Hello! I m using firefox and i am getting pop ups in IE.... kindly analyis the logs and help me get rid of d unwanted pop ups..... many thanx in advance...


BitDefender Online Scanner - Real Time Virus Report



Generated at: Thu, Feb 07, 2008 - 14:28:49

Scan Info



Scanned Files - 445594

Infected Files- 2


Virus Detected

Adware.Eztrack.C -1

Application.Adware.Savenow.G -1




SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/07/2008 at 12:43 PM

Application Version : 4.0.1106

Core Rules Database Version : 3396
Trace Rules Database Version: 1388

Scan type : Complete Scan
Total Scan Time : 01:38:38

Memory items scanned : 444
Memory threats detected : 0
Registry items scanned : 7147
Registry threats detected : 0
File items scanned : 37032
File threats detected : 1

RootKit.TnCore/Trace
C:\WINDOWS\system32\drivers\core.cache.dsk



---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 2:31:22 PM 2/7/2008

+ Scan result:



F:\System Volume Information\_restore{620514FB-21F1-4E7D-B5FB-51B0F92F1E44}\RP546\A0327103.exe -> Dropper.VB.sm : Cleaned with backup (quarantined).
:mozilla.100:C:\FOUND.059\FILE0000.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.130:C:\FOUND.037\FILE0001.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.130:C:\FOUND.057\FILE0004.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.131:C:\FOUND.037\FILE0001.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.132:C:\FOUND.037\FILE0001.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.150:C:\FOUND.057\FILE0004.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.175:C:\FOUND.057\FILE0004.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.354:C:\FOUND.057\FILE0004.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.374:C:\FOUND.057\FILE0004.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.63:C:\FOUND.059\FILE0000.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.70:C:\FOUND.057\FILE0004.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.71:C:\FOUND.057\FILE0004.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.73:C:\FOUND.057\FILE0004.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.115:C:\FOUND.037\FILE0001.CHK -> TrackingCookie.Adbrite : Cleaned.
:mozilla.116:C:\FOUND.037\FILE0001.CHK -> TrackingCookie.Adbrite : Cleaned.
:mozilla.96:C:\FOUND.037\FILE0001.CHK -> TrackingCookie.Addynamix : Cleaned.
:mozilla.19:C:\FOUND.037\FILE0001.CHK -> TrackingCookie.Advertising : Cleaned.
:mozilla.21:C:\FOUND.037\FILE0001.CHK -> TrackingCookie.Advertising : Cleaned.
:mozilla.22:C:\FOUND.037\FILE0001.CHK -> TrackingCookie.Advertising : Cleaned.
:mozilla.23:C:\FOUND.037\FILE0001.CHK -> TrackingCookie.Advertising : Cleaned.
:mozilla.24:C:\FOUND.037\FILE0001.CHK -> TrackingCookie.Advertising : Cleaned.
:mozilla.20:C:\FOUND.037\FILE0001.CHK -> TrackingCookie.Atdmt : Cleaned.
:mozilla.160:C:\FOUND.037\FILE0001.CHK -> TrackingCookie.Bluemountain : Cleaned.
:mozilla.64:C:\FOUND.037\FILE0001.CHK -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.44:C:\FOUND.037\FILE0001.CHK -> TrackingCookie.Burstnet : Cleaned.
:mozilla.45:C:\FOUND.037\FILE0001.CHK -> TrackingCookie.Burstnet : Cleaned.
:mozilla.46:C:\FOUND.037\FILE0001.CHK -> TrackingCookie.Burstnet : Cleaned.
:mozilla.57:C:\FOUND.037\FILE0001.CHK -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.58:C:\FOUND.037\FILE0001.CHK -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.59:C:\FOUND.037\FILE0001.CHK -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.60:C:\FOUND.037\FILE0001.CHK -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.61:C:\FOUND.037\FILE0001.CHK -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.62:C:\FOUND.037\FILE0001.CHK -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.18:C:\FOUND.037\FILE0001.CHK -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.12:C:\FOUND.037\FILE0001.CHK -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.47:C:\FOUND.057\FILE0004.CHK -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.37:C:\FOUND.037\FILE0001.CHK -> TrackingCookie.Fastclick : Cleaned.
:mozilla.38:C:\FOUND.037\FILE0001.CHK -> TrackingCookie.Fastclick : Cleaned.
:mozilla.39:C:\FOUND.037\FILE0001.CHK -> TrackingCookie.Fastclick : Cleaned.
:mozilla.40:C:\FOUND.037\FILE0001.CHK -> TrackingCookie.Fastclick : Cleaned.
:mozilla.41:C:\FOUND.037\FILE0001.CHK -> TrackingCookie.Fastclick : Cleaned.
:mozilla.42:C:\FOUND.037\FILE0001.CHK -> TrackingCookie.Fastclick : Cleaned.
:mozilla.43:C:\FOUND.037\FILE0001.CHK -> TrackingCookie.Fastclick : Cleaned.
