hjt log

[jholland1964]

You may think I am having you redo certain things, the problem is you have not told me for sure earlier if you followed a specific step. When given steps you are not following them in the order given. There are reasons for doing these items in certain order.
Download, install and update this 30 day free trial of Trojan Hunter
Do NOT run it yet.

Update your Nortons. Do NOT run it yet.

Update the AVG anti-spy program. Do NOT run it yet.

Now when you ran this latest HJT scan you had entirely TOO many processes running in the background, many I had not seen before in your other logs;
Limewire for instance. Turn this off and don't run it whle running HJT or cleaning the computer. Which also could be where some of your problems have arisen from...P2P sharing can bring in a lot of nasty items.
Firefox. This is your browser of course but the first rule when running HJT is close all browsers.
RealOnePlayer Updater...totally unnecessary and can be run manually.
Alcohol Soft
uTorrent
Digidesign
Windows Messenger
MAFWTaskbarApplication
Gear CD Burning Software

Turn off all of the above when you run your next HJT scan.

Now Reboot to SAFE MODE.
First run your Norton program, full system scan. Have it FIX whatever is found.
Next run the Trojan Hunter program. Have it fix whatever is found.
Next run the AVG program. Have it fix whatever is found.

Reboot the computer to NORMAL MODE. Make ABSOLUTELY CERTAIN that all of the noted programs above are TURNED OFF and run a new HJT scan. Save the log and post it here along with the latest AVG log.

[philentropy]

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 4:59:02 AM 11/12/2006

+ Scan result:



HKU\S-1-5-21-1214440339-879983540-725345543-1000\Software\Kazaa\Promotions\Cydoor -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1214440339-879983540-725345543-1000\Software\Kazaa\Promotions\Cydoor\Adwr_329 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1214440339-879983540-725345543-1000\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_4 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1214440339-879983540-725345543-1000\Software\Kazaa\Promotions\Cydoor\Adwr_329\Ser vices -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1214440339-879983540-725345543-1000\Software\Kazaa\Promotions\Cydoor\Adwr_329\Ser vices\Queue -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1214440339-879983540-725345543-1000\Software\Dvx -> Adware.Delfin : Cleaned.
:mozilla.26:C:\Documents and Settings\biko\Application Data\Mozilla\Firefox\Profiles\i8s65z5h.Martin\cook ies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.27:C:\Documents and Settings\biko\Application Data\Mozilla\Firefox\Profiles\i8s65z5h.Martin\cook ies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.28:C:\Documents and Settings\biko\Application Data\Mozilla\Firefox\Profiles\i8s65z5h.Martin\cook ies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.98:C:\Documents and Settings\biko\Application Data\Mozilla\Firefox\Profiles\i8s65z5h.Martin\cook ies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.147:C:\Documents and Settings\biko\Application Data\Mozilla\Firefox\Profiles\i8s65z5h.Martin\cook ies.txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.30:C:\Documents and Settings\biko\Application Data\Mozilla\Firefox\Profiles\i8s65z5h.Martin\cook ies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.101:C:\Documents and Settings\biko\Application Data\Mozilla\Firefox\Profiles\i8s65z5h.Martin\cook ies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.102:C:\Documents and Settings\biko\Application Data\Mozilla\Firefox\Profiles\i8s65z5h.Martin\cook ies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.103:C:\Documents and Settings\biko\Application Data\Mozilla\Firefox\Profiles\i8s65z5h.Martin\cook ies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.71:C:\Documents and Settings\biko\Application Data\Mozilla\Firefox\Profiles\i8s65z5h.Martin\cook ies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.72:C:\Documents and Settings\biko\Application Data\Mozilla\Firefox\Profiles\i8s65z5h.Martin\cook ies.txt -> TrackingCookie.Yieldmanager : Cleaned.


