Hey People,
I recently clicked on a link sent by my friend on my yahoo messenger, only to reliase that, It was a HOAX on & his system too was affected.

After clickin on this, My yahoo & even MSN has been acting wierd. Sending messages to people on my buddy list.

I know that there is a Spyware or somethin in there now. I need help removing it.

Looks like SVCHOST32.exe is what has been affected. atleast thats what the scan says at times.
And also i guess everytime i restart the system, this starts doing things.
Only when i logon to YAHOO / MSN messengers, wierd things happen. I wonder if in the background loads of other things are happening too.
Could someone tell me what i should b doin. I dont understand the results when I use HIJACK THIS software.

I have uninstalled MSN & YAHOO both .. and installin it again is of not much help.

Thanx in advance for helping me.

Please post you Hijack This log.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 5:05:04 PM, on 4/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
D:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
D:\PROGRA~1\YAHOO!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
D:\AV 07\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://quicknews.info
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie...
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Task Manager] C:\WINDOWS\system\svchost.exe
O4 - HKLM\..\Run: [Yahoo Messenger] C:\WINDOWS\system\svchost32.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "D:\PROGRA~1\YAHOO!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{10A22B64-156F-4A99-9825-36BB1CB73A54}: NameServer = 61.1.96.69,61.1.96.71
O17 - HKLM\System\CS1\Services\Tcpip\..\{10A22B64-156F-4A99-9825-36BB1CB73A54}: NameServer = 61.1.96.69,61.1.96.71
O17 - HKLM\System\CS2\Services\Tcpip\..\{10A22B64-156F-4A99-9825-36BB1CB73A54}: NameServer = 61.1.96.69,61.1.96.71
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/BASITH/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 8907 bytes

Please download ATF-Cleaner to your desktop from this link
http://www.atribune.org/content/view/19/2/ We will need it later in safe mode

Download and install AVG Anti-Spyware We will need this later in safe mode

Be sure to update AVG Anti- Spyware

Download Killbox to your desktop from this link Killbox by Option^Explicit. If you already have "Killbox" update to this newer version. We will need it later in safe mode

Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.

Next, please reboot your computer in Safe Mode by doing the following :

Restart your computer

After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;

Instead of Windows loading as normal, a menu with options should appear;

Select the first option, to run Windows in Safe Mode, then press "Enter".

Choose your usual account.

Run Hijack This from safe mode, close all windows except Hijack This, place a check to the left of the following items and press "fix checked":

O4 - HKLM\..\Run: [Task Manager] C:\WINDOWS\system\svchost.exe

O4 - HKLM\..\Run: [Yahoo Messenger] C:\WINDOWS\system\svchost32.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present (remove unless you set this)

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 (remove unless you set this)

Exit Hijack this but remain in safe mode.

Run Killbox from safe mode. Please double-click Killbox.exe to run it.
Select:
Delete on Reboot
then Click on the All Files button.
Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\WINDOWS\system\svchost.exe

C:\WINDOWS\system\svchost32.exe

Return to Killbox, go to the File menu, and choose Paste from Clipboard.

Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let us know if you receive this message!).

If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click Here to download and run missingfilesetup.exe. Then try Killbox again.

Run ATF-Cleaner from safe mode.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

In Safe Mode, run AVG Anti-spyware and click on the Scanner tab at the top. Click the "Settings" tab and then change the recommended action to Quarantine and click Automatically generate report after every scan. Click back to the "Scan" tab and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.

AVG Anti-Spyware will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right hand side.

Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).

Post the AVG log and a new Hijack This log please.

Thanx for the steps mentioned that i need to follow.
I was caught up at work. I will be doing as mentioned above and putting up the LOGs u have asked for.
Thanx a lot in advance my friend.

