknowledge cookie
8:39 PM: eric@adknowledge[1].txt (ID = 2072)
8:39 PM: Found Spy Cookie: addynamix cookie
8:39 PM:
[email protected][1].txt (ID = 2062)
8:39 PM: Found Spy Cookie: pointroll cookie
8:39 PM:
[email protected][1].txt (ID = 3148)
8:39 PM: Found Spy Cookie: adtech cookie
8:39 PM: eric@adtech[2].txt (ID = 2155)
8:39 PM: Found Spy Cookie: apmebf cookie
8:39 PM: eric@apmebf[2].txt (ID = 2229)
8:39 PM:
[email protected][1].txt (ID = 2256)
8:39 PM: Found Spy Cookie: belnk cookie
8:39 PM:
[email protected][1].txt (ID = 2293)
8:39 PM: eric@atwola[2].txt (ID = 2255)
8:39 PM: Found Spy Cookie: go.com cookie
8:39 PM:
[email protected][2].txt (ID = 2729)
8:39 PM: eric@belnk[2].txt (ID = 2292)
8:39 PM: Found Spy Cookie: bluestreak cookie
8:39 PM: eric@bluestreak[1].txt (ID = 2314)
8:39 PM: Found Spy Cookie: burstnet cookie
8:39 PM: eric@burstnet[2].txt (ID = 2336)
8:39 PM: eric@burstnet[3].txt (ID = 2336)
8:39 PM: eric@burstnet[4].txt (ID = 2336)
8:39 PM: Found Spy Cookie: cardomain cookie
8:39 PM: eric@cardomain[2].txt (ID = 2350)
8:39 PM: eric@centrport[2].txt (ID = 2374)
8:39 PM:
[email protected][1].txt (ID = 1958)
8:39 PM: Found Spy Cookie: adbureau cookie
8:39 PM:
[email protected][2].txt (ID = 2060)
8:39 PM:
[email protected][1].txt (ID = 2293)
8:39 PM: Found Spy Cookie: ru4 cookie
8:39 PM:
[email protected][1].txt (ID = 3269)
8:39 PM:
[email protected][1].txt (ID = 2729)
8:39 PM:
[email protected][1].txt (ID = 2729)
8:39 PM: Found Spy Cookie: goclick cookie
8:39 PM: eric@goclick[1].txt (ID = 2732)
8:39 PM: eric@go[2].txt (ID = 2728)
8:39 PM: eric@go[3].txt (ID = 2728)
8:39 PM: Found Spy Cookie: humanclick cookie
8:39 PM:
[email protected][2].txt (ID = 2810)
8:39 PM: Found Spy Cookie: hypertracker.com cookie
8:39 PM: eric@hypertracker[1].txt (ID = 2817)
8:39 PM: Found Spy Cookie: ic-live cookie
8:39 PM: eric@ic-live[1].txt (ID = 2821)
8:39 PM:
[email protected][1].txt (ID = 2729)
8:39 PM: eric@overture[2].txt (ID = 3105)
8:39 PM: Found Spy Cookie: touchclarity cookie
8:39 PM:
[email protected][2].txt (ID = 3567)
8:39 PM: Found Spy Cookie: partypoker cookie
8:39 PM: eric@partypoker[2].txt (ID = 3111)
8:39 PM:
[email protected][1].txt (ID = 3106)
8:39 PM:
[email protected][1].txt (ID = 2729)
8:39 PM: Found Spy Cookie: qksrv cookie
8:39 PM: eric@qksrv[2].txt (ID = 3213)
8:39 PM: Found Spy Cookie: questionmarket cookie
8:39 PM: eric@questionmarket[1].txt (ID = 3217)
8:39 PM:
[email protected][1].txt (ID = 2729)
8:39 PM: Found Spy Cookie: rc cookie
8:39 PM: eric@rc[1].txt (ID = 3231)
8:39 PM: eric@realmedia[1].txt (ID = 3235)
8:39 PM:
[email protected][1].txt (ID = 2729)
8:39 PM: Found Spy Cookie: web-stat cookie
8:39 PM:
[email protected][1].txt (ID = 3649)
8:39 PM:
[email protected][1].txt (ID = 2729)
8:39 PM:
[email protected][1].txt (ID = 1958)
8:39 PM:
[email protected][2].txt (ID = 2729)
8:39 PM: Found Spy Cookie: dealtime cookie
8:39 PM:
[email protected][1].txt (ID = 2506)
8:39 PM: Found Spy Cookie: onestat.com cookie
8:39 PM:
[email protected][2].txt (ID = 3098)
8:39 PM: Found Spy Cookie: statcounter cookie
8:39 PM: eric@statcounter[1].txt (ID = 3447)
8:39 PM: Found Spy Cookie: webtrendslive cookie
8:39 PM:
[email protected][2].txt (ID = 3667)
8:39 PM: Found Spy Cookie: tracking cookie
8:39 PM: eric@tracking[2].txt (ID = 3571)
8:39 PM: Found Spy Cookie: tradedoubler cookie
