Some how my system got infected with a trojan/virus which keeps displayinf fake alrerts and occasionally pop up windows (ads). Security tool bar is installed along with this but i was able to delete the security tool bar. Please help me in deleting stdole3.tld file Nalluri

Please download SmitRemFix from this link http://siri.geekstogo.com/SmitfraudFix.php Then extract the contents to your desktop. Open the "SmitfraudFix" folder and double-click "smitfraudfix.cmd" Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present). Please post a Hijack This log so that the files associated with the virus/spyware/hijacker can be identified. Please download HJTsetup.exe from this link http://www.thespykiller.co.uk/files/HJTsetup.exe to your desktop. Doubleclick on the HJTsetup.exe icon on your desktop. By default it will install to C:\Program Files\Hijack This. Continue to click "next" in the setup dialogue boxes until you get to the "Select Addition Tasks" dialogue. Put a check by "Create a desktop icon" then click "Next" again. Continue to follow the rest of the prompts from there. At the final dialogue box click "Finish" and it will launch Hijack This. Click on the "Do a system scan and save a logfile" button. It will scan and the log should open in notepad. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log and post it in this thread. Do not fix anything yet unless you know what you are doing. This is a powerful tool that can crash the computer if used improperly. Please copy/paste the content of that report into your next reply. Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. Please do not run option #2 yet as it will remove the desktop background if run on an uninfected computer.