:mozilla.199:C:\FOUND.057\FILE0004.CHK -> TrackingCookie.Hitbox : Cleaned.
:mozilla.200:C:\FOUND.057\FILE0004.CHK -> TrackingCookie.Hitbox : Cleaned.
:mozilla.201:C:\FOUND.057\FILE0004.CHK -> TrackingCookie.Hitbox : Cleaned.
:mozilla.202:C:\FOUND.057\FILE0004.CHK -> TrackingCookie.Hitbox : Cleaned.
:mozilla.203:C:\FOUND.057\FILE0004.CHK -> TrackingCookie.Hitbox : Cleaned.
:mozilla.65:C:\FOUND.054\FILE0015.CHK -> TrackingCookie.Hitbox : Cleaned.
:mozilla.66:C:\FOUND.054\FILE0015.CHK -> TrackingCookie.Hitbox : Cleaned.
:mozilla.67:C:\FOUND.054\FILE0015.CHK -> TrackingCookie.Hitbox : Cleaned.
:mozilla.188:C:\FOUND.057\FILE0004.CHK -> TrackingCookie.Hitslink : Cleaned.
:mozilla.71:C:\FOUND.037\FILE0001.CHK -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.35:C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\0n7654ru.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
C:\Documents and Settings\a\Cookies\a@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.174:C:\FOUND.037\FILE0001.CHK -> TrackingCookie.Onestat : Cleaned.
:mozilla.175:C:\FOUND.037\FILE0001.CHK -> TrackingCookie.Onestat : Cleaned.
:mozilla.39:C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\0n7654ru.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.40:C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\0n7654ru.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.75:C:\FOUND.037\FILE0001.CHK -> TrackingCookie.Overture : Cleaned.
:mozilla.165:C:\FOUND.037\FILE0001.CHK -> TrackingCookie.Pointroll : Cleaned.
:mozilla.166:C:\FOUND.037\FILE0001.CHK -> TrackingCookie.Pointroll : Cleaned.
:mozilla.167:C:\FOUND.037\FILE0001.CHK -> TrackingCookie.Pointroll : Cleaned.
:mozilla.168:C:\FOUND.037\FILE0001.CHK -> TrackingCookie.Pointroll : Cleaned.
:mozilla.91:C:\FOUND.037\FILE0001.CHK -> TrackingCookie.Realmedia : Cleaned.
:mozilla.92:C:\FOUND.037\FILE0001.CHK -> TrackingCookie.Realmedia : Cleaned.
:mozilla.93:C:\FOUND.037\FILE0001.CHK -> TrackingCookie.Realmedia : Cleaned.
:mozilla.73:C:\FOUND.037\FILE0001.CHK -> TrackingCookie.Revsci : Cleaned.
:mozilla.74:C:\FOUND.037\FILE0001.CHK -> TrackingCookie.Revsci : Cleaned.
:mozilla.161:C:\FOUND.037\FILE0001.CHK -> TrackingCookie.Ru4 : Cleaned.
:mozilla.162:C:\FOUND.037\FILE0001.CHK -> TrackingCookie.Ru4 : Cleaned.
:mozilla.163:C:\FOUND.037\FILE0001.CHK -> TrackingCookie.Ru4 : Cleaned.
:mozilla.164:C:\FOUND.037\FILE0001.CHK -> TrackingCookie.Ru4 : Cleaned.
:mozilla.107:C:\FOUND.054\FILE0015.CHK -> TrackingCookie.Statcounter : Cleaned.
:mozilla.117:C:\FOUND.059\FILE0000.CHK -> TrackingCookie.Statcounter : Cleaned.
:mozilla.45:C:\FOUND.057\FILE0004.CHK -> TrackingCookie.Statcounter : Cleaned.
:mozilla.46:C:\FOUND.057\FILE0004.CHK -> TrackingCookie.Statcounter : Cleaned.
:mozilla.83:C:\FOUND.037\FILE0001.CHK -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.84:C:\FOUND.037\FILE0001.CHK -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.85:C:\FOUND.037\FILE0001.CHK -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.86:C:\FOUND.037\FILE0001.CHK -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.87:C:\FOUND.037\FILE0001.CHK -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.88:C:\FOUND.037\FILE0001.CHK -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.89:C:\FOUND.037\FILE0001.CHK -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.90:C:\FOUND.037\FILE0001.CHK -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.47:C:\FOUND.037\FILE0001.CHK -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.100:C:\FOUND.037\FILE0001.CHK -> TrackingCookie.Valuead : Cleaned.
:mozilla.101:C:\FOUND.037\FILE0001.CHK -> TrackingCookie.Valuead : Cleaned.
:mozilla.102:C:\FOUND.037\FILE0001.CHK -> TrackingCookie.Valuead : Cleaned.
:mozilla.97:C:\FOUND.037\FILE0001.CHK -> TrackingCookie.Valuead : Cleaned.
:mozilla.98:C:\FOUND.037\FILE0001.CHK -> TrackingCookie.Valuead : Cleaned.
:mozilla.99:C:\FOUND.037\FILE0001.CHK -> TrackingCookie.Valuead : Cleaned.
:mozilla.135:C:\FOUND.057\FILE0004.CHK -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.359:C:\FOUND.057\FILE0004.CHK -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.76:C:\FOUND.037\FILE0001.CHK -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.77:C:\FOUND.037\FILE0001.CHK -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.110:C:\FOUND.037\FILE0001.CHK -> TrackingCookie.Zedo : Cleaned.
:mozilla.111:C:\FOUND.037\FILE0001.CHK -> TrackingCookie.Zedo : Cleaned.
:mozilla.112:C:\FOUND.037\FILE0001.CHK -> TrackingCookie.Zedo : Cleaned.