Ok all this logs where taken down in SAFE MODE.
AVG LOG:

AVG Anti-Spyware - Scan Report

+ Created at: 10:23:50 AM 4/21/2007

+ Scan result:

D:\Back-up\MSN-XP\MsgPlus-301.exe/sponsor.exe -> Downloader.Swizzor.ag : Cleaned.
:mozilla.450:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.453:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.261:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.262:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.263:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.264:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.265:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.266:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.267:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.268:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.269:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.270:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.271:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.272:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.273:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.274:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.275:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.276:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.277:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.278:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.279:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.280:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.281:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.744:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.751:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.830:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.850:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.80:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.81:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.82:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.83:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.195:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.197:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.198:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.200:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.202:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.203:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.204:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.520:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.848:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.849:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.601:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Adtiger : Cleaned.
:mozilla.602:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Adtiger : Cleaned.
:mozilla.603:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Adtiger : Cleaned.
:mozilla.364:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.365:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.366:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.367:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.368:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.614:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Adviva : Cleaned.
:mozilla.122:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.876:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.877:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.205:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.206:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.207:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.208:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.209:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.210:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.211:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.326:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.327:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.928:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.929:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.634:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.635:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.32:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.28:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.29:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.538:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.539:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.540:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.541:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.542:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.543:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.193:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.196:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.199:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.201:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.298:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Gemius : Cleaned.
:mozilla.299:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Gemius : Cleaned.
:mozilla.300:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Gemius : Cleaned.
:mozilla.353:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.426:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.546:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.628:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.633:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.719:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.236:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.237:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.238:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.239:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.340:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.341:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.936:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.937:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.938:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.940:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.941:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.942:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.943:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.950:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.951:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.952:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.291:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned.
:mozilla.790:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.791:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.825:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.826:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.636:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.637:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.188:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.189:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.190:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.900:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.905:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.384:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.385:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.386:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.387:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.642:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned.
:mozilla.643:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned.
:mozilla.240:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.241:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.192:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.194:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.727:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.728:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.729:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.730:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.731:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.732:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.733:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.734:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.868:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.316:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.317:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.318:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.319:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.320:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.321:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.852:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.853:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.216:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.217:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.218:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.219:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.220:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.858:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.859:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.860:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.861:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.949:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.901:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Spylog : Cleaned.
:mozilla.480:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.481:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.482:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.483:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.484:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.485:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.486:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.487:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.488:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.489:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.490:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.491:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.492:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.493:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.494:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.495:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.496:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.497:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.498:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.499:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.500:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.345:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.346:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.347:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.914:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Toplist : Cleaned.
:mozilla.783:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.787:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.788:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.180:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.181:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.183:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.184:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.185:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.186:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.187:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.191:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.8:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.9:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.245:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.223:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.932:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.149:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.150:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.151:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.152:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.153:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.156:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.157:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.158:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.159:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.160:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.161:C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.

::Report end

Below is HIJACKTHIS:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:25:18 AM, on 4/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
D:\AV 07\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://quicknews.info
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie...
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "D:\PROGRA~1\YAHOO!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{10A22B64-156F-4A99-9825-36BB1CB73A54}: NameServer = 61.1.96.69,61.1.96.71
O17 - HKLM\System\CS1\Services\Tcpip\..\{10A22B64-156F-4A99-9825-36BB1CB73A54}: NameServer = 61.1.96.69,61.1.96.71
O17 - HKLM\System\CS2\Services\Tcpip\..\{10A22B64-156F-4A99-9825-36BB1CB73A54}: NameServer = 61.1.96.69,61.1.96.71
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/BASITH/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 7805 bytes

I just wanted you to also know that, The system starts up very slow. The start up process takes a long long time. I restarted the system in the NORMALMODE to connect to the net.

If there is anymore steps i need to follow. Please let me know.
Thanks a lot.

Please download ComboFix to the desktop from this link:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to hang.)

Please post the log it produces.