Hijack this Log --------------- Logfile of HijackThis v1.99.1 Scan saved at 5:59:27 PM, on 6/23/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AccessManager\Client\AMBroker.exe C:\Program Files\Virtusa Corporation\VPN Client\cvpnd.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.exe C:\mysql-4.1.14-win32\bin\mysqld-debug.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\AccessManager\PMAC\sp_SWIns.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\AccessManager\Client\sygman.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\CCM\CLICOMP\RemCtrl\Wuser32.exe C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\System32\CCM\CcmExec.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\atmclk.exe C:\WINDOWS\system32\dcomcfg.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Java\j2re1.4.2_11\bin\jusched.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\MSN Messenger\MsnMsgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\TortoiseSVN\bin\TSVNCache.exe C:\Program Files\Virtusa Corporation\VPN Client\vpngui.exe C:\Program Files\Virtusa Corporation\VPN Client\ipseclog.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Hijackthis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://iwayindia R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = www.mc.xerox.com:8000 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 13.*.*.*;Xww.*.internal.xerox.com;xww.*.world.xerox.com;*.xpn.xerox.com;*.mc.xerox.com;*.xc.xerox.com;*.connect.xerox.com;<local> O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Nothing - {686a161d-5bd1-4999-8832-6393f41e564c} - C:\WINDOWS\system32\hp100.tmp O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" /STANDALONE O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" O4 - HKLM\..\Run: [AccessManager] C:\Program Files\AccessManager\Client\AccessMgr.exe O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_11\bin\jusched.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Virtusa Corporation VPN Client.lnk = C:\Program Files\Virtusa Corporation\VPN Client\vpngui.exe O4 - Global Startup: Wireless-B Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application manager\gapsp.dll O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application manager\gapsp.dll O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application manager\gapsp.dll O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application manager\gapsp.dll O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application manager\gapsp.dll O14 - IERESET.INF: START_PAGE_URL=http://iwayindia O15 - Trusted Zone: http://*.chneye O15 - Trusted Zone: http://*.chnheart O15 - Trusted Zone: http://*.chnithelpdesk O15 - Trusted Zone: http://*.chnpulse O15 - Trusted Zone: http://*.cmbeye O15 - Trusted Zone: http://*.cmbheart O15 - Trusted Zone: http://*.cmbpulse O15 - Trusted Zone: http://*.dashboard O15 - Trusted Zone: http://*.dashboardin O15 - Trusted Zone: http://*.dashboardsl O15 - Trusted Zone: http://*.directoryupdate O15 - Trusted Zone: http://*.heart O15 - Trusted Zone: http://*.hydeye O15 - Trusted Zone: http://*.hydheart O15 - Trusted Zone: http://*.hydithelpdesk O15 - Trusted Zone: http://*.hydpulse O15 - Trusted Zone: http://*.icontactsvr O15 - Trusted Zone: http://*.ms-appsvr01 O15 - Trusted Zone: http://*.pulse O15 - Trusted Zone: http://*.slhelpdesk O15 - Trusted Zone: http://*.ushelpdesk O15 - Trusted Zone: http://*.chneye (HKLM) O15 - Trusted Zone: http://*.chnheart (HKLM) O15 - Trusted Zone: http://*.chnithelpdesk (HKLM) O15 - Trusted Zone: http://*.chnpulse (HKLM) O15 - Trusted Zone: http://*.cmbeye (HKLM) O15 - Trusted Zone: http://*.cmbheart (HKLM) O15 - Trusted Zone: http://*.cmbpulse (HKLM) O15 - Trusted Zone: http://*.dashboard (HKLM) O15 - Trusted Zone: http://*.dashboardin (HKLM) O15 - Trusted Zone: http://*.dashboardsl (HKLM) O15 - Trusted Zone: http://*.directoryupdate (HKLM) O15 - Trusted Zone: http://*.heart (HKLM) O15 - Trusted Zone: http://*.hydeye (HKLM) O15 - Trusted Zone: http://*.hydheart (HKLM) O15 - Trusted Zone: http://*.hydithelpdesk (HKLM) O15 - Trusted Zone: http://*.hydpulse (HKLM) O15 - Trusted Zone: http://*.icontactsvr (HKLM) O15 - Trusted Zone: http://*.ms-appsvr01 (HKLM) O15 - Trusted Zone: http://*.pulse (HKLM) O15 - Trusted Zone: http://*.slhelpdesk (HKLM) O15 - Trusted Zone: http://*.ushelpdesk (HKLM) O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://sifyimg.speedera.net/sify.com/eot/tdserver.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - http://vapwcb.ops.placeware.com/etc/place/CHAIR/VACpws-b2/5.1.8.511/lib/quicksilver.cab O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} (NeoterisSetup Control) - https://neo.virtusa.com/dana-cached/setup/NeoterisSetup.cab O16 - DPF: {92F6C891-8282-4953-9A63-5C712783C668} (eT247.eTMain) - http://pulse/Pulse/eT247.CAB O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://mymeetings.webex.com/client/v_mywebex-wbs-mciprodins/webex/ieatgpc.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Virtusa.com O17 - HKLM\Software\..\Telephony: DomainName = Virtusa.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Virtusa.com O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Virtusa.com O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Access Manager Configuration Service (AMBroker) - MCI, Inc. - C:\Program Files\AccessManager\Client\AMBroker.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Virtusa Corporation\VPN Client\cvpnd.exe O23 - Service: Visual Insight DA Plugin (DAPlugin) - MCI, Inc. - C:\Program Files\AccessManager\Client\DAPlugin.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart (file missing) O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: MySQL - Unknown owner - C:\mysql-4.1.14-win32\bin\mysqld-debug.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SP Software Installer - Smartpipes, Inc. - C:\Program Files\AccessManager\PMAC\sp_SWIns.exe O23 - Service: Visual Insight Dial Analysis (sp_spi_da) - Smartpipes, Inc. - C:\Program Files\AccessManager\SMOC\spi_da.exe O23 - Service: SSA Integration Manager (Sygman) - MCI, Inc. - C:\Program Files\AccessManager\Client\sygman.exe O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe SmitFradFix- log file contents -- SmitFraudFix v2.64 Scan done at 17:53:40.43, Fri 06/23/2006 Run from C:\Documents and Settings\rajavardhann\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix ran in normal mode »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 C:\WINDOWS\system32\atmclk.exe FOUND ! C:\WINDOWS\system32\dcomcfg.exe FOUND ! C:\WINDOWS\system32\hp???.tmp FOUND ! C:\WINDOWS\system32\hp????.tmp FOUND ! C:\WINDOWS\system32\ld????.tmp FOUND ! C:\WINDOWS\system32\regperf.exe FOUND ! C:\WINDOWS\system32\stdole3.tlb FOUND ! C:\WINDOWS\system32\1024\ FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\rajavardhann\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\RAJAVA~1\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{af3fd9a8-1287-4159-9212-9a5b4494af70}"="ecosystems" [HKEY_CLASSES_ROOT\CLSID\{af3fd9a8-1287-4159-9212-9a5b4494af70}\InProcServer32] @="C:\WINDOWS\system32\guxxa.dll" [HKEY_CURRENT_USER\Software\Classes\CLSID\{af3fd9a8-1287-4159-9212-9a5b4494af70}\InProcServer32] @="C:\WINDOWS\system32\guxxa.dll" »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End Nalluri

