Expert: Brian Benosky - 5/4/2009

Question
QUESTION: i wasn't able to use the 'follow up link' to reply.
you have requested for the MBAM log and a new HJT log.

Malwarebytes' Anti-Malware 1.36
Database version: 2073
Windows 5.1.2600 Service Pack 2

04/05/2009 16:39:58
mbam-log-2009-05-04 (16-39-58).txt

Scan type: Full Scan (C:\|)
Objects scanned: 114727
Time elapsed: 20 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 16
Registry Values Infected: 3
Registry Data Items Infected: 2
Folders Infected: 35
Files Infected: 79

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\spamblockerconfig.application (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\spamblockerconfig.application.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2d51d869-c36b-42bd-ae68-0a81bc771fa5} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{2d51d869-c36b-42bd-ae68-0a81bc771fa5} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7bed0340-176b-44bc-915e-c21c1dd6f617} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{7bed0340-176b-44bc-915e-c21c1dd6f617} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ca356d79-679b-4b4c-8e49-5af97014f4c1} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ca356d79-679b-4b4c-8e49-5af97014f4c1} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ca356d79-679b-4b4c-8e49-5af97014f4c1} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d49e9d35-254c-4c6a-9d17-95018d228ff5} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d49e9d35-254c-4c6a-9d17-95018d228ff5} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e596df5f-4239-4d40-8367-ebadf0165917} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{7e66936c-fea0-4984-ad26-7b6661ac5b2e} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\starware343 (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\SpamBlockerUtility (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\starware343 (Adware.Starware) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{d49e9d35-254c-4c6a-9d17-95018d228ff5} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\searchassistant (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Tok-Cirrhatus (Worm.Brontok) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\mmm\Application Data\SpamBlocker (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\Starware343 (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\Starware343\bin (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\Starware343\icons (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware343 (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware343\contexts (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware343\buttons (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware343\SimpleUpdate (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware343\images (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\mmm\Application Data\Starware343 (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\mmm\Application Data\Starware343\Manager (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\mmm\Application Data\Starware343\BrowserSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\mmm\Application Data\Starware343\TravelSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\mmm\Application Data\Starware343\RelatedSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\mmm\Application Data\Starware343\ErrorSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\mmm\Application Data\Starware343\Configurator (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\mmm\Application Data\Starware343\Toolbar (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\mmm\Application Data\Starware343\ToolbarLogo (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\mmm\Application Data\Starware343\ToolbarSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\mmm\Application Data\Starware343\Maps (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\mmm\Application Data\Starware343\Reference (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\mmm\Application Data\Starware343\Weather (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\mmm\Application Data\Starware343\Games (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\mmm\Application Data\Starware343\Games\images (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\mmm\Application Data\Starware343\Games\images\default (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\mmm\Application Data\Starware343\Games\images\active (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\mmm\Application Data\Starware343\ScreensaversMarketingSitePager (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\mmm\Application Data\Starware343\ScreensaversMarketingSitePager\images (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\mmm\Application Data\Starware343\ScreensaversMarketingSitePager\images\default (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\mmm\Application Data\Starware343\ScreensaversMarketingSitePager\images\active (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\mmm\Application Data\Starware343\Movies (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\mmm\Application Data\Starware343\Movies\images (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\mmm\Application Data\Starware343\Movies\images\default (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\mmm\Application Data\Starware343\Movies\images\active (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\mmm\Application Data\Starware343\Layouts (Adware.Starware) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\Starware343\bin\Starware343.dll (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\Starware343\brand.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\Starware343\Starware343Config.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\Starware343\Starware343Uninstall.exe (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\Starware343\icons\star_16.ico (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware343\contexts\error.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware343\contexts\Related.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware343\contexts\Travel.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware343\buttons\starware_toolbar_icon.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware343\buttons\finditxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware343\buttons\findithotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware343\buttons\FindIt.