::Report end

Logfile of HijackThis v1.99.1
Scan saved at 8:10:49 AM, on 11/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\HiJackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] "C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2H1 .EXE" /P30 "EPSON Stylus Photo R200 Series" /O6 "USB002" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] "C:\PROGRA~1\SYMNET~1\SNDMon.exe" /Consumer
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [k6mmN5IOU] "C:\WINNT\system32\wfxqhv.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [DigidesignMMERefresh] "C:\Program Files\Digidesign\Drivers\MMERefresh.exe"
O4 - HKLM\..\Run: [MAFWTaskbarApp] C:\WINNT\system32\MAFWTray.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - HKLM\..\RunServices: [Windows Updater] paste.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/reso...scbase8460.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1134880047125
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1133155693185
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: cinnamomum - {93ac7c30-3878-4eaa-9420-7977285df5b1} - (no file)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINNT\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

[philentropy]

Registry scan
No suspicious entries found
Inifile scan
No suspicious entries found
Port scan
No suspicious open ports found
Memory scan
No trojans found in memory
File scan
Error: Directory not found: C:\Documents and Settings\biko\Application Data\??mantec
Found NTFS alternate data stream: C:\Documents and Settings\biko\Desktop\IE7BETA3- -nib21.rar
Warning: Executable file with double extensions found: C:\WINNT\assembly\GAC\Microsoft.VisualBasic.Vsa\7. 0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.V sa.dll
Warning: Executable file with double extensions found: C:\WINNT\assembly\GAC\Microsoft.Vsa\7.0.5000.0__b0 3f5f7f11d50a3a\Microsoft.Vsa.dll
Warning: Executable file with double extensions found: C:\WINNT\assembly\GAC\System.Web\1.0.5000.0__b03f5 f7f11d50a3a\System.Web.dll
Warning: Executable file with double extensions found: C:\WINNT\assembly\GAC\System.Xml\1.0.5000.0__b77a5 c561934e089\System.XML.dll
Warning: Executable file with double extensions found: C:\WINNT\assembly\NativeImages1_v1.1.4322\System.X ml\1.0.5000.0__b77a5c561934e089_4d04b668\System.Xm l.dll
Warning: Executable file with double extensions found: C:\WINNT\assembly\NativeImages1_v1.1.4322\System.X ml\1.0.5000.0__b77a5c561934e089_971e429b\System.Xm l.dll
Warning: Executable file with double extensions found: C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Microso ft.VisualBasic.Vsa.dll
Warning: Executable file with double extensions found: C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Microso ft.Vsa.dll
Warning: Executable file with double extensions found: C:\WINNT\Microsoft.NET\Framework\v1.1.4322\System. Web.dll
Warning: Executable file with double extensions found: C:\WINNT\Microsoft.NET\Framework\v1.1.4322\System. XML.dll
C:\WINNT\system32\drivers\sptd.sys Not scanned (in use by another application)
C:\WINNT\system32\drivers\sptd7997.sys Not scanned (in use by another application)
C:\WINNT\system32\drivers\vaxscsi.sys Not scanned (in use by another application)
No trojan files found
18233 files scanned in 15417 seconds

[jholland1964]

Turn off the following programs for the time being;
Windows Defender
BitTorrent
Digidesign

Also, stop Trojan Hunter from running in the background. We just wanted to use the scanner portion of the program.

Was the Trojan Hunter run in SAFE MODE? The trojan is still there in your HJT log. Did you run the HJT scan before or after you ran Trojan Hunter?


Reboot to SAFE MODE. Run Trojan Hunter again. Have it fix whatever is found.
Still in SAFE MODE
go to "C":\WINNT\system32\
Look for and delete this file wfxqhv.exe

Reboot to Normal Mode.
Run HJT again and place a checkmark next to the following entry if it still remains;
O4 - HKLM\..\Run: [k6mmN5IOU] "C:\WINNT\system32\wfxqhv.exe"
When you have placed the checkmark click the FIX button.
Exit HJT.
Reboot. Run HJT again and post the NEW log here.