8:39 PM: eric@tradedoubler[1].txt (ID = 3575)
8:39 PM: Found Spy Cookie: myaffiliateprogram.com cookie
8:39 PM:
[email protected][1].txt (ID = 3032)
8:39 PM: Found Spy Cookie: adserver cookie
8:39 PM:
[email protected][1].txt (ID = 2142)
8:39 PM: Found Spy Cookie: atlas dmt cookie
8:39 PM: z guest of radles@atdmt[2].txt (ID = 2253)
8:39 PM: z guest of radles@atwola[2].txt (ID = 2255)
8:39 PM: z guest of radles@centrport[2].txt (ID = 2374)
8:39 PM: z guest of
[email protected][2].txt (ID = 1958)
8:39 PM: Found Spy Cookie: fastclick cookie
8:39 PM: z guest of radles@fastclick[1].txt (ID = 2651)
8:39 PM: z guest of radles@overture[1].txt (ID = 3105)
8:39 PM: z guest of
[email protected][1].txt (ID = 2142)
8:39 PM: Cookie Sweep Complete, Elapsed Time: 00:00:09
8:39 PM: Starting File Sweep
8:41 PM: Warning: Failed to read file "c:\documents and settings\dad\local settings\temp\perflib_perfdata_408.dat". System Error. Code: 32.
The process cannot access the file because it is being used by another process
8:41 PM: Found Adware: gain-supported software
8:41 PM: gator.txt (ID = 61395)
8:51 PM: Found Adware: cydoor peer-to-peer dependency
8:51 PM: cd_clint.dll (ID = 57300)
8:52 PM: Warning: Failed to read file "c:\documents and settings\dad\local settings\application data\google\google desktop search\dbeam". System Error. Code: 32.
The process cannot access the file because it is being used by another process
8:52 PM: Warning: Failed to read file "c:\documents and settings\dad\local settings\application data\google\google desktop search\dbdam". System Error. Code: 32.
The process cannot access the file because it is being used by another process
8:52 PM: File Sweep Complete, Elapsed Time: 00:13:06
8:52 PM: Full Sweep has completed. Elapsed time 00:16:27
8:52 PM: Traces Found: 121
8:53 PM: Removal process initiated
8:53 PM: Quarantining All Traces: comet cursor
8:53 PM: Quarantining All Traces: ist istbar
8:53 PM: Quarantining All Traces: winad
8:53 PM: Quarantining All Traces: yieldmanager cookie
8:53 PM: Quarantining All Traces: atwola cookie
8:54 PM: Quarantining All Traces: realmedia cookie
8:54 PM: Quarantining All Traces: 2o7.net cookie
8:54 PM: Quarantining All Traces: overture cookie
8:54 PM: Quarantining All Traces: centrport net cookie
8:54 PM: Quarantining All Traces: 247realmedia cookie
8:54 PM: Quarantining All Traces: 64.62.232 cookie
8:54 PM: Quarantining All Traces: about cookie
8:54 PM: Quarantining All Traces: adknowledge cookie
8:54 PM: Quarantining All Traces: addynamix cookie
8:54 PM: Quarantining All Traces: pointroll cookie
8:54 PM: Quarantining All Traces: adtech cookie
8:54 PM: Quarantining All Traces: apmebf cookie
8:54 PM: Quarantining All Traces: belnk cookie
8:54 PM: Quarantining All Traces: go.com cookie
8:54 PM: Quarantining All Traces: bluestreak cookie
8:54 PM: Quarantining All Traces: burstnet cookie
8:54 PM: Quarantining All Traces: cardomain cookie
8:54 PM: Quarantining All Traces: adbureau cookie
8:54 PM: Quarantining All Traces: ru4 cookie
8:54 PM: Quarantining All Traces: goclick cookie
8:54 PM: Quarantining All Traces: humanclick cookie
8:54 PM: Quarantining All Traces: hypertracker.com cookie
8:54 PM: Quarantining All Traces: ic-live cookie
8:54 PM: Quarantining All Traces: touchclarity cookie
8:54 PM: Quarantining All Traces: partypoker cookie