"BASITH" -:56:43 Service Pack 2
ComboFix.2V - Running from: C:\Documents and Settings\BASITH\Desktop\

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system\svchost.exe

((((((((((((((((((((((((((((((( Files Created from to ))))))))))))))))))))))))))))))))))

:50 <DIR> d--hs---- C:\FOUND.006:31 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT:17 <DIR> d-------- C:\!KillBox:14 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys:48 <DIR> d--hs---- C:\FOUND.005:47 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion:27 <DIR> d--hs---- C:\FOUND.004:02 22,112 -ra------ C:\WINDOWS\system32\drivers\COH_Mon.sys:04 <DIR> d--hs---- C:\FOUND.003:56 48,776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL:56 115,000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS:56 <DIR> d-------- C:\Program Files\Norton AntiVirus:07 <DIR> d--hs---- C:\FOUND.002:36 <DIR> d-------- C:\Program Files\directx:40 <DIR> d--hs---- C:\FOUND.001:02 <DIR> d--h----- C:\WINDOWS\PIF:23 <DIR> d-------- C:\Program Files\Inbit

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

:06 -------- d-------- C:\Program Files\quicktime:33 -------- d-------- C:\DOCUME~1\BASITH\APPLIC~1\apple computer:58 -------- d-------- C:\Program Files\Common Files\vbox:02 1459 --a------ C:\WINDOWS\mozver.dat:38 73216 --a------ C:\WINDOWS\st6unst.exe:38 --------- C:\WINDOWS\setup1.exe

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} C:\Program Files\Yahoo!\Common\yiesrvc.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SoundMan"="SOUNDMAN.EXE"
"VTTimer"="VTTimer.exe"
"VTTrayp"="VTtrayp.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"D:\\Program Files\\iTunes\\iTunesHelper.exe\""
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"osCheck"="\"C:\\Program Files\\Norton AntiVirus\\osCheck.exe\""
"Symantec PIF AlertEng"="\"C:\\Program Files\\Common Files\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\PIFSvc.exe\" /a /m \"C:\\Program Files\\Common Files\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\AlertEng.dll\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"Task Manager"="C:\\WINDOWS\\system\\svchost.exe"
"Yahoo Messenger"="C:\\WINDOWS\\system\\svchost32.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"googletalk"="\"C:\\Program Files\\Google\\Google Talk\\googletalk.exe\" /autostart"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\""
"Yahoo! Pager"="\"D:\\PROGRA~1\\YAHOO!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source REG_SZ file:///C:/DOCUME~1/BASITH/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - BASITH.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan:58:16
Windows 5.1.2600 Service Pack 2 FAT

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time::58:18
C:\ComboFix-quarantined-files.txt ...:58

I hope the above post helps u !!
though it has not aligned properly as it has on the notepad.
Lemme know if ther is anythin more i can do ..
Thanx a million

Please download Dr Web CureIt to your desktop from this link ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
Doubleclick the drweb-cureit.exe file and Allow to run the express scan.
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it.
This is only a short scan.
Once the short scan has finished, mark the drives that you want to scan.
Select all drives.
A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look if you can click next icon next to the files found:
If so, click it and then click the next icon right below and select Move incurable.
This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log on your desktop.

Hey jabuck

i will being following this above process once i reach home today from work. I was wondering why is my system taking lot of time to start up. The loading process is very slow.
Once i am connected to the net, i only use GTALK for time being & looks like that too is slow compared to before.
I hope these issues are fixed once you have provided me all the solutions.
I will post the log as asked above ASAP.
Thanx

Dr.Web Cureit. LOG

index[1].htm\javascript.0;C:\Documents and Settings\BASITH\Local Settings\Temporary Internet Files\Content.IE5\82ORY1BY\index[1].htm;VBS.Psyme.377;;
index[1].htm;C:\Documents and Settings\BASITH\Local Settings\Temporary Internet Files\Content.IE5\82ORY1BY;Archive contains infected objects;Moved.;
A0026674.EXE;C:\System Volume Information\_restore{1C01F5C1-3797-46F0-86EB-1CF78E8322A6}\RP73;Win32.HLLW.Texmer;Incurable.Moved.;
svchost.exe;C:\!KillBox;Win32.HLLW.Texmer;Incurable.Moved.;

Still not a lot showing up.