[philentropy]

What do you mean "turn off" (Digidesign, Bittorent and WindowsDefender)? I deleted Bittorent from C:\Program Files.

Yes, Trojan Hunter run in SAFE MODE. No, I Did not run the HJT scan before or after you ran Trojan Hunter.


Logfile of HijackThis v1.99.1
Scan saved at 8:03:29 AM, on 11/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2H1. EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINNT\system32\MAFWTray.exe
C:\Program Files\TrojanHunter 4.6\THGuard.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\WINNT\System32\GEARSec.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINNT\system32\tcpsvcs.exe
C:\WINNT\System32\snmp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\mqsvc.exe
C:\WINNT\system32\msiexec.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HiJackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] "C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2H1 .EXE" /P30 "EPSON Stylus Photo R200 Series" /O6 "USB002" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] "C:\PROGRA~1\SYMNET~1\SNDMon.exe" /Consumer
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [DigidesignMMERefresh] "C:\Program Files\Digidesign\Drivers\MMERefresh.exe"
O4 - HKLM\..\Run: [MAFWTaskbarApp] C:\WINNT\system32\MAFWTray.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - HKLM\..\RunServices: [Windows Updater] paste.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/reso...scbase8460.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1134880047125
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1133155693185
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: cinnamomum - {93ac7c30-3878-4eaa-9420-7977285df5b1} - (no file)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINNT\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Registry scan
No suspicious entries found
Inifile scan
No suspicious entries found
Port scan
No suspicious open ports found
Memory scan
No trojans found in memory
File scan
Error: Directory not found: C:\Documents and Settings\John\Application Data\??mantec
Found NTFS alternate data stream: C:\Documents and Settings\John\Desktop\IE7BETA3-WindowsXP-x86-enu.exe:Zone.Identifier:$DATA (View ADS stream...) (Delete ADS stream)
Found NTFS alternate data stream: C:\Documents and Settings\John\Desktop\Peff030-RB303.zip:Zone.Identifier:$DATA (View ADS stream...) (Delete ADS stream)
Found NTFS alternate data stream: C:\Documents and Settings\John\Desktop\reason dl\8-BIT.Magic.ZX.Spectrum.and.C64.refill.zip:Zone.Iden tifier:$DATA (View ADS stream...) (Delete ADS stream)
Found NTFS alternate data stream: C:\Documents and Settings\John\Desktop\reason dl\808_and_909_drum_samples.zip:Zone.Identifier:$D ATA (View ADS stream...) (Delete ADS stream)
Found NTFS alternate data stream: C:\Documents and Settings\John\Desktop\reason dl\808_Reason_Drum_Kit.zip:Zone.Identifier:$DATA (View ADS stream...) (Delete ADS stream)
Found NTFS alternate data stream: C:\Documents and Settings\John\Desktop\reason dl\additive_V10.zip:Zone.Identifier:$DATA (View ADS stream...) (Delete ADS stream)
Found NTFS alternate data stream: C:\Documents and Settings\John\Desktop\reason dl\analognightdemo.zip:Zone.Identifier:$DATA (View ADS stream...) (Delete ADS stream)
Warning: Executable file with double extensions found: C:\WINNT\assembly\GAC\Microsoft.VisualBasic.Vsa\7. 0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.V sa.dll
Warning: Executable file with double extensions found: C:\WINNT\assembly\GAC\Microsoft.Vsa\7.0.5000.0__b0 3f5f7f11d50a3a\Microsoft.Vsa.dll
Warning: Executable file with double extensions found: C:\WINNT\assembly\GAC\System.Web\1.0.5000.0__b03f5 f7f11d50a3a\System.Web.dll
Warning: Executable file with double extensions found: C:\WINNT\assembly\GAC\System.Xml\1.0.5000.0__b77a5 c561934e089\System.XML.dll
Warning: Executable file with double extensions found: C:\WINNT\assembly\NativeImages1_v1.1.4322\System.X ml\1.0.5000.0__b77a5c561934e089_4d04b668\System.Xm l.dll
Warning: Executable file with double extensions found: C:\WINNT\assembly\NativeImages1_v1.1.4322\System.X ml\1.0.5000.0__b77a5c561934e089_971e429b\System.Xm l.dll
Warning: Executable file with double extensions found: C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Microso ft.VisualBasic.Vsa.dll
Warning: Executable file with double extensions found: C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Microso ft.Vsa.dll
Warning: Executable file with double extensions found: C:\WINNT\Microsoft.NET\Framework\v1.1.4322\System. Web.dll
Warning: Executable file with double extensions found: C:\WINNT\Microsoft.NET\Framework\v1.1.4322\System. XML.dll
C:\WINNT\system32\drivers\sptd.sys Not scanned (in use by another application)
C:\WINNT\system32\drivers\sptd7997.sys Not scanned (in use by another application)
C:\WINNT\system32\drivers\vaxscsi.sys Not scanned (in use by another application)
No trojan files found
18424 files scanned in 15944 seconds

