Attempted to remove myself, but popups are still nagging me

[sonyaflower]

I tried to follow the self fix-it's, but I still get random pop-ups. I could not figure out what is still causing the pop-ups. Also, the pop-ups are varied, one can be about a job, others for finding adult friends, etc. After running the online Virus Scans, I did see a decrease in the pop-ups, but they are still popping up.


Here is my log.
Logfile of HijackThis v1.99.1
Scan saved at 3:26:01 PM, on 1/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=4061128
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=4061128
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
O4 - HKLM\..\Run: [Dent Sixth Clock Tool] C:\Documents and Settings\All Users\Application Data\Show Dash Dent Sixth\chic dvd.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [sizedrive] C:\DOCUME~1\Sonya\APPLIC~1\LISTLO~1\Wave store.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zone.msn.com/binary/ZAxRcMgr.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...48/mcfscan.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE


I appreciate the help.

[tetonbob]

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Please Download NoLop to your desktop from one of the links below...
Link 1
Link 2
Link 3

We'll use this shortly.

--------------------------------------------------------------------------

Windows Defender

Please disable your Windows Defender Real-time Protection, as it may hinder the removal of some entries.

• Open Windows Defender.
• Click on Tools>Options.
• Scroll down and uncheck "Use real-time protection (recommended)".
• After you uncheck this, click on the Save button and close Windows Defender.

---------------------------------------------------------------------------------------------

• Next, close any other programs you have running as this will require a reboot
• Double click NoLop.exe to run it.
• Now click the button labelled "Search and Destroy"
  <<your computer will now be scanned for infected files>>
• When scanning is finished you will be prompted to reboot only if infected, Click OK
• Now click the "REBOOT" Button.
• A Message should popup from NoLop. If not, double click the program again and it will finish Please Post the contents of C:\NoLop.log along with a fresh HijackThis log

--If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to your system32 folder then rerun the program. --

---------------------------------------------------------------------------------------------

Run a scan in HijackThis. Check each of the following and hit 'Fix checked' if they still exist (make sure not to miss any):

O4 - HKLM\..\Run: [Dent Sixth Clock Tool] C:\Documents and Settings\All Users\Application Data\Show Dash Dent Sixth\chic dvd.exe
O4 - HKCU\..\Run: [sizedrive] C:\DOCUME~1\Sonya\APPLIC~1\LISTLO~1\Wave store.exe

Close HijackThis now.

---------------------------------------------------------------------------------------------

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading, select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Also make sure there is no checkmark beside Hide file extensions for known file types
* Click Yes to confirm and then click OK.

---------------------------------------------------------------------------------------------

Delete the following if they exist:

C:\Documents and Settings\All Users\Application Data\Show Dash Dent Sixth
C:\Documents and Settings\Sonya\Application Data\LISTLO~1<<<this will be a folder, likely with at least a two word name, which begins with the letters LISTLO

---------------------------------------------------------------------------------------------

Download AVG Anti Spyware

Use the link at the bottom of the page under "AVG Anti-Spyware Free for Windows"

• Install AVG Anti Spyware
• Double-click the icon on Desktop to launch AVG
• On the top of the main screen click Shield
• Click the word active to change it to inactive
• On the top of the main screen click Update.
• Then click on Start Update. The update will start and a progress bar will show the updates being installed.
• Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
• Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
• Under "Reports"
  • Select "Automatically generate report after every scan"
  • Un-Select "Only if threats were found"

When you have finished updating, EXIT AVG Anti Spyware. Do Not run a scan just yet, we will shortly.

---------------------------------------------------------------------------------------------

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

• .
  Double-click ATF-Cleaner.exe to run the program.
  Under Main choose: Select All
  Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

---------------------------------------------------------------------------------------------

Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Login on your usual account. Make sure to close any open browsers.

---------------------------------------------------------------------------------------------

Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed)

• Click Scanner
• Click on the Scan tab
• Click Complete System Scan to begin scanning.
  Once the scan is complete do the following:
• If you have any infections you will prompted, then select "Apply all actions"
• Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important).

Restart in normal mode.

---------------------------------------------------------------------------------------------


Perform an online scan with Internet Explorer with Panda ActiveScan

1. Click on located at the bottom of the page.
2. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
3. Enter your e-mail address, country, and state & click "Free Online Scan" *The download of the 8 MB Panda's ActiveX control will take place*

Begin the scan by selecting

• If it finds any malware, it will offer you a report.
• Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
• Click on then click

* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

---------------------------------------------------------------------------------------------

Download fl.zip
Extract the contents to a new folder on your Desktop.
Within the folder, locate & double-click fl.bat.
It should produce a report at c:\findlop.txt. Post the contents of the report in your next reply

---------------------------------------------------------------------------------------------

Run a new HijackThis scan. Save the log file and post it here.

---------------------------------------------------------------------------------------------

Please return with logs from:

NoLOP
AVG Anti-Spyware
Panda
C:\findlop.txt
HJT

[sonyaflower]

Here are the logs as requested (sorry about the delay, I was returning from my trip)

NoLOP:

No report was given – it stated that “no infected files were found.”