Run this free online scan from Kaspersky http://kaspersky.com/kos/english/kavwebscan.html
Click Accept
When the updates are finished downloading, click Next, Scan Settings
Under Scan using the following antivirus database:, select extended
Make sure the Scan Archives and Scan Mail Bases options are selected as well. Click OK
Click My Computer and wait for the scan to finish
Click Save Report As. Under Save as type:, select Text file. Save this log to your Desktop and post a copy of it here.

---------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, April 24, 2007 8:15:20 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 24/04/2007
Kaspersky Anti-Virus database records:
---------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 28846
Number of viruses found: 3
Number of infected objects: 35
Number of suspicious objects: 0
Duration of the scan process: 00:31:50

Infected Object Name / Virus Name / Last Action
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system\svchost.exe/script.au3 Infected: IM-Worm.Win32.Sohanad.ae skipped
C:\WINDOWS\system\svchost.exe AutoIt: infected - 1 skipped
C:\WINDOWS\system\svchost.exe UPX: infected - 1 skipped
C:\WINDOWS\system\svchost.exe PE_Patch.UPX: infected - 1 skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-04-24_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SubEng\submissions.idx Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\91D8075D.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\F18F17A6.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\BASITH\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\BASITH\Local Settings\Temp\IEXPLORE.EXE/script.au3 Infected: IM-Worm.Win32.Sohanad.ae skipped
C:\Documents and Settings\BASITH\Local Settings\Temp\IEXPLORE.EXE AutoIt: infected - 1 skipped
C:\Documents and Settings\BASITH\Local Settings\Temp\IEXPLORE.EXE UPX: infected - 1 skipped
C:\Documents and Settings\BASITH\Local Settings\Temp\IEXPLORE.EXE PE_Patch.UPX: infected - 1 skipped
C:\Documents and Settings\BASITH\Local Settings\Temp\Perflib_Perfdata_8b0.dat Object is locked skipped
C:\Documents and Settings\BASITH\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\BASITH\Local Settings\History\History.IE5\MSHist012007042420070425\index.dat Object is locked skipped
C:\Documents and Settings\BASITH\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\BASITH\Local Settings\Temporary Internet Files\Content.IE5\82ORY1BY\YMworm[1].exe/script.au3 Infected: IM-Worm.Win32.Sohanad.ae skipped
C:\Documents and Settings\BASITH\Local Settings\Temporary Internet Files\Content.IE5\82ORY1BY\YMworm[1].exe AutoIt: infected - 1 skipped
C:\Documents and Settings\BASITH\Local Settings\Temporary Internet Files\Content.IE5\82ORY1BY\YMworm[1].exe UPX: infected - 1 skipped
C:\Documents and Settings\BASITH\Local Settings\Temporary Internet Files\Content.IE5\82ORY1BY\YMworm[1].exe PE_Patch.UPX: infected - 1 skipped
C:\Documents and Settings\BASITH\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\BASITH\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\BASITH\Local Settings\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\BASITH\Local Settings\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\BASITH\Local Settings\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\BASITH\Local Settings\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\BASITH\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\history.dat Object is locked skipped
