[The Legitimate One]

Just to provide a brief description of the problem I'm attempting to fix. System boots up fine and randomly restarts itself. Generally it does this when browsing websites as if the content on the page makes the thing glitch. Obviously I'm not sure if it's the result of malware or just something grossly wrong with the CPU. Any assistance is greatly appreciated. Cheers!

Hijack This Log:

Logfile of HijackThis v1.99.1
Scan saved at 8:02:47 PM, on 9/4/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINNT\system32\Brmfrmps.exe
C:\WINNT\system32\BrmfRsmg.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINNT\System32\sistray.EXE
C:\WINNT\System32\keyhook.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\Sunbelt Software\iHateSpam\siService.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\system32\RunDll32.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Sunbelt Software\iHateSpam\siMailProxyServer.exe
C:\Program Files\Sunbelt Software\iHateSpam\siSpamFilterEngine.exe
C:\Program Files\Scansoft\PaperPort\PopUp\SmartUI.exe
C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe
C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
C:\Program Files\InterVideo\DVD5R\SchSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Reality Fusion\Reality Fusion GameCam SE\Program\RFTRay.exe
C:\Program Files\Scansoft\PaperPort\PPLinks.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINNT\system32\wuauclt.exe
C:\Documents and Settings\Bonnie S Satterfield\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nytimes.com/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SiS Tray] C:\WINNT\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINNT\System32\keyhook.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe
O4 - HKLM\..\Run: [siService.exe] "C:\Program Files\Sunbelt Software\iHateSpam\siService.exe"
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [FastTVSync] "C:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe"
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Brother SmartUI PopUp.lnk = C:\Program Files\Scansoft\PaperPort\PopUp\SmartUI.exe
O4 - Global Startup: CorelCENTRAL 9.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\ccwin9.exe
O4 - Global Startup: CorelCENTRAL Alarms.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe
O4 - Global Startup: Desktop Application Director 9.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
O4 - Global Startup: InterVideo Scheduler server.lnk = C:\Program Files\InterVideo\DVD5R\SchSvr.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Reality Fusion GameCam SE.lnk = C:\Program Files\Reality Fusion\Reality Fusion GameCam SE\Program\RFTRay.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\system32\Shdocvw.dll
O9 - Extra button: Add to Library - {ECDCA4E5-DE44-4b94-8F46-CD0D5B4895FC} - C:\PROGRAM FILES\AMICUS50\Research\GetTags.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.co...ALStreaming.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINNT\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

[Advertisements]

Hi, The Legitimate One
Welcome to Geeks to go

Sorry about the delay in replying to your post, the forums have been very busy lately. As it's been a few days since your origional post, please could you post a new HJT log for me to see.

Also
Please do an online virus scan with Panda ActiveScan Here. You need to use Internet Explorer for this scan.

• Once you get to the Panda site, scroll down a bit and click on Scan your PC
• A new window will appear; click on Check Now!
• A new window will appear; fill in the boxes (Country, State, email addy)
• Click on Scan Now! >
  If you have never used ActiveScan before, you will be prompted to install an ActiveX control (asinst.cab) : click on Install. Panda will install the component, and then install the latest signature files.
• From "Select a device to scan...", choose "My Computer"
• Allow the scan to run. It'll take a while.
• When complete, click on "See Report", and then on "Save report"; save it to a convenient location.
• I will need you to post that report in your next reply; simply open the text file, then copy/paste the content here.

Andy

[andydf]

Hi, The Legitimate One
Welcome to Geeks to go

Sorry about the delay in replying to your post, the forums have been very busy lately. As it's been a few days since your origional post, please could you post a new HJT log for me to see.

Also
Please do an online virus scan with Panda ActiveScan Here. You need to use Internet Explorer for this scan.

• Once you get to the Panda site, scroll down a bit and click on Scan your PC
• A new window will appear; click on Check Now!
• A new window will appear; fill in the boxes (Country, State, email addy)
• Click on Scan Now! >
  If you have never used ActiveScan before, you will be prompted to install an ActiveX control (asinst.cab) : click on Install. Panda will install the component, and then install the latest signature files.
• From "Select a device to scan...", choose "My Computer"
• Allow the scan to run. It'll take a while.
• When complete, click on "See Report", and then on "Save report"; save it to a convenient location.
• I will need you to post that report in your next reply; simply open the text file, then copy/paste the content here.