8:54 PM: Quarantining All Traces: qksrv cookie
8:54 PM: Quarantining All Traces: questionmarket cookie
8:54 PM: Quarantining All Traces: rc cookie
8:54 PM: Quarantining All Traces: web-stat cookie
8:54 PM: Quarantining All Traces: dealtime cookie
8:54 PM: Quarantining All Traces: onestat.com cookie
8:54 PM: Quarantining All Traces: statcounter cookie
8:54 PM: Quarantining All Traces: webtrendslive cookie
8:54 PM: Quarantining All Traces: tracking cookie
8:54 PM: Quarantining All Traces: tradedoubler cookie
8:54 PM: Quarantining All Traces: myaffiliateprogram.com cookie
8:54 PM: Quarantining All Traces: adserver cookie
8:54 PM: Quarantining All Traces: atlas dmt cookie
8:54 PM: Quarantining All Traces: fastclick cookie
8:54 PM: Quarantining All Traces: gain-supported software
8:54 PM: Quarantining All Traces: cydoor peer-to-peer dependency
8:55 PM: Removal process completed. Elapsed time 00:01:57
9:03 PM: Hosts file is too large.
9:29 PM: Program Version 4.0.4 (Build 430) Using Spyware Definitions 552
9:30 PM: |··· End of Session, Monday, October 10, 2005 ···|
********
8:18 PM: |··· Start of Session, Monday, October 10, 2005 ···|
8:18 PM: Spy Sweeper started
8:19 PM: Hosts file is too large.
8:21 PM: Updating spyware definitions
8:21 PM: Your definitions are up to date.
8:21 PM: Updating spyware definitions
8:21 PM: Your definitions are up to date.
8:36 PM: Hosts file is too large.
8:36 PM: |··· End of Session, Monday, October 10, 2005 ···|
Then I restrated to normal mode; logged-on as my wife and ran HJT. Here's the log. Still no sign of the Comet Systems Warning.
Logfile of HijackThis v1.99.1
Scan saved at 9:43:37 PM, on 10/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\DOCUME~1\Dad\MYDOCU~1\DIAGNO~1\MOVIEL~1\MOVIEL~3.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\RAM Idle\RAM_XP.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Hijack This\HijackThis.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.bbc.com/R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.cnn.com/O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCaptureBho Object - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_1.dll (file missing)
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Ad-watch] C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
O4 - HKLM\..\Run: [LoadMSvcmm] "C:\Documents and Settings\Dad\My Documents\diagnostics\MovielinkManager\Movielink User.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RAM Idle Professional] C:\Program Files\RAM Idle\RAM_XP.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Debug ] C:\WINDOWS\SMSS.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: Yahoo! Pool 2 -
http://download.game...ts/y/pote_x.cabO16 - DPF: Yahoo! Pyramids -
http://download.game...ts/y/pyt1_x.cabO16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -
http://www.pcpitstop...p/PCPitStop.CABO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=39204O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) -
http://ftp.hp.com/pu...er/isetupML.cabO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Movielink Core Service - Unknown owner - C:\DOCUME~1\Dad\MYDOCU~1\DIAGNO~1\MOVIEL~1\MOVIEL~3.EXE (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
How's it look?
Any more reccomendations on useless crap to remove?
Thanks