::Report end



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:20:20 PM, on 2/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\IDU\IDUServ.exe
C:\Program Files\Alias\Maya 6.5\docs\wrapper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
C:\Program Files\Alias\Maya 6.5\docs\jre\bin\java.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
G:\WinCleaner Memory Optimizer\WinMemOpt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Documents and Settings\a\Desktop\HiJackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://in.rediff.com/index.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
O2 - BHO: &Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: IeHelper Class - {A491D208-B353-490F-B81A-A8A3DC97042D} - C:\WINDOWS\system32\smiehlp.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - (no file)
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - HKCU\..\Run: [WinMem] G:\WinCleaner Memory Optimizer\WinMemOpt.exe
O4 - HKCU\..\Run: [CS Update] copy /Y "C:\Program Files\ActivationManager\ActivationManager.dll.upd" "C:\Program Files\ActivationManager\ActivationManager.dll"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] G:\Picsa\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] G:\Picsa\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download with Star Downloader - C:\Program Files\Star Downloader\sdie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3960A7F-D44B-4133-BEF9-69BD0C0B6A98}: NameServer = 203.94.243.70,203.94.227.70
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Desktop Utilities Service (iHCService) - OSA Technologies, Inc. - C:\Program Files\Intel\IDU\IDUServ.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Maya 6.5 Documentation Server (maya65docserver) - Unknown owner - C:\Program Files\Alias\Maya 6.5\docs\wrapper.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
O23 - Service: RaySat_3dsmax7 Server (RaySat_3dsmax7Server) - Unknown owner - C:\3ds max7\mentalray\satellite\raysat_3dsmax7server.exe
O23 - Service: SRS Labs License Service - SRS Labs - C:\Program Files\Common Files\SRS Labs Shared\Service\srslabslicenseservice.exe
O24 - Desktop Component 0: (no name) - file:///C:/Documents%20and%20Settings/a/Desktop/everest_mackenzie.jpg
O24 - Desktop Component 1: (no name) - http://www.salem.k12.va.us/south/teacher/lounge/daisy.gif

--
End of file - 10806 bytes

imcalvin,
What do you know about Mahanagar Telephone Nigam Ltd. in New Delhi ?
-----------------------------------------------------------
Remove log items with HighjackThis. Start HijackThis (or reveal.exe).
Click Do System Scan Only. When the Scan is complete, Check the following entries:
(Some of these lines may be missing)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://in.rediff.com/index.html
O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - (no file)
O4 - HKCU\..\Run: [WinMem] G:\WinCleaner Memory Optimizer\WinMemOpt.exe
O4 - HKCU\..\Run: [CS Update] copy /Y "C:\Program Files\ActivationManager\ActivationManager.dll.upd" "C:\Program Files\ActivationManager\ActivationManager.dll"
O4 - Startup: PowerReg Scheduler.exe
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe

Make sure Every other window except HJT is closed (No other tabs showing in the bottom tray), and Click Fix Checked
Click the "X" in the upper right corner of the HiJackThis window to close it.
----------------------------------------------------------
Download and Install CCleaner

• Download CCleaner from here . Choose the Slim version.
• Double click on ccsetupXXX_slim.exe to start the installation of CCleaner. (XXX is the version number)
• Click OK
• Click Next
• Click I agree
• Click Next
• Click Install
• Once the installation has finished, click Finish

-----------------------------------------------------------
Set Options in CCleaner and run Cleaning Scan.
Open CCleaner if it's not already running.
( Do not use the Registry block to clean anything with this program. It is for experts only and it is risky).