Andy

[The Legitimate One]

Alrighty, after six unwanted restarts here is the Pandascan report:

Incident Status Location

Adware:adware/swimsuitnetwork Not disinfected c:\winnt\system32\MYDLL.dll
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt[.servedby.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt[.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt[.servedby.advertising.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt[.atdmt.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt[.doubleclick.net/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt[.overture.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt[.tribalfusion.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt[.go.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt[.perf.overture.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt[.questionmarket.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt[.zedo.com/]
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt[.centrport.net/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt[.fastclick.net/]
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt[.target.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt[.ads.pointroll.com/]
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt[.tickle.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt[ad.yieldmanager.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt[.realmedia.com/]
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt[.ct.360i.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt[.belnk.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt[.ath.belnk.com/]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt[.valueclick.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt[.maxserving.com/]
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt[www48.seeq.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt[.bluestreak.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt[.atwola.com/]
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt[.qksrv.net/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt[.mediaplex.com/]
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt[.qksrv.net/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt[.apmebf.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt[.bravenet.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt[.casalemedia.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt[server.iad.liveperson.net/hc/2312982]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt[.serving-sys.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt[.trafficmp.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt[bs.serving-sys.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt[.247realmedia.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt[.z1.adserver.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt[.dist.belnk.com/]
Spyware:Cookie/Adviva Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt[.adviva.net/]
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt[.webpower.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt[server.iad.liveperson.net/hc/LPtimex]
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt[.bfast.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt[.tradedoubler.com/]
Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt[.weborama.fr/]
Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt[.targetnet.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt[server.iad.liveperson.net/hc/24871359]
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt[hc2.humanclick.com/]
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt[hc2.humanclick.com/hc/58340112]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt[.hitbox.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies.txt[.atdmt.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies.txt[.advertising.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies.txt[.advertising.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies.txt[.fastclick.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies.txt[.realmedia.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies.txt[.trafficmp.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies.txt[.mediaplex.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\zrktqym5.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\zrktqym5.default\cookies.txt[.2o7.net/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\zrktqym5.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\zrktqym5.default\cookies.txt[.adtech.de/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\zrktqym5.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\zrktqym5.default\cookies.txt[.ath.belnk.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\zrktqym5.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\zrktqym5.default\cookies.txt[.belnk.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\zrktqym5.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\zrktqym5.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\zrktqym5.default\cookies.txt[.centrport.net/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\zrktqym5.default\cookies.txt[.com.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\zrktqym5.default\cookies.txt[.dist.belnk.com/]
Spyware:Cookie/Euniverseads Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\zrktqym5.default\cookies.txt[.euniverseads.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\zrktqym5.default\cookies.txt[.go.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\zrktqym5.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\zrktqym5.default\cookies.txt[.overture.com/]
Spyware:Cookie/Peel Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\zrktqym5.default\cookies.txt[.peel.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\zrktqym5.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\zrktqym5.default\cookies.txt[.qksrv.net/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\zrktqym5.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\zrktqym5.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\zrktqym5.default\cookies.txt[.revenue.net/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\zrktqym5.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\zrktqym5.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\zrktqym5.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\zrktqym5.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\zrktqym5.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\zrktqym5.default\cookies.txt[.webpower.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\zrktqym5.default\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\zrktqym5.default\cookies.txt[.zedo.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\zrktqym5.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\zrktqym5.default\cookies.txt[hc2.humanclick.com/]
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\zrktqym5.default\cookies.txt[hc2.humanclick.com/hc/34414543]
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\zrktqym5.default\cookies.txt[rightmedia.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\zrktqym5.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\zrktqym5.default\cookies.txt[server.iad.liveperson.net/hc/41409448]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\zrktqym5.default\cookies.txt[server.iad.liveperson.net/hc/54620371]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\zrktqym5.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Cookies\bonnie s satterfield@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Cookies\bonnie s satterfield@atwola[1].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Cookies\bonnie s satterfield@banner[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Cookies\bonnie s satterfield@doubleclick[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Cookies\bonnie s satterfield@mediaplex[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Cookies\bonnie s satterfield@questionmarket[1].txt
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Cookies\bonnie s satterfield@webpower[1].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Bonnie S Satterfield\Cookies\bonnie s [email protected][1].txt


And as requested today's HJT Log (only two restarts to get this one):