[jholland1964]

What do you mean "turn off" (Digidesign, Bittorent and WindowsDefender)?

Stop them from starting automatically when the computer is booted. "Someplace" in each program is a place to set options, one of those options is to start up when the computer starts up. I have already once given you the instructions on how to TURN OFF Windows Defender, but here they are again;

Open Windows Defender, Click on Tools, General Settings.
Scroll down and uncheck Turn on real-time protection (recommended).
After you uncheck this, click on the Save button and close Windows Defender.
Now you obviously did not do this because it is still showing in your log as running with this entry;
C:\Program Files\Windows Defender\MSASCui.exe and it shows in the start up files here;
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

The windows defender could interfere with the fixes we are trying to make. You can turn it back on when the fixes are complete. The other programs are not required for the smooth running of the computer and can be run manually.

No, I Did not run the HJT scan before or after you ran Trojan Hunter.

Honestly have no clue what you mean by the above statement.
What you should do is run the Trojan scan BEFORE you run HJT.

HJT should be the very LAST thing that you do.

I am sorry but this all is somewhat frustrating. If you are asked to do various steps then you must do them all, NOTHING else, and do them in the order requested.
I really get the feeling here that you are not following instructions or doing them haphazardly. They must be followed precisely.

In my post #31 I specifically asked you to do the following;

Now when you ran this latest HJT scan you had entirely TOO many processes running in the background, many I had not seen before in your other logs;
Limewire for instance. Turn this off and don't run it whle running HJT or cleaning the computer. Which also could be where some of your problems have arisen from...P2P sharing can bring in a lot of nasty items.
Firefox. This is your browser of course but the first rule when running HJT is close all browsers.
RealOnePlayer Updater...totally unnecessary and can be run manually.
Alcohol Soft
uTorrent
Digidesign
Windows Messenger
MAFWTaskbarApplication
Gear CD Burning Software

Turn off all of the above when you run your next HJT scan.

However, the only programs not running with the latest HJT scan were Limewire and Firefox. The rest I requested that you turn off were still running.
You did not do the steps in the order given OR in the way they were given;

Now Reboot to SAFE MODE.
First run your Norton program, full system scan. Have it FIX whatever is found.
Next run the Trojan Hunter program. Have it fix whatever is found.
Next run the AVG program. Have it fix whatever is found.

Reboot the computer to NORMAL MODE. Make ABSOLUTELY CERTAIN that all of the noted programs above are TURNED OFF and run a new HJT scan. Save the log and post it here along with the latest AVG log.