• Select Cleaner Settings.
  Check Internet Explorer, Windows Explorer, and System so that all items are checked. In the Advanced section, have a check only on Old PreFetch Data.
• Click on the Options block on the left. Select Advanced.
  Uncheck Only delete files in Windows Temp folders older than 48 hours.
• Set Cookie Retention.
  Click on the Options block on the left, then choose Cookies.
  Under the Cookies to delete pane, highlight any cookies you would like to retain permanently (those companies or sites with which you regularly visit or do business), and click the right arrow > to move them to the Cookies to keep pane.
• Run Cleaning Scan. Click on the Cleaner block on the left. Choose the Windows tab.
  Click the Run Cleaner button. This process could take a while. When CCleaner shows how much has been removed, cleaning is finished.

-----------------------------------------------------------
Remove Program(s) with CCleaner
Open CCleaner if it's not already running. In the Left Pane, click Tools. Verify that Uninstall is highlighted in color, or click on it.
Click and Highlight the Following Programs, one at a time, and click the Run Uninstaller button for each one.
Wait for completion of each one before highlighting and Uninstalling the next.
Activation Manager
Orbit Downloader
JRE 1.5.0_6
Boonty (or Boonty Games)
Take extra care in answering questions posed by any Uninstaller. Some questions may be worded to deceive you into Keeping the program.
Exit CCleaner by clicking on the X button in the upper right of the CCleaner window.
-----------------------------------------------------------
Post a New HiJackThis Log
Reboot your computer. Start HijackThis
Click Do System Scan and Save a Log File.
When the Scan is complete, select the whole log (Ctrl-A), copy and paste the log contents in a reply.
-----------------------------------------------------------
Retrieve the Installed Programs List from CCleaner
Open CCleaner if it's not already running.
In the Left Pane, click Tools
Verify that Uninstall is highlighted in color, or click on it.
In the lower Right, click Save to Text File.
Pull down the arrow at the top of the Save dialog and choose Desktop as the location.
You can leave the filename as install.txt
Click Save
Exit CCleaner by clicking on the X button in the upper right of the CCleaner window.

Please post the contents of CCleaner's install.txt along with the fresh HiJackThis log.
askey127

Thanx a lot askey for your time and attention!!!!

Mahanagar Telephone Nigam Ltd is my ISP.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:39:26 AM, on 2/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\IDU\IDUServ.exe
C:\Program Files\Alias\Maya 6.5\docs\wrapper.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\Program Files\Alias\Maya 6.5\docs\jre\bin\java.exe
C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\a\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: &Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: IeHelper Class - {A491D208-B353-490F-B81A-A8A3DC97042D} - C:\WINDOWS\system32\smiehlp.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] G:\Picsa\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] G:\Picsa\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download with Star Downloader - C:\Program Files\Star Downloader\sdie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3960A7F-D44B-4133-BEF9-69BD0C0B6A98}: NameServer = 203.94.243.70,203.94.227.70
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Desktop Utilities Service (iHCService) - OSA Technologies, Inc. - C:\Program Files\Intel\IDU\IDUServ.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Maya 6.5 Documentation Server (maya65docserver) - Unknown owner - C:\Program Files\Alias\Maya 6.5\docs\wrapper.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
O23 - Service: RaySat_3dsmax7 Server (RaySat_3dsmax7Server) - Unknown owner - C:\3ds max7\mentalray\satellite\raysat_3dsmax7server.exe
O23 - Service: SRS Labs License Service - SRS Labs - C:\Program Files\Common Files\SRS Labs Shared\Service\srslabslicenseservice.exe
O24 - Desktop Component 0: (no name) - file:///C:/Documents%20and%20Settings/a/Desktop/everest_mackenzie.jpg
O24 - Desktop Component 1: (no name) - http://www.salem.k12.va.us/south/teacher/lounge/daisy.gif

--
End of file - 9205 bytes



list of installed programs:


µTorrent
ACDSee Pro 2
Ad-Aware SE Professional
Adobe After Effects 6.0
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Illustrator CS
Adobe PageMaker 7.0
Adobe Photoshop 7.0
Adobe Photoshop CS
Adobe Premiere Pro 1.5
Adobe Reader 8.1.2
Adobe Shockwave Player
ALZip
Anti-Leech Plugin for Mozilla, Opera, Netscape
AoA Audio Extractor 1.0
Autodesk 3ds Max 8
Autodesk 3ds Max 8 Additional Maps and Materials
Autodesk 3ds Max 8 Architectural Materials
Autodesk 3ds Max 8 Reference Files
Autodesk DWF Viewer
Autodesk VIZ Extension for 3ds max 7
AVG 7.5
AVG Anti-Spyware 7.5
Avid AVI Codec
CCleaner (remove only)
character studio 4.2
Concise Oxford Dictionary (Tenth Edition)
Corel SVG Viewer
CorelDRAW Graphics Suite 12
COWON Media Center - jetAudio Plus VX
DFX 8 for RealNetworks
DFX 8 for Windows Media Player
DivX Codec
DivX Player
DivX Web Player
Download Accelerator Plus (DAP)
DX-Ball 2 v1.25
Eye Candy 3
File Renamer - Basic
Flash Video Exporter 1.2
FLV Player 1.3.3
FLV Player 2.0, build 23
FLV SPLITTER
Free RM to MP3 Converter 1.12
GOM Player
Google Photos Screensaver
Google Talk (remove only)
Google Toolbar for Firefox
Google Toolbar for Internet Explorer
Google Updater
Google Web Accelerator
Hair and Fur Extension for 3ds max 7
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows XP (KB926239)
iLEAP
Intel® Desktop Utilities
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Adapters and Drivers
InterVideo WinDVD Creator 2
InterVideo WinDVR
J2SE Runtime Environment 5.0 Update 6
Jets N Guns
Kai's Power Tools 3
Kai's Power Tools 5
KGB Archiver 1.2.1.24
KPT 6
KPT® effects™
LimeWire PRO 4.14.8
Logitech iTouch Software
Logitech QuickCam Software
Logitech® Camera Driver
Macromedia Director MX 2004
Macromedia Dreamweaver 4
Macromedia Flash 5
Macromedia Flash MX 2004
Macromedia FreeHand 9
Maya 6.5
MemInfo (remove only)
mental ray 3.4 Extension for 3ds max 7
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft GIF Animator
Microsoft Office XP Professional with FrontPage
Microsoft Private Folder 1.0
Microsoft User-Mode Driver Framework Feature Pack 1.0
Moyea FLV to Video Converter Pro version 1.28.1.0
Mozilla Firefox (2.0.0.12)
Mp3 Tag Tools v1.2
MPEGPlayer
MSN
Nero 7 Essentials
Ogg Vorbis aoTuV b4 SSE2
Opera 9.25
OtsTurntables Free 1.00.012
Oxford Advanced Genie
Pawn 2
Picasa 2
Poser 4
PowerDVD
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Recuva (remove only)
Registry Mechanic 5.2
SECUREMAKER (remove only)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Sentinel System Driver
Silverjuke 1.16
Snooker147 1.0 (Shareware)
Sonic Focus 1.1
Sony Picture Utility
Sony USB Driver
SpeedFan (remove only)
Spelling Dictionaries Support For Adobe Reader 8
SRS Audio Sandbox
Stamp Uninstall
Star Downloader Free
Sudoku
SUPERAntiSpyware Free Edition
Superbike 2000 Demo
Switch
System Requirements Lab
Top 500 Business Letters
Tweak UI
TypingMaster 2002
Universal Extractor 1.5
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
VCDCutter
Virtual DJ - Atomix Productions
WebFldrs XP
Win AVI HelixSDK
WinAVI Video Converter
WinCleaner Memory Optimizer Version 5.2
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Bonus Pack for Windows XP
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Skin Importer
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
WinZip
WNW Dictionary & Thesaurus v1.0
XMLinst
Yahoo! Messenger
Yahoo! Toolbar

imcalvin,
Most problems you have now likely come from the use of P2P file sharing.
-----------------------------------------------------------
Peer to Peer File Sharing
Please note that as long as you're using any form of Peer-to-Peer networking (utorrent, Azureus, Morpheus, Limewire, etc.) and downloading files from non-documented sources, you can expect infestations of malware to occur.

When you use Peer-to-peer (P2P) programs, you are downloading software from an UNKNOWN source directly onto your computer, bypassing your Firewall and Anti-Virus software. It's hardly surprising that many of the available downloads are being used by malware purveyors as a delivery method for their infections. Further, if your P2P program is not configured correctly you may be sharing more files than you realize. See here : http://www.infoworld.com/article/07/09/06/...ID-theft_1.html

Even if you have one of the SAFE P2P programs, the practice of file-sharing is very UNSAFE for the health of your PC.
You may decide to continue P2P sharing, but keep in mind that this practice may be the source of major PC infections.
Better ask yourself if you and your system CD are REALLY ready to reformat your Hard Drive and Re-install Windows.

The risks of using P2P programs are described here in this Sourceforge webpage and in this Information Week article.
Some malware help forums are now refusing to help those who show up with infections from P2P usage.