Logfile of HijackThis v1.99.1
Scan saved at 2:04:41 PM, on 9/15/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINNT\system32\Brmfrmps.exe
C:\WINNT\system32\BrmfRsmg.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\sistray.EXE
C:\WINNT\System32\keyhook.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Scansoft\PaperPort\PopUp\SmartUI.exe
C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe
C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
C:\Program Files\InterVideo\DVD5R\SchSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Scansoft\PaperPort\PPLinks.exe
C:\WINNT\system32\wuauclt.exe
C:\Documents and Settings\Bonnie S Satterfield\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nytimes.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SiS Tray] C:\WINNT\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINNT\System32\keyhook.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [FastTVSync] "C:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe"
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Brother SmartUI PopUp.lnk = C:\Program Files\Scansoft\PaperPort\PopUp\SmartUI.exe
O4 - Global Startup: CorelCENTRAL 9.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\ccwin9.exe
O4 - Global Startup: CorelCENTRAL Alarms.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe
O4 - Global Startup: Desktop Application Director 9.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
O4 - Global Startup: InterVideo Scheduler server.lnk = C:\Program Files\InterVideo\DVD5R\SchSvr.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\system32\Shdocvw.dll
O9 - Extra button: Add to Library - {ECDCA4E5-DE44-4b94-8F46-CD0D5B4895FC} - C:\PROGRAM FILES\AMICUS50\Research\GetTags.htm (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.co...ALStreaming.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINNT\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

Thanks again for the assistance!

Edited by The Legitimate One, 15 September 2006 - 12:28 PM.

[andydf]

Hi The Legitimate One

I cannot see anything in your log that would be causing your reboot problems. Lets try a couple of other scans.

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Also
Open Ewido

• Click the Scanner" icon at the top of the screen, then select the "Settings" tab.
• Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
• Under "Reports"
• Select "Automatically generate report after every scan"
• Un-Select "Only if threats were found"

Close ewido anti-spyware, Do Not run a scan just yet, we will shortly.

• Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
  IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess:
• Lauch ewido-anti-spyware by double-clicking the icon on your desktop.
• Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
• ewido will now begin the scanning process, be patient this may take a little time.
  Once the scan is complete do the following:
• If you have any infections you will prompted, then select "Apply all actions"
• Next select the "Reports" icon at the top.
• Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
• Close ewido and reboot your system back into Normal Mode and post the results of the ewido report scan, and a new Hijackthis log.

Andy

[The Legitimate One]

Seems like the process keeps getting faster but it's still rebooting. Got logs!

Ewido Log:

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 5:04:19 PM 9/15/2006

+ Scan result:



:mozilla.572:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.812:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Adocean : No action taken.
:mozilla.813:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Adocean : No action taken.
:mozilla.597:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Adserver : No action taken.
:mozilla.598:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Adserver : No action taken.
:mozilla.599:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Adserver : No action taken.
:mozilla.600:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Adserver : No action taken.
:mozilla.601:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Adserver : No action taken.
:mozilla.15:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.16:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.17:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.18:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.19:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.20:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.21:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.22:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.23:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.24:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.25:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.26:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.27:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.28:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.29:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.30:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.31:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.32:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.33:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.34:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.35:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.36:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.37:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.38:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.39:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.40:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.41:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.42:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.43:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.44:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.45:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.46:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.47:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.48:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.49:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.50:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.51:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.52:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.53:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.54:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.55:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.56:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.57:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.58:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.59:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.60:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.61:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.62:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.63:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.64:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.65:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.697:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Adviva : No action taken.
:mozilla.66:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.755:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Bfast : No action taken.
:mozilla.368:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Bluestreak : No action taken.
:mozilla.592:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Bridgetrack : No action taken.
:mozilla.369:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.449:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.450:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.451:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.452:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.189:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Centrport : No action taken.
:mozilla.480:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Directnetadvertising : No action taken.
:mozilla.71:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.785:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Estat : No action taken.
:mozilla.209:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.210:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.259:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.297:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.303:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.304:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.346:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.365:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.430:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.434:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.435:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.468:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.952:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.385:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.386:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.466:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.467:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.705:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.839:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.419:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.420:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.109:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Overture : No action taken.
:mozilla.110:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Overture : No action taken.
:mozilla.151:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Overture : No action taken.
:mozilla.235:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.236:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.237:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.238:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.418:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Qksrv : No action taken.
:mozilla.421:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Qksrv : No action taken.
:mozilla.173:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.516:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.517:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.518:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.519:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.548:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.821:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Targetnet : No action taken.
:mozilla.822:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Targetnet : No action taken.
:mozilla.780:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.533:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.534:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.535:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.536:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.537:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.538:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.126:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.127:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.342:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Valueclick : No action taken.
:mozilla.343:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Valueclick : No action taken.
:mozilla.494:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Valueclick : No action taken.
:mozilla.132:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Web-stat : No action taken.
:mozilla.133:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Web-stat : No action taken.
:mozilla.134:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Web-stat : No action taken.
:mozilla.135:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Web-stat : No action taken.
:mozilla.136:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Web-stat : No action taken.
:mozilla.137:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Web-stat : No action taken.
:mozilla.782:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Weborama : No action taken.
:mozilla.783:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Weborama : No action taken.
:mozilla.784:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Weborama : No action taken.
:mozilla.249:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.250:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.251:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.180:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.181:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.182:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Zedo : No action taken.