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware343\buttons\FindItHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware343\buttons\highlightxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware343\buttons\highlighthotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware343\buttons\Highlight.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware343\buttons\HighlightHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware343\buttons\maps.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware343\buttons\maps_over.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware343\buttons\referencexp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware343\buttons\referencehotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware343\buttons\Reference.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware343\buttons\ReferenceHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware343\buttons\weatherxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware343\buttons\weatherhotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware343\buttons\Weather.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware343\SimpleUpdate\SimpleUpdateConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware343\SimpleUpdate\SimpleUpdateConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware343\SimpleUpdate\TimerManagerConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware343\SimpleUpdate\TimerManagerConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware343\SimpleUpdate\ProductMessagingConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware343\SimpleUpdate\ProductMessagingConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware343\images\walertXP.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\mmm\Application Data\Starware343\Manager\ManagerOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\mmm\Application Data\Starware343\Manager\ManagerOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\mmm\Application Data\Starware343\BrowserSearch\BrowserSearch.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\mmm\Application Data\Starware343\BrowserSearch\BrowserSearch.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\mmm\Application Data\Starware343\TravelSearch\TravelSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\mmm\Application Data\Starware343\TravelSearch\TravelSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\mmm\Application Data\Starware343\RelatedSearch\RelatedSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\mmm\Application Data\Starware343\RelatedSearch\RelatedSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\mmm\Application Data\Starware343\ErrorSearch\ErrorSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\mmm\Application Data\Starware343\ErrorSearch\ErrorSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\mmm\Application Data\Starware343\Configurator\Configurator.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\mmm\Application Data\Starware343\Configurator\Configurator.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\mmm\Application Data\Starware343\Toolbar\TBProductsOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\mmm\Application Data\Starware343\Toolbar\TBProductsOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\mmm\Application Data\Starware343\ToolbarLogo\ToolbarLogoOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\mmm\Application Data\Starware343\ToolbarLogo\ToolbarLogoOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\mmm\Application Data\Starware343\ToolbarSearch\ToolbarSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\mmm\Application Data\Starware343\ToolbarSearch\ToolbarSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\mmm\Application Data\Starware343\Maps\MapsOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\mmm\Application Data\Starware343\Maps\MapsOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\mmm\Application Data\Starware343\Reference\ReferenceOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\mmm\Application Data\Starware343\Reference\ReferenceOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\mmm\Application Data\Starware343\Weather\WeatherOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\mmm\Application Data\Starware343\Weather\WeatherOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\mmm\Application Data\Starware343\Weather\AlertArchive.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\mmm\Application Data\Starware343\Games\GamesOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\mmm\Application Data\Starware343\Games\GamesOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\mmm\Application Data\Starware343\Games\images\active\Games0.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\mmm\Application Data\Starware343\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\mmm\Application Data\Starware343\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\mmm\Application Data\Starware343\ScreensaversMarketingSitePager\images\active\ScreensaversMarketingSitePager0.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\mmm\Application Data\Starware343\Movies\MoviesOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\mmm\Application Data\Starware343\Movies\MoviesOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\mmm\Application Data\Starware343\Movies\images\active\Movies0.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\mmm\Application Data\Starware343\Layouts\ToolbarLayout.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\mmm\Application Data\Starware343\Layouts\ToolbarLayout.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\csrss.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
C:\Documents and Settings\mmm\Local Settings\Application Data\csrss.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\lsass.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
C:\Documents and Settings\mmm\Local Settings\Application Data\lsass.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\services.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
C:\Documents and Settings\mmm\Local Settings\Application Data\services.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\smss.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
C:\Documents and Settings\mmm\Local Settings\Application Data\smss.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
C:\Documents and Settings\mmm\Local Settings\Application Data\winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.








Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:19:43, on 04/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\Documents and Settings\mmm\My Documents\word\bin\ZLH.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Documents and Settings\mmm\My Documents\word\Bin\Zanda.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\mmm\My Documents\word\bin\NJEEVES.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sky.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided By Sky Broadband
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - Default URLSearchHook is missing
O1 - Hosts: <!doctype html public "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
O1 - Hosts: <html><head><title>Yahoo! - 503 Service Temporarily Unavailable</title><style>
O1 - Hosts: /* nn4 hide */
O1 - Hosts: /*/*/
O1 - Hosts: body {font:small/1.2em arial,helvetica,clean,sans-serif;font:x-small;text-align:center;}table {font-size:inherit;font:x-small;}
O1 - Hosts: html>body {font:83%/1.2em arial,helvetica,clean,sans-serif;}input {font-size:100%;vertical-align:middle;}p, form {margin:0;padding:0;}
O1 - Hosts: p {padding-bottom:6px;margin-bottom:10px;}#doc {width:48.5em;margin:0 auto;border:1px solid #fff;text-align:center;}#ygma {text-align:right;margin-bottom:53px}
O1 - Hosts: h1 {font-size:135%;text-align:center;margin:0 0 15px;}legend {display:none;}fieldset {border:0 solid #fff;padding:.8em 0 .8em 4.5em;}
O1 - Hosts: form {position:relative;background:#eee;margin-bottom:15px;border:1px solid #ccc;border-width:1px 0;}
O1 - Hosts: form span {position:absolute;left:70%;top:.8em;}form a {font:78%/1.2em arial;display:block;padding-left:.8em;white-space:nowrap;background: url(http://us.i1.yimg.com/us.yimg.com/i/s/bullet.gif) no-repeat left center;}
O1 - Hosts: form .sep {display:none;}.more {text-align:center;}#ft {padding-top:10px;border-top:1px solid #999;}#ft p {text-align:center;font:78% arial;}
O1 - Hosts: /* end nn4 hide */
O1 - Hosts: </style></head>
O1 - Hosts: <body><div id="doc">
O1 - Hosts: <div id="ygma"><a href="http://us.rd.yahoo.com/503/*http://www.yahoo.com"><img
O1 - Hosts: src=http://us.i1.yimg.com/us.yimg.com/i/yahoo.gif
O1 - Hosts: width=147 height=31 border=0 alt="Yahoo!"></a><div><a
O1 - Hosts: href="http://us.rd.yahoo.com/503/*http://www.yahoo.com">Yahoo!</a>
O1 - Hosts: - Help</div></div>
O1 - Hosts: <div id="bd"><h1>Sorry, Service Temporarily Unavailable.</h1>
O1 - Hosts: The server is temporarily unable to service your
O1 - Hosts: request due to maintenance downtime or capacity
O1 - Hosts: problems. Please try again later.
O1 - Hosts: <P>Additionally, a 503 Service Temporarily Unavailable
O1 - Hosts: error was encountered while trying to use an ErrorDocument to handle the request.
O1 - Hosts: <p>Please check the URL for proper spelling and capitalization. If
O1 - Hosts: you're having trouble locating a destination on Yahoo!, try visiting the
O1 - Hosts: <strong><a
O1 - Hosts: href="http://us.rd.yahoo.com/503/*http://www.yahoo.com">Yahoo! home
O1 - Hosts: page</a></strong> or look through a list of <strong><a
O1 - Hosts: href="http://us.rd.yahoo.com/503/*http://docs.yahoo.com/docs/family/more/">Yahoo!'s
O1 - Hosts: online services</a></strong>. Also, you may find what you're looking for
O1 - Hosts: if you try searching below.</p>
O1 - Hosts: <form name="s1" action="http://us.rd.yahoo.com/503/*-http://search.yahoo.com/search"><fieldset>
O1 - Hosts: <legend><label for="s1p">Search the Web</label></legend>
O1 - Hosts: <input type="text" size=30 name="p" id="s1p" title="enter search terms here">
O1 - Hosts: <input type="submit" value="Search">
O1 - Hosts: <span>advanced search <span class=sep>|</span> most popular</span>
O1 - Hosts: </fieldset></form>
O1 - Hosts: <p class="more">Please try <strong><a
O1 - Hosts: href="http://us.rd.yahoo.com/503/*http://help.yahoo.com">Yahoo!
O1 - Hosts: Help Central</a></strong> if you need more assistance.</p>
O1 - Hosts: </div><div id="ft"><p>Copyright © 2009 Yahoo! Inc.
O1 - Hosts: All rights reserved. <a
O1 - Hosts: href="http://us.rd.yahoo.com/503/*http://privacy.yahoo.com">Privacy
O1 - Hosts: Policy</a> - <a
O1 - Hosts: href="http://us.rd.yahoo.com/503/*http://docs.yahoo.com/info/terms/">Terms
O1 - Hosts: of Service</a></p></div>
O1 - Hosts: </div></body></html>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [Norman ZANDA] C:\Documents and Settings\mmm\My Documents\word\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Documents and Settings\mmm\My Documents\word\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Documents and Settings\mmm\My Documents\word\Bin\Zanda.exe
O24 - Desktop Component 0: (no name) - http://bollywoodpimp.com/pics/ashcannes23.jpg