I think you should stop using and Uninstall uTorrent and Limewire PRO 4.14.8 and Star Downloader Free , but it's your decision.
-----------------------------------------------------------
Remove Program(s) with CCleaner
Open CCleaner. In the Left Pane, click Tools. Verify that Uninstall is highlighted in color, or click on it.
Click and Highlight the Following Program, and click the Run Uninstaller button.

J2SE Runtime Environment 5.0 Update 6

-----------------------------------------------------------
Download the latest version of Java Runtime Environment(JRE), and install it to your computer. It is the 4th one down on the page, called Java Runtime Environment (JRE) 6 Update 4
Download it, choose save, and save it to your desktop.Then doubleclick it, and it will install the newest version of Java for you to use.
-----------------------------------------------------------
Remove log items with HighjackThis. Start HijackThis.
Click Do System Scan Only. When the Scan is complete, Check the following entry:
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll
Make sure Every other window except HJT is closed (No other tabs showing in the bottom tray), and Click Fix Checked
Click the "X" in the upper right corner of the HiJackThis window to close it.
----------------------------------------------------------------------------------
Run MalwareBytes' Anti-Malware
Please download the Installer and save to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to both Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform Quick Scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. Please save it to a convenient location, and post the contents in your reply.
• The log can also be found here if you need it : Start, All Programs, Malwarebytes' Anti-Malware, Logs
  The logs are named by date stamp

-----------------------------------------------------------
Post a New HiJackThis Log
Reboot your computer. Start HijackThis.
Click Do System Scan and Save a Log File.
When the Scan is complete, select the whole log (Ctrl-A), copy and paste the log contents in a reply, along with the MalwareBytes log.
askey127

Thanx a lot mate....will seriously think abt your suggestion of stop using P2P file sharing specially torrents.....below are the latest logs..

Malwarebytes' Anti-Malware 1.03
Database version: 371

Scan type: Quick Scan
Objects scanned: 28754
Time elapsed: 3 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\ConnectionServices (Adware.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\drivers\core.cache.dsk (Malware.Trace) -> Failed to delete. (Delete on reboot).


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:40:13 PM, on 2/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\IDU\IDUServ.exe
C:\Program Files\Alias\Maya 6.5\docs\wrapper.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\Program Files\Alias\Maya 6.5\docs\jre\bin\java.exe
C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\a\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: &Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: IeHelper Class - {A491D208-B353-490F-B81A-A8A3DC97042D} - C:\WINDOWS\system32\smiehlp.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] G:\Picsa\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] G:\Picsa\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download with Star Downloader - C:\Program Files\Star Downloader\sdie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3960A7F-D44B-4133-BEF9-69BD0C0B6A98}: NameServer = 203.94.243.70,203.94.227.70
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Desktop Utilities Service (iHCService) - OSA Technologies, Inc. - C:\Program Files\Intel\IDU\IDUServ.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Maya 6.5 Documentation Server (maya65docserver) - Unknown owner - C:\Program Files\Alias\Maya 6.5\docs\wrapper.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
O23 - Service: RaySat_3dsmax7 Server (RaySat_3dsmax7Server) - Unknown owner - C:\3ds max7\mentalray\satellite\raysat_3dsmax7server.exe
O23 - Service: SRS Labs License Service - SRS Labs - C:\Program Files\Common Files\SRS Labs Shared\Service\srslabslicenseservice.exe
O24 - Desktop Component 0: (no name) - file:///C:/Documents%20and%20Settings/a/Desktop/everest_mackenzie.jpg
O24 - Desktop Component 1: (no name) - http://www.salem.k12.va.us/south/teacher/lounge/daisy.gif

--
End of file - 9580 bytes

imcalvin,
Let's do one more scan to be sure we got everything. You need to use Internet Explorer for this.
-----------------------------------------------------
Using Internet Explorer, Please Do an Online Scan with Kaspersky WebScanner.
Go here to run an online scanner from Kaspersky.

• Click on "Kaspersky Online Scanner"
• A new smaller window will pop up. Press on "Accept". After reading the contents.
• Now Kaspersky will update the anti-virus database. Let it run.
• Click on "Next">"Scan Settings", and make sure the database is set to "extended". And check both the scan options. Then click OK.
• Then click on "My Computer", and the scan will start.
• Once finished, save the log to your Desktop as filename KAV.txt

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license is accepted, reset to 100%.
If the file KAV.txt appears to be too large to post (more than a couple hundred lines), let me know and I will give you instructions that will convert it to a smaller file.