::Report end

HJT newest log:

Logfile of HijackThis v1.99.1
Scan saved at 6:18:34 PM, on 9/15/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINNT\system32\Brmfrmps.exe
C:\WINNT\system32\BrmfRsmg.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\sistray.EXE
C:\WINNT\System32\keyhook.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Scansoft\PaperPort\PopUp\SmartUI.exe
C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe
C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
C:\Program Files\InterVideo\DVD5R\SchSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Scansoft\PaperPort\PPLinks.exe
C:\WINNT\system32\wuauclt.exe
C:\Documents and Settings\Bonnie S Satterfield\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nytimes.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SiS Tray] C:\WINNT\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINNT\System32\keyhook.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [FastTVSync] "C:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe"
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Brother SmartUI PopUp.lnk = C:\Program Files\Scansoft\PaperPort\PopUp\SmartUI.exe
O4 - Global Startup: CorelCENTRAL 9.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\ccwin9.exe
O4 - Global Startup: CorelCENTRAL Alarms.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe
O4 - Global Startup: Desktop Application Director 9.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
O4 - Global Startup: InterVideo Scheduler server.lnk = C:\Program Files\InterVideo\DVD5R\SchSvr.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\system32\Shdocvw.dll
O9 - Extra button: Add to Library - {ECDCA4E5-DE44-4b94-8F46-CD0D5B4895FC} - C:\PROGRAM FILES\AMICUS50\Research\GetTags.htm (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.co...ALStreaming.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINNT\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

Cheers Andy! I think we're onto something....

[andydf]

Hi The Legitimate One

Did you setup Ewido as directed? It did not quarantine the files it found, although what it did find is not a major threat to your PC. Can you run Ewido again but make sure it is set to quarantine what it finds.

When your PC restarts, is it during times when the cpu is under load or does it do it at anytime?

Andy

[The Legitimate One]

Ewido was set up as requested, although I'll give it another go. I ran Ewido before the first HJL as instructed in the "Required steps before posting log" post. It restarted four times before I got it to complete the scan. This time it didn't restart at all.

The restarts seem to be at random while actually doing something so I'm guessing it's "under load". I've not been privy to a restart when it's idle. It will even restart at the end of a restart cycle on occasion restarting three to four times in a row.

I will follow the last set of insuctions and repost both ewido and HJT logs and we'll go from there. Stay tuned.

Thanks again.

[The Legitimate One]

I figured out the Ewido issue... I didn't ask it to "perform selected action" (quarantine) after scan.

Ewido Log:
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 1:42:09 PM 9/16/2006

+ Scan result:



:mozilla.572:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
:mozilla.812:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Adocean : Cleaned with backup (quarantined).
:mozilla.813:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Adocean : Cleaned with backup (quarantined).
:mozilla.597:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.598:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.599:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.600:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.601:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.15:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.16:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.17:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.18:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.19:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.20:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.21:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.22:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.23:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.24:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.25:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.26:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.27:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.28:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.29:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.30:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.31:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.32:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.33:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.34:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.35:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.36:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.37:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.38:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.39:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.40:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.41:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.42:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.43:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.44:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.45:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.46:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.47:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.48:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.49:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.50:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.51:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.52:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.53:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.54:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.55:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.56:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.57:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.58:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.59:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.60:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.61:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.62:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.63:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.64:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.65:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.697:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Adviva : Cleaned with backup (quarantined).
:mozilla.66:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.755:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Bfast : Cleaned with backup (quarantined).
:mozilla.368:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
:mozilla.592:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
:mozilla.369:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.449:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.450:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.451:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.452:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.189:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Centrport : Cleaned with backup (quarantined).
:mozilla.480:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Directnetadvertising : Cleaned with backup (quarantined).
:mozilla.71:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.785:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Estat : Cleaned with backup (quarantined).
:mozilla.209:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.210:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.259:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.297:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.303:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.304:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.346:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.365:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.430:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.434:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.435:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.468:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.952:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.385:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.386:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.466:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.467:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.705:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.839:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.419:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
:mozilla.420:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
:mozilla.109:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.110:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.151:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.235:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.236:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.237:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.238:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.418:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
:mozilla.421:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
:mozilla.173:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.516:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.517:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.518:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.519:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.548:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.821:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Targetnet : Cleaned with backup (quarantined).
:mozilla.822:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Targetnet : Cleaned with backup (quarantined).
:mozilla.780:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
:mozilla.533:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.534:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.535:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.536:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.537:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.538:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.126:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.127:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.342:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
:mozilla.343:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
:mozilla.494:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
:mozilla.132:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
:mozilla.133:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
:mozilla.134:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
:mozilla.135:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
:mozilla.136:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
:mozilla.137:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
:mozilla.782:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Weborama : Cleaned with backup (quarantined).
:mozilla.783:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Weborama : Cleaned with backup (quarantined).
:mozilla.784:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Weborama : Cleaned with backup (quarantined).
:mozilla.249:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.250:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.251:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.180:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.181:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.182:C:\Documents and Settings\Bonnie S Satterfield\Application Data\Mozilla\Firefox\Profiles\fw4sujp1.Default User\cookies-1.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).


::Report end

And the ever popular HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 1:48:50 PM, on 9/16/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINNT\system32\Brmfrmps.exe
C:\WINNT\system32\BrmfRsmg.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\sistray.EXE
C:\WINNT\System32\keyhook.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Scansoft\PaperPort\PopUp\SmartUI.exe
C:\Program Files\Corel\WordPerfect Office 2000\programs\ccwin9.exe
C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe
C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
C:\Program Files\InterVideo\DVD5R\SchSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Scansoft\PaperPort\PPLinks.exe
C:\WINNT\system32\wuauclt.exe
C:\Documents and Settings\Bonnie S Satterfield\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nytimes.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SiS Tray] C:\WINNT\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINNT\System32\keyhook.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [FastTVSync] "C:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe"
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Brother SmartUI PopUp.lnk = C:\Program Files\Scansoft\PaperPort\PopUp\SmartUI.exe
O4 - Global Startup: CorelCENTRAL 9.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\ccwin9.exe
O4 - Global Startup: CorelCENTRAL Alarms.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe
O4 - Global Startup: Desktop Application Director 9.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
O4 - Global Startup: InterVideo Scheduler server.lnk = C:\Program Files\InterVideo\DVD5R\SchSvr.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\system32\Shdocvw.dll
O9 - Extra button: Add to Library - {ECDCA4E5-DE44-4b94-8F46-CD0D5B4895FC} - C:\PROGRAM FILES\AMICUS50\Research\GetTags.htm (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.co...ALStreaming.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINNT\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

Not a single restart during either this time!

[andydf]

Hi The Legitimate One

How are things running now, are you still getting restarts?

Your log is clean

We have a couple of last steps to perform and then you're all set.

First, let's clean your restore points and set a new one:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)1. Turn off System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Restart your computer.

3. Turn ON System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]System Restore will now be active again.

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:

• SpywareBlaster to help prevent spyware from installing in the first place.
• SpywareGuard to catch and block spyware before it can execute.
• IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.

You should also have a good firewall. Here are 2 free ones available for personal use:

• Kerio Personal Firewall
• ZoneAlarm

and a good antivirus (these are also free for personal use):

• AVG Anti-Virus
• Avast Home Edition

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

• Microsoft Windows Update

monthly. And to keep your system clean run these free malware scanners

• AdAware SE Personal
• Spybot Search & Destroy

weekly, and be aware of what emails you open and websites you visit.

To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?

Andy