C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\cert8.db Object is locked skipped
C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\key3.db Object is locked skipped
C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\parent.lock Object is locked skipped
C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\search.sqlite Object is locked skipped
C:\Documents and Settings\BASITH\Application Data\Mozilla\Firefox\Profiles\my1jpcz5.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\BASITH\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\BASITH\DoctorWeb\Quarantine\index[1].htm Infected: Trojan-Downloader.JS.Small.dn skipped
C:\Documents and Settings\BASITH\DoctorWeb\Quarantine\A0026674.EXE/script.au3 Infected: IM-Worm.Win32.Sohanad.ae skipped
C:\Documents and Settings\BASITH\DoctorWeb\Quarantine\A0026674.EXE AutoIt: infected - 1 skipped
C:\Documents and Settings\BASITH\DoctorWeb\Quarantine\A0026674.EXE UPX: infected - 1 skipped
C:\Documents and Settings\BASITH\DoctorWeb\Quarantine\A0026674.EXE PE_Patch.UPX: infected - 1 skipped
C:\Documents and Settings\BASITH\DoctorWeb\Quarantine\svchost.exe/script.au3 Infected: IM-Worm.Win32.Sohanad.ae skipped
C:\Documents and Settings\BASITH\DoctorWeb\Quarantine\svchost.exe AutoIt: infected - 1 skipped
C:\Documents and Settings\BASITH\DoctorWeb\Quarantine\svchost.exe UPX: infected - 1 skipped
C:\Documents and Settings\BASITH\DoctorWeb\Quarantine\svchost.exe PE_Patch.UPX: infected - 1 skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped
C:\System Volume Information\_restore{1C01F5C1-3797-46F0-86EB-1CF78E8322A6}\RP73\A0027764.EXE/script.au3 Infected: IM-Worm.Win32.Sohanad.ae skipped
C:\System Volume Information\_restore{1C01F5C1-3797-46F0-86EB-1CF78E8322A6}\RP73\A0027764.EXE AutoIt: infected - 1 skipped
C:\System Volume Information\_restore{1C01F5C1-3797-46F0-86EB-1CF78E8322A6}\RP73\A0027764.EXE UPX: infected - 1 skipped
C:\System Volume Information\_restore{1C01F5C1-3797-46F0-86EB-1CF78E8322A6}\RP73\A0027764.EXE PE_Patch.UPX: infected - 1 skipped
C:\System Volume Information\_restore{1C01F5C1-3797-46F0-86EB-1CF78E8322A6}\RP74\A0028171.exe/script.au3 Infected: IM-Worm.Win32.Sohanad.ae skipped
C:\System Volume Information\_restore{1C01F5C1-3797-46F0-86EB-1CF78E8322A6}\RP74\A0028171.exe AutoIt: infected - 1 skipped
C:\System Volume Information\_restore{1C01F5C1-3797-46F0-86EB-1CF78E8322A6}\RP74\A0028171.exe UPX: infected - 1 skipped
C:\System Volume Information\_restore{1C01F5C1-3797-46F0-86EB-1CF78E8322A6}\RP74\A0028171.exe PE_Patch.UPX: infected - 1 skipped
C:\System Volume Information\_restore{1C01F5C1-3797-46F0-86EB-1CF78E8322A6}\RP74\change.log Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system\svchost.exe.vir/script.au3 Infected: IM-Worm.Win32.Sohanad.ae skipped
C:\QooBox\Quarantine\C\WINDOWS\system\svchost.exe.vir AutoIt: infected - 1 skipped
C:\QooBox\Quarantine\C\WINDOWS\system\svchost.exe.vir UPX: infected - 1 skipped
C:\QooBox\Quarantine\C\WINDOWS\system\svchost.exe.vir PE_Patch.UPX: infected - 1 skipped
D:\Back-up\BOOMBox_Setup.exe/data0018 Infected: not-a-virus:AdWare.Win32.Advision.a skipped
D:\Back-up\BOOMBox_Setup.exe Inno: infected - 1 skipped