I lived in Lynchburg for many years. Still have kids there.
askey127

Hello askey! below is my kaspersky log:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, February 21, 2008 2:20:09 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 21/02/2008
Kaspersky Anti-Virus database records: 574156
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 159275
Number of viruses found: 3
Number of infected objects: 12
Number of suspicious objects: 0
Duration of the scan process: 01:35:32

Infected Object Name / Virus Name / Last Action
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\drivers\smm.sys Object is locked skipped
C:\WINDOWS\system32\drivers\core.cache.dsk Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\a\ntuser.dat Object is locked skipped
C:\Documents and Settings\a\Local Settings\Temp\googlewebaccclient.exe.log Object is locked skipped
C:\Documents and Settings\a\Local Settings\Temp\GoogleWebAcceleratorCache Object is locked skipped
C:\Documents and Settings\a\Local Settings\Temp\GoogleWebAccelerator.pac Object is locked skipped
C:\Documents and Settings\a\Local Settings\Temp\GoogleWebAccWarden.exe.log Object is locked skipped
C:\Documents and Settings\a\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\a\Local Settings\History\History.IE5\MSHist012008022120080222\index.dat Object is locked skipped
C:\Documents and Settings\a\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\a\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\a\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\a\Local Settings\Application Data\Mozilla\Firefox\Profiles\0n7654ru.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\a\Local Settings\Application Data\Mozilla\Firefox\Profiles\0n7654ru.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\a\Local Settings\Application Data\Mozilla\Firefox\Profiles\0n7654ru.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\a\Local Settings\Application Data\Mozilla\Firefox\Profiles\0n7654ru.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\a\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\0n7654ru.default\history.dat Object is locked skipped
C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\0n7654ru.default\cert8.db Object is locked skipped
C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\0n7654ru.default\key3.db Object is locked skipped
C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\0n7654ru.default\parent.lock Object is locked skipped
C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\0n7654ru.default\search.sqlite Object is locked skipped
C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\0n7654ru.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\0n7654ru.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\a\Application Data\Mozilla\Firefox\Profiles\0n7654ru.default\GoogleToolbarData\googlesafebrowsing.db Object is locked skipped
C:\Documents and Settings\a\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SUPERANTISPYWARE.LOG Object is locked skipped
C:\Documents and Settings\a\ntuser.dat.LOG Object is locked skipped
C:\Program Files\DAP\Log\DAP_REPORT.LOG Object is locked skipped
C:\Program Files\DAP\History\a\_lasthist.dat Object is locked skipped
C:\System Volume Information\_restore{620514FB-21F1-4E7D-B5FB-51B0F92F1E44}\RP561\change.log Object is locked skipped
E:\System Volume Information\_restore{620514FB-21F1-4E7D-B5FB-51B0F92F1E44}\RP561\change.log Object is locked skipped
F:\System Volume Information\_restore{620514FB-21F1-4E7D-B5FB-51B0F92F1E44}\RP561\change.log Object is locked skipped
F:\System Volume Information\_restore{620514FB-21F1-4E7D-B5FB-51B0F92F1E44}\RP561\A0336124.exe/data0000.cab/update.exe Infected: Trojan.Win32.Agent.efb skipped
F:\System Volume Information\_restore{620514FB-21F1-4E7D-B5FB-51B0F92F1E44}\RP561\A0336124.exe/data0000.cab Infected: Trojan.Win32.Agent.efb skipped
F:\System Volume Information\_restore{620514FB-21F1-4E7D-B5FB-51B0F92F1E44}\RP561\A0336124.exe Rsrc-Package: infected - 2 skipped
F:\System Volume Information\_restore{620514FB-21F1-4E7D-B5FB-51B0F92F1E44}\RP561\A0336124.exe UPX: infected - 2 skipped
F:\System Volume Information\_restore{620514FB-21F1-4E7D-B5FB-51B0F92F1E44}\RP561\A0336124.exe PE_Patch.UPX: infected - 2 skipped
G:\System Volume Information\_restore{620514FB-21F1-4E7D-B5FB-51B0F92F1E44}\RP561\change.log Object is locked skipped
G:\System Volume Information\_restore{620514FB-21F1-4E7D-B5FB-51B0F92F1E44}\RP561\A0336133.exe/stream/data0137/stream/data0007 Infected: not-a-virus:AdWare.Win32.MyTool.f skipped
G:\System Volume Information\_restore{620514FB-21F1-4E7D-B5FB-51B0F92F1E44}\RP561\A0336133.exe/stream/data0137/stream Infected: not-a-virus:AdWare.Win32.MyTool.f skipped
G:\System Volume Information\_restore{620514FB-21F1-4E7D-B5FB-51B0F92F1E44}\RP561\A0336133.exe/stream/data0137 Infected: not-a-virus:AdWare.Win32.MyTool.f skipped
G:\System Volume Information\_restore{620514FB-21F1-4E7D-B5FB-51B0F92F1E44}\RP561\A0336133.exe/stream Infected: not-a-virus:AdWare.Win32.MyTool.f skipped
G:\System Volume Information\_restore{620514FB-21F1-4E7D-B5FB-51B0F92F1E44}\RP561\A0336133.exe NSIS: infected - 4 skipped
G:\System Volume Information\_restore{620514FB-21F1-4E7D-B5FB-51B0F92F1E44}\RP561\A0336134.exe/file09 Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
G:\System Volume Information\_restore{620514FB-21F1-4E7D-B5FB-51B0F92F1E44}\RP561\A0336134.exe Inno: infected - 1 skipped

Scan process completed.