The only two logs I requested were the AVG and the HJT.
Now I would like you to try it again. But I want to add one step which you must do FIRST before you do any of the others.
Go to Start, Control Panel, Administrative Tools, Services.
One that opens I want you to scroll down, and they are in alphabetical order, to this one inetsrv.
If it is there I want you to DOUBLE CLICK it to open a box describing the entry. In that box there called Start Up Type. I want you to DISABLE that service.
Next, in that same box there are four buttons and I want you to click the Stop Button. This service should stop.
Now I want you to update the AVG program and update your Norton program.
Now I want you to reboot to SAFE MODE.
First run your Norton Program, fix everything found.
Next run the Trojan Hunter. Fix everything found. Save the log.
Next run the AVG. Fix everything found.Save the log.
Reboot the computer to Normal Mode.
Run a new HJT scan and save the log.
Post back here with all three logs, starting with the Trojan Hunter log.
Next post the AVG log.
Next post the HJT log.

[jholland1964]

philentropy, have no idea where you are since you have not returned since your last post.
Have consulted with others here and PP has suggested the following fixes, and I concur with his recommendations. PLEASE PRINT these out so that you can follow them to the letter;

Download smitRem.exe ©noahdfear, and save the file to your desktop.
Double-click on the smitRem.exe file to extract it to it's own folder on the desktop.
Place a shortcut to Panda ActiveScan on your desktop (in Internet Explorer, right click on Panda ActiveScan link select "Copy Shortcut" then right click on your desktop and select "Paste Shortcut" or in FireFox right-click the link and select "Save Link As" and save it to your desktop).

Download roguescanfix.exe, and save it to your desktop.
Double click roguescanfix.exe to install it. We will use this tool later.

Next, boot into Safe Mode.

Open the smitRem folder on your desktop
Double-click on the RunThis.bat file
The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

Next, open the roguescanfix folder, and double-click run.bat.
Your desktop and icons will disappear and then reappear again, this is normal.
Wait till te message "Completed script execution" appear, then click OK.
Click "Exit" to close BFU.
Click "OK" to start the SpywareQuake/Spyfalcon uninstaller, after that click "uninstall".

Next, Run AVG/Ewido:

• Click on Complete System Scan and the scan will begin.
• While the scan is in progress you will be prompted to clean files, click OK
• When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
• Once the scan has completed, there will be a button located on the bottom of the screen named Save report
• Click Save report.
• Save the report .txt file to your desktop.

Close ewido anti-malware.
Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present.

Reboot back into Windows and click the Panda ActiveScan shortcut.

• Once you are on the Panda site click the Scan your PC button.
• A new window will open...click the Check Now button.
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
• If it wants to install an ActiveX component allow it
• It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
• When the download is complete, click on My Computer to start the scan
• When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

1. Please download Brute Force Uninstaller to your destop

• Right click the BFU folder on your desktop, and choose Extract All
• Click "Next"
• In the box to choose where to extract the files to,
• Click "Browse"
• Click on the + sign next to "My Computer"
• Click on "Local Disk "C" or whatever your primary drive is
• Click "Make New Folder"
• Type in BFU
• Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".

2. RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).

3. Open My Computer and navigate to the c:\BFU folder.

• Start the Brute Force Uninstaller by doubleclicking BFU.exe

Behind the scriptline to execute field click the folder icon and select alcanshorty.bfu
Press Execute and let the program do it’s job. (You ought to see a progress bar if you did this correctly.)Wait for the complete script execution box to pop up and press OK.Press exit to terminate the BFU program. If you have any questions about the use of BFU, please read BFU Instructions

Now once you have completed all the steps above by running all the programs noted I want you to download and run one more program;

WPFind
Download WinPFind.zip and extract it to your C:\ folder. This will create a folder called WinPFind in the C:\ folder. Inside c:\WinPFind is a file called WinPFind.exe. Double-click on this file to launch the program. Once it is launched, click on the Start Scan button and wait for it to finish. This program will scan large amounts of files on your computer for known patterns so please be patient while it works as it can take a while, upwards to 30 minutes or more.