--
End of file - 8506 bytes
__________________________________

After following your instructions i restarted my computer and wow... all my icons and the startup menu has reappeared. i then shut the computer down and restarted it after some time to check if it will dissapear again but hopefully my desktop is looking fine.i think that the problem has rectified. thank you for your assistant and also can you please let me know what caused it.
thank you

rushna begum!


ANSWER: Hi Rushna

Things may be looking better, but you still have malware showing up on your log.  I need for you to run a scan with ComboFix:

Please download ComboFix and save to your desktop:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

  Note: It is important that it is saved directly to your desktop.
  Close any open browsers.
  Double click on combofix.exe and follow the prompts.
  If asked to install Recovery Console, please allow it.
  When it's finished it will produce a log.
  Post me the log and a new HJT log.
  Note: Do not mouseclick combofix's window while it's running.
  That may cause the program to freeze/hang.

Brian

---------- FOLLOW-UP ----------

QUESTION: ComboFix 09-05-03.6 - mmm 04/05/2009 19:18.2 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.158.46 [GMT 1:00]
Running from: c:\documents and settings\mmm\My Documents\My Music\ComboFix.exe
.

(((((((((((((((((((((((((   Files Created from 2009-04-04 to 2009-05-04  )))))))))))))))))))))))))))))))
.

2009-05-04 15:12 . 2009-05-04 15:12   --------   d-----w   c:\documents and settings\mmm\Application Data\Malwarebytes
2009-05-04 15:12 . 2009-04-06 14:32   15504   ----a-w   c:\windows\system32\drivers\mbam.sys
2009-05-04 15:12 . 2009-04-06 14:32   38496   ----a-w   c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-04 15:12 . 2009-05-04 15:12   --------   d-----w   c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-04 15:12 . 2009-05-04 15:12   --------   d-----w   c:\program files\Malwarebytes' Anti-Malware
2009-05-03 17:51 . 2009-03-10 21:18   453512   ----a-w   c:\windows\system32\KB905474\wgasetup.exe
2009-05-03 17:51 . 2009-05-03 17:51   --------   d-----w   c:\windows\system32\KB905474
2009-05-03 17:51 . 2009-03-10 21:26   1403264   ----a-w   c:\windows\system32\KB905474\wganotifypackageinner.exe
2009-05-03 16:16 . 2009-05-03 16:16   --------   d-----w   c:\program files\Trend Micro
2009-04-15 19:58 . 2009-04-15 19:58   47864   ----a-w   c:\documents and settings\mmm\Local Settings\Application Data\Update.16.Bron.Tok.bin
2009-04-15 19:41 . 2009-04-15 19:41   47864   ----a-w   c:\documents and settings\mmm\Local Settings\Application Data\Bron.tok.A16.em.bin
2009-04-15 16:20 . 2009-04-15 16:20   --------   d-sh--w   C:\FOUND.017
2009-04-15 16:16 . 2009-04-15 16:16   47864   ----a-w   c:\documents and settings\NetworkService\Local Settings\Application Data\Bron.tok.A16.em.bin
2009-04-15 16:08 . 2009-04-15 16:08   --------   d-----w   c:\documents and settings\NetworkService\Local Settings\Application Data\Bron.tok-16-15
2009-04-15 14:02 . 2009-04-15 14:02   --------   d-----w   c:\documents and settings\mmm\Local Settings\Application Data\Bron.tok-16-15
2009-04-14 13:09 . 2009-04-14 13:09   --------   d-----w   c:\documents and settings\mmm\Local Settings\Application Data\Bron.tok-16-14
2009-04-13 16:08 . 2009-04-13 16:08   --------   d-----w   c:\documents and settings\NetworkService\Local Settings\Application Data\Bron.tok-16-13
2009-04-13 14:37 . 2009-04-13 14:37   --------   d-----w   c:\documents and settings\mmm\Local Settings\Application Data\Bron.tok-16-13
2009-04-11 23:00 . 2009-04-11 23:00   --------   d-----w   c:\documents and settings\mmm\Local Settings\Application Data\Bron.tok-16-12
2009-04-11 16:08 . 2009-04-11 16:08   --------   d-----w   c:\documents and settings\NetworkService\Local Settings\Application Data\Bron.tok-16-11
2009-04-11 13:41 . 2009-04-11 13:41   --------   d-----w   c:\documents and settings\mmm\Local Settings\Application Data\Bron.tok-16-11
2009-04-10 16:16 . 2009-04-10 16:16   --------   d-----w   c:\documents and settings\NetworkService\Local Settings\Application Data\Ok-SendMail-Bron-tok
2009-04-10 16:14 . 2009-04-10 16:14   --------   d-----w   c:\documents and settings\NetworkService\Local Settings\Application Data\Loc.Mail.Bron.Tok
2009-04-10 16:11 . 2009-04-10 16:11   --------   d-----w   c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2009-04-10 16:11 . 2009-04-10 16:11   --------   d-----w   c:\documents and settings\NetworkService\Application Data\Apple Computer
2009-04-10 16:08 . 2009-04-10 16:08   --------   d-----w   c:\documents and settings\NetworkService\Local Settings\Application Data\Bron.tok-16-10
2009-04-10 14:14 . 2009-04-10 14:14   --------   d-----w   c:\documents and settings\mmm\Local Settings\Application Data\Bron.tok-16-10
2009-04-09 19:32 . 2009-04-09 19:32   --------   d-