Hi there again, imcalvin,
That's a good result.
We will erase the infections stored in old System restore points, and provide some extra protection going forward.
-----------------------------------------------------------
Reset System Restore Points

• Click Start > Help and Support
• Click on ->Undo changes to your computer with System Restore.
• Click Create A Restore Point then click Next. Give it a name it and then click Create, then Close.
• Close Help and Support Center.
• Click Start | Run and type Cleanmgr
• Select (C: ) then click OK.
• Click the More Options tab.
• Click Clean Up in the System Restore Section.

This will remove all previous restore points except the newly created one.
This System Restore sequence is not to be done regularly, but only as a Special Case after the removal of malware.
-----------------------------------------------------------
Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites to your Internet Explorer settings that will protect you from accidentally running or downloading known malicious programs. Available from http://www.javacoolsoftware.com/spywareblaster.html
After the installation, click Download Latest Protection Updates. When it finishes, click Enable All Protection.
-----------------------------------------------------------
Download and Install a HOSTS File
A HOSTS file is a big list of bad web sites. The list has a specific format, a specific name, (name is just HOSTS with no file extension), and a specific location. Your machine always looks at that file in that location before connecting to a web site to verify the address. So the HOSTS listing can be used to "short circuit" a request to a bad website by giving it the address of your own machine.

Whatever list your HOSTS file has will be used by your browser. You can open the HOSTS file with Notepad and look at it.
In Windows XP, it is located in this folder ==> C:\Windows\System32\Drivers\etc\

Be sure to disable the service "DNS Client" FIRST to allow the use of large HOSTS files without slowdowns.
If this isn't done first, the next reboot may take a VERY LONG TIME.
This is how to do it. First be sure you are signed in as a user with administrative privileges:


Download BlueTack's HOSTS Manager here, using Internet Explorer:
http://www.bluetack.co.uk/forums/index.php...ails&f_id=5
A short distance down the page in the center, click on the Download button.
Agree to the license.
On the next page, to the right side of where it says Download Estimates, right click on the underlined word "Hosts Manager" choose "Save Target As" and download the installer Hosts20setup.exe to your desktop.
Double click the Installer on your desktop and let it Install the Hosts Manager

After the installation is complete, click on the Hosts Manager icon on your desktop. (You can delete the Hosts Switch icon).
When the manager comes up, go to the left pane, and click Download.
It will load 70,000 lines or more. When it finishes, also in the left pane, click Replace, and then Save.
You can use this manager to handle your HOSTS file download, edits, and most any other HOSTS issue.

If you have a firewall, you may have to give permissions at various times to Unlock the present default HOSTS file and install the new one.
------------------------------------------------------------------------------------------------------------
If you are interested, extra information about HOSTS files :
Read an excellent tutorial about HOSTS files (the Bluetack version) here:
http://www.bluetack.co.uk/forums/index.php?showtopic=8406

There is a very detailed resource for those wanting to spend more time reading up, or to have as a reference:
http://www.bluetack.co.uk/forums/index.php?showtopic=8337

You can see another HOSTS file tutorial here : http://www.mvps.org/winhelp2002/hosts.htm
and choose to manually download and install the MVPS HOSTS File instead of using the BlueTack HOSTS.
The BlueTack version (70k+ entries) is more aggressive than the mvps (12k + entries), and targets adware sites as well as more dangerous ones.
-----------------------------------------------------------
Install WinPatrol - Download and Install the Free WinPatrol, and view Instructions here: http://www.winpatrol.com/winpatrol.html
- WinPatrol is an active program that drops a "Scotty Dog" icon into the system tray (right click to check/change status), allows you to monitor/edit startups, services, Browser helpers, and prompts for permission if any program tries to change your system. The inexpensive PLUS version is worth it, to give you extra details about the files and processes on your system, and provide incoming protections. You can upgrade from the Free to the PLUS version anytime.

You should be good to go.
askey127

A Heartfelt thank you mate for all ur help!!!! Highly appreciated! problem seems to be fixed:)

Thanks again.....