Panda:


Incident Status Location

Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Sonya\Cookies\sonya@2o7[2].txt
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Sonya\Cookies\sonya@ads.addynamix[2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Sonya\Cookies\sonya@ads.pointroll[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Sonya\Cookies\sonya@atwola[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Sonya\Cookies\sonya@belnk[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Sonya\Cookies\sonya@bs.serving-sys[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Sonya\Cookies\sonya@burstnet[2].txt
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Sonya\Cookies\sonya@citi.bridgetrack[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Sonya\Cookies\sonya@dist.belnk[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Sonya\Cookies\sonya@overture[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Sonya\Cookies\sonya@perf.overture[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Sonya\Cookies\sonya@questionmarket[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Sonya\Cookies\sonya@realmedia[1].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Sonya\Cookies\sonya@server.iad.liveperson[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Sonya\Cookies\sonya@serving-sys[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Sonya\Cookies\sonya@tribalfusion[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Sonya\Cookies\sonya@www.burstbeacon[1].txt

findlop.txt

Volume in drive C has no label.
Volume Serial Number is B054-9702

Directory of C:\Documents and Settings\All Users\Application Data

01/11/2007 01:47 AM <DIR> Adobe
01/11/2007 09:14 AM <DIR> Borland
01/11/2007 09:13 AM <DIR> Corel
11/28/2006 05:09 AM <DIR> Google
11/28/2006 05:13 AM <DIR> GTek
12/31/2006 11:02 PM 228 hpzinstall.log
11/28/2006 05:03 AM <DIR> InstallShield
08/10/2004 01:13 PM <DIR> SBSI
01/04/2007 08:45 AM <DIR> Sony Corporation
01/20/2007 11:14 PM <DIR> Spybot - Search & Destroy
01/28/2007 09:12 PM <DIR> Symantec
12/08/2006 04:46 PM <DIR> Windows Genuine Advantage
11/28/2006 05:09 AM <DIR> YAHOO
1 File(s) 228 bytes
12 Dir(s) 42,568,048,640 bytes free
Volume in drive C has no label.
Volume Serial Number is B054-9702

Directory of C:\Documents and Settings\Sonya\Application Data

01/11/2007 12:39 AM <DIR> Adobe
01/21/2007 07:42 PM <DIR> AdobeUM
01/19/2007 12:29 AM <DIR> BitRoll
01/11/2007 09:38 AM <DIR> Corel
12/08/2006 07:36 PM <DIR> CyberLink
12/08/2006 08:50 PM <DIR> Google
01/03/2007 11:44 AM <DIR> Hewlett-Packard
08/10/2004 01:08 PM <DIR> Identities
11/28/2006 05:10 AM <DIR> InstallShield
01/19/2007 09:40 AM <DIR> Lavasoft
12/10/2006 01:43 PM <DIR> Leadertech
12/08/2006 03:48 PM <DIR> Macromedia
12/12/2006 09:00 PM <DIR> Microsoft Web Folders
12/29/2006 10:56 PM <DIR> MSNInstaller
01/09/2007 07:33 PM <DIR> Netscape
12/10/2006 01:43 PM <DIR> Sonic
01/04/2007 08:55 AM <DIR> Sony Corporation
12/25/2006 04:36 PM <DIR> Sun
01/28/2007 09:14 PM <DIR> Symantec
12/08/2006 04:11 AM <DIR> Template
01/01/2007 12:57 AM 686 wklnhst.dat
1 File(s) 686 bytes
20 Dir(s) 42,568,048,640 bytes free
Volume in drive C has no label.
Volume Serial Number is B054-9702

Directory of C:\Documents and Settings\Default User\Application Data

11/28/2006 05:22 AM <DIR> .
11/28/2006 05:22 AM <DIR> ..
08/10/2004 12:57 PM 62 desktop.ini
11/28/2006 05:13 AM <DIR> Gtek
1 File(s) 62 bytes
3 Dir(s) 42,568,048,640 bytes free
Volume in drive C has no label.
Volume Serial Number is B054-9702

Directory of C:\Documents and Settings\LocalService\Application Data

Volume in drive C has no label.
Volume Serial Number is B054-9702

Directory of C:\Documents and Settings\NetworkService\Application Data


AVG-Anti-spyware (I hope it ok, I did this one a few days ago, before I returned from my trip - but it was done per your instructions)

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 9:15:52 PM 1/25/2007

+ Scan result:



:mozilla.183:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.205:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.306:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.466:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.474:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.526:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.545:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.565:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.566:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.647:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.730:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.951:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.980:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.981:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.982:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.983:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.984:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.985:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.986:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.987:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.988:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.989:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.990:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.991:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.992:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.993:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.994:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.995:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.996:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.997:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.998:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.999:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.607:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.608:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.1002:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.971:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.974:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.978:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.979:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.120:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.125:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.13:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.14:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.15:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.16:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.17:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.782:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.956:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.836:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.761:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.763:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.764:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.765:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.766:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.961:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.379:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.754:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.762:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.769:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.770:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.771:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.772:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.773:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.343:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.820:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.18:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.733:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.748:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.749:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.799:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.808:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.811:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.812:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.839:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.856:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.887:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.893:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.941:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.942:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.945:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.955:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.963:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.934:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.935:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.936:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.677:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.678:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.679:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.680:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.681:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.972:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.973:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.489:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.490:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.784:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.795:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.823:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.824:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.842:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.843:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.844:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.878:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.879:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.880:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.881:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.882:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.896:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.897:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.898:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.899:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.900:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.901:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.916:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.917:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.959:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.960:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.906:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.251:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Information : Cleaned.
:mozilla.190:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.240:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.344:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.345:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.479:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.480:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.502:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.555:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.556:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.651:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.652:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.653:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.682:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.459:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned.
:mozilla.311:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.312:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.353:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.444:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.445:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.446:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.447:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.233:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.234:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.964:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.965:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.966:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.967:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.968:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.418:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.419:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.420:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.421:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.422:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.822:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.368:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.369:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.333:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.334:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.335:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.338:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.883:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.929:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.225:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.226:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.227:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.235:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.236:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.237:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.238:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.168:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.169:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.456:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.174:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.425:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.435:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.137:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.138:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.139:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.140:C:\Documents and Settings\Sonya\Application Data\Netscape\NSB\Profiles\dimdf7w4.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP58\A0008635.exe -> Trojan.Obfuscated.bk : Cleaned.


::Report end

HJT:

Logfile of HijackThis v1.99.1
Scan saved at 10:34:21 PM, on 1/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=4061128
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=4061128
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zone.msn.com/binary/ZAxRcMgr.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...48/mcfscan.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5861EE7B-8669-4C34-BBE5-A425E7424992}: NameServer = 207.230.202.28 207.230.192.251
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE



That should be it... I hope it did everything right!

[tetonbob]

You did just fine....that looks much better.

How's your system behaving now? Our next steps will be determined by your reply.

[sonyaflower]

No pop-up, no problems

Not sure what I got into, but I am glad it is gone. Will donate appropriately!!

Sonya

[tetonbob]

Clear your IE cookies. Start>Settings>Control Panel>Internet Options>General tab>under Temporary files, click on Delete Cookies.

Well done. Your logs are clean. Any more issues? If not you should be good to go. We still have a few items to address.


Reset hidden/system files and folders

• Click Start.
• Open My Computer.
• Select the Tools menu and click Folder Options.
• Select the View tab.
• Deselect the Show hidden files and folders option.
• Select the Hide file extensions for known types option.
• Select the Hide protected operating system files option.
• Click Yes to confirm.
• Click OK.

Create a new System Restore point

• click Start >> Run - type SYSDM.CPL & press Enter
• select the System Restore Tab
• tick on the checkbox - "Turn off System Restore on all drives"
• click Apply
• then untick the same checkbox & click OK

Enable Windows Auto Update

• Go to Start>Run - type wuaucpl.cpl
• tick on the checkbox - "Automatically download the updates, and install them on the schedule that I specify".
• Click on "OK".

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:

• SpywareBlaster to help prevent spyware from installing in the first place.
  • Install & update SpywareBlaster with the latest definitions.
    After you have updated, click the button - enable protection for all unprotected items
• SpywareGuard to catch and block spyware before it can execute.
  
• SPYBOT - SEARCH & DESTROY
  Download and install Spybot - Search & Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with the program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here
  
• AD-AWARE
  Download and install Ad-Aware. You should use this program to scan your computer on a regular basis just as you would an antivirus software in conjunction with Spybot. A tutorial on installing & using this product can be found here
  
  
• IE-SPYAD - IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • Download IE-SpyAD - Extract the contents to a new folder
    From within the folder, double-click install.bat
    Select Option #2 - Install the new IE-SPYAD list.
    Then return to the main menu.
    Select option #4 - Add the old porn sites domain
  
  
  
• MVPS HOST FILE
  The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.
  • Download Host.zip to your desktop.
  • From your Desktop right-click (hosts.zip) and select:
    Extract All from the menu.
    
  • Click Next, click Next, select the option:
    "Show Extracted files", click Finish
    
  • This will open the newly created hosts folder on your Desktop.
    
  • Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine.
  
  
  
• ANTIVIRUS SOFTWARE
  It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.
  
  Here are a few very good free Antivirus products which are available:
  • AOL Active Virus Shield (powered by Kaspersky Antivirus)
  • Avast!
  • AVG
  • Avira PersonalEdition Classic
  Select one of these, or another of your choice. Do not install more than one antivirus program because they will conflict with each other. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out.

See this link for a listing of some online antivirus scanners:

Anti-Spyware Tutorial

If you do not have a firewall, here are a few free ones available for personal use:

• Comodo Personal Firewall
  
• ZoneAlarm
  
• OutPost Firewall

In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles

• HOW DID I GET INFECTED IN THE FIRST PLACE?
• THE ANTI-SPYWARE TUTORIAL
• MAKING INTERNET EXPLORER SAFER

If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it.

Please respond to this thread one more time so we can mark this thread as resolved.

[sonyaflower]

Great, everything is good to go! Thanks again for your help.