Next, please reboot your computer in Safe Mode by doing the following : Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; Instead of Windows loading as normal, a menu with options should appear; Select the first option, to run Windows in Safe Mode, then press "Enter". Choose your usual account. Once in Safe Mode, open the "SmitfraudFix" folder again and double-click "smitfraudfix.cmd" Select option #2 - Clean by typing 2 and press "Enter" to delete infected files. You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing " Y " and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection. The tool will now check if "wininet.dll " is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing "Y" and press "Enter". The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply. The report can also be found at the root of the system drive, usually at C:\rapport.txt

SmitFraudFix v2.64 Scan done at 18:37:46.26, Fri 06/23/2006 Run from C:\Documents and Settings\rajavardhann\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix ran in safe mode »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{af3fd9a8-1287-4159-9212-9a5b4494af70}"="ecosystems" [HKEY_CLASSES_ROOT\CLSID\{af3fd9a8-1287-4159-9212-9a5b4494af70}\InProcServer32] @="C:\WINDOWS\system32\guxxa.dll" [HKEY_CURRENT_USER\Software\Classes\CLSID\{af3fd9a8-1287-4159-9212-9a5b4494af70}\InProcServer32] @="C:\WINDOWS\system32\guxxa.dll" »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri C:\WINDOWS\system32\guxxa.dll -> Missing File »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\WINDOWS\system32\atmclk.exe Deleted C:\WINDOWS\system32\dcomcfg.exe Deleted C:\WINDOWS\system32\hp???.tmp Deleted C:\WINDOWS\system32\ld????.tmp Deleted C:\WINDOWS\system32\regperf.exe Deleted C:\WINDOWS\system32\stdole3.tlb Deleted C:\WINDOWS\system32\1024\ Deleted »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End Nalluri

Looks better. Now for some cleanup. Please download ATF-Cleaner to your desktop from this link http://www.atribune.org/content/view/19/2/ We will need it later in safe mode Download Ewido Security Suite We will need this later in safe mode Be sure to update Ewido Reboot into safe mode. Run Hijack This from safe mode, close all windows except HT, place a check to the left of the followings and press "fix checked": O2 - BHO: Nothing - {686a161d-5bd1-4999-8832-6393f41e564c} - C:\WINDOWS\system32\hp100.tmp O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://sifyimg.speedera.net/sify.com/eot/tdserver.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - http://vapwcb.ops.placeware.com/etc/place/CHAIR/VACpws-b2/5.1.8.511/lib/quicksilver.cab O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} (NeoterisSetup Control) - https://neo.virtusa.com/dana-cached/setup/NeoterisSetup.cab O16 - DPF: {92F6C891-8282-4953-9A63-5C712783C668} (eT247.eTMain) - http://pulse/Pulse/eT247.CAB O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://mymeetings.webex.com/client/v_mywebex-wbs-mciprodins/webex/ieatgpc.cab Exit Hijack This Run Ewido from safe mode and let it delete all that it finds. Run ATF-Cleaner from safe mode. Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok. I'm guessing the 015's are part of your RN studies, let me know. Run this free online scan from Kaspersky http://kaspersky.com/kos/english/kavwebscan.html Click Accept When the updates are finished downloading, click Next, Scan Settings Under Scan using the following antivirus database:, select extended Make sure the Scan Archives and Scan Mail Bases options are selected as well. Click OK Click My Computer and wait for the scan to finish Click Save Report As. Under Save as type:, select Text file. Save this log to your Desktop and post a copy of it here.

After running the ATF cleaner i did turn off the system restore. While i tried to turn it on it asked me to restart the systeem in normal mode. I did that. When I logged in I got message saying you are victim of Software Conterfeiting and my windows is not genuine. I.m shocked. please let me know why this has happenned Nalluri