Scan process completed.

Navigate to and delete these folders:

C:\QooBox

C:\Documents and Settings\BASITH\DoctorWeb\Quarantine

Please download “Avenger” by swandog46 to your desktop from this link http://swandog46.geekstogo.com/avenger.zip

1. Click on Avenger.zip to open the file
Extract avenger.exe to your desktop

2. Copy all the text contained in the area between the X"s below to your Clipboard by highlighting it and pressing (Ctrl+C):
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Files to delete:
C:\WINDOWS\system\svchost.exe/script.au3
C:\WINDOWS\system\svchost.exe
C:\Documents and Settings\BASITH\Local Settings\Temp\IEXPLORE.EXE/script.au3
C:\Documents and Settings\BASITH\Local Settings\Temp\IEXPLORE.EXE
C:\Documents and Settings\BASITH\Local Settings\Temporary Internet Files\Content.IE5\82ORY1BY\YMworm[1].exe

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
3. Now, start The Avenger program by clicking on its icon on your desktop.
Under "Script file to execute" choose "Input Script Manually".
Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
Paste the text copied to clipboard into this window by pressing (Ctrl+V).
Click Done
Now click on the Green Light to begin execution of the script
Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger's actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply.

Open notepad (Start Menu > Run > Type notepad and press "ok".

Copy and paste everything into notepad between the x's making regedit4 the top line.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Task Manager"=-
"Yahoo Messenger"=-

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it Fix.reg then save it to your desktop.

Double click Fix.reg (or right click and choose Merge) and it will ask if you want to merge the contents into the registry, choose Yes.

Post a new Hijack This log and a new combofix log please.

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\gqwmbvok

*******************

Script file located at: \??\C:\WINDOWS\system32\fsjrback.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Could not open file C:\WINDOWS\system\svchost.exe/script.au3 for deletion
Deletion of file C:\WINDOWS\system\svchost.exe/script.au3 failed!

Could not process line:
C:\WINDOWS\system\svchost.exe/script.au3
Status: 0xc0000033

File C:\WINDOWS\system\svchost.exe deleted successfully.

Could not open file C:\Documents and Settings\BASITH\Local Settings\Temp\IEXPLORE.EXE/script.au3 for deletion
Deletion of file C:\Documents and Settings\BASITH\Local Settings\Temp\IEXPLORE.EXE/script.au3 failed!

Could not process line:
C:\Documents and Settings\BASITH\Local Settings\Temp\IEXPLORE.EXE/script.au3
Status: 0xc0000033

File C:\Documents and Settings\BASITH\Local Settings\Temp\IEXPLORE.EXE deleted successfully.
File C:\Documents and Settings\BASITH\Local Settings\Temporary Internet Files\Content.IE5\82ORY1BY\YMworm[1].exe deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

When i tried doing the **Double click Fix.reg**, I got an error message saying REGISTRY EDITING HAS BEEN DISABLED BY YOUR ADMINISTER.
There is no ADMINISTRATOR login to this computer. It has always logged into this log automatically. never asks for which LOGIN you wanna choose.
Also i would want to tell you that, the RUN function does not show up when i click on the START menu under different TABS.
There should be something that was not done properly when i installed the OS i guess. I aint sure about it thou.
On the safe mode a couple of days back when you told me to do things, There was ADMIN & BASITH logins. JUST FYI.

Anyway, i haev gone ahead and done a HIJACKTHIS and am pasting the log here. The REGISTRY MERGING did not happen.

Below is the HIJACKTHIS log.
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 7:13:14 PM, on 4/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
D:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\notepad.exe
D:\PROGRA~1\YAHOO!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
D:\AV 07\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://quicknews.info
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie...
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Task Manager] C:\WINDOWS\system\svchost.exe
O4 - HKLM\..\Run: [Yahoo Messenger] C:\WINDOWS\system\svchost32.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "D:\PROGRA~1\YAHOO!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/englis...
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{10A22B64-156F-4A99-9825-36BB1CB73A54}: NameServer = 61.1.96.69,61.1.96.71
O17 - HKLM\System\CS1\Services\Tcpip\..\{10A22B64-156F-4A99-9825-36BB1CB73A54}: NameServer = 61.1.96.69,61.1.96.71
O17 - HKLM\System\CS2\Services\Tcpip\..\{10A22B64-156F-4A99-9825-36BB1CB73A54}: NameServer = 61.1.96.69,61.1.96.71
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/BASITH/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 9164 bytes

Run Hijack This again and remove these item:

O4 - HKLM\..\Run: [Task Manager] C:\WINDOWS\system\svchost.exe

O4 - HKLM\..\Run: [Yahoo Messenger] C:\WINDOWS\system\svchost32.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

Restart the computer.

Post a new Hijack This log.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:13:13 AM, on 4/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\Google