When it is done, it will show the results of the scan. Save these results as a text file and post back here with this log and the others as requested above.
Judy

[philentropy]

I could not get rid of Gear executable file. I tried to delete it manually and by using Killbox.

Digidesign makes a computer sequencer that I use to record music. I have sought tech support to figure out if I can stop running Digidesign an its soundcard: MAFWTaskbarApplication when booting.

I was not able to fix Gear CD Burning Software with HJT, by manually deleting, or by using Killbox.

All of the other programs listed in post #31 will not run during future HJT scans.

[jholland1964]

Don't worry about the Gear program for now. Just complete, in order, all the instructions in post #37 and then post back with that info requested there.

[philentropy]

Logfile of HijackThis v1.99.1
Scan saved at 6:01:59 PM, on 11/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2H1. EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\system32\MAFWTray.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINNT\system32\tcpsvcs.exe
C:\WINNT\System32\snmp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\mqsvc.exe
C:\WINNT\system32\msiexec.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HiJackThis\HijackThis.exe
C:\WINNT\system32\wuauclt.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] "C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2H1 .EXE" /P30 "EPSON Stylus Photo R200 Series" /O6 "USB002" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] "C:\PROGRA~1\SYMNET~1\SNDMon.exe" /Consumer
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [DigidesignMMERefresh] "C:\Program Files\Digidesign\Drivers\MMERefresh.exe"
O4 - HKLM\..\Run: [MAFWTaskbarApp] C:\WINNT\system32\MAFWTray.exe
O4 - HKLM\..\RunServices: [Windows Updater] paste.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/reso...scbase8460.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1134880047125
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1133155693185
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: cinnamomum - {93ac7c30-3878-4eaa-9420-7977285df5b1} - (no file)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: GEARSecurity - Unknown owner - C:\WINNT\System32\GEARSec.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 5:46:42 PM 11/18/2006

+ Scan result:



:mozilla.45:C:\Documents and Settings\biko\Application Data\Mozilla\Firefox\Profiles\i8s65z5h.Martin\cook ies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.46:C:\Documents and Settings\biko\Application Data\Mozilla\Firefox\Profiles\i8s65z5h.Martin\cook ies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.47:C:\Documents and Settings\biko\Application Data\Mozilla\Firefox\Profiles\i8s65z5h.Martin\cook ies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.165:C:\Documents and Settings\biko\Application Data\Mozilla\Firefox\Profiles\i8s65z5h.Martin\cook ies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.204:C:\Documents and Settings\biko\Application Data\Mozilla\Firefox\Profiles\i8s65z5h.Martin\cook ies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.205:C:\Documents and Settings\biko\Application Data\Mozilla\Firefox\Profiles\i8s65z5h.Martin\cook ies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.213:C:\Documents and Settings\biko\Application Data\Mozilla\Firefox\Profiles\i8s65z5h.Martin\cook ies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.214:C:\Documents and Settings\biko\Application Data\Mozilla\Firefox\Profiles\i8s65z5h.Martin\cook ies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.18:C:\Documents and Settings\biko\Application Data\Mozilla\Firefox\Profiles\i8s65z5h.Martin\cook ies.txt -> TrackingCookie.Com : No action taken.
:mozilla.130:C:\Documents and Settings\biko\Application Data\Mozilla\Firefox\Profiles\i8s65z5h.Martin\cook ies.txt -> TrackingCookie.Masterstats : No action taken.
:mozilla.175:C:\Documents and Settings\biko\Application Data\Mozilla\Firefox\Profiles\i8s65z5h.Martin\cook ies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.176:C:\Documents and Settings\biko\Application Data\Mozilla\Firefox\Profiles\i8s65z5h.Martin\cook ies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.77:C:\Documents and Settings\biko\Application Data\Mozilla\Firefox\Profiles\i8s65z5h.Martin\cook ies.txt -> TrackingCookie.Statcounter : No action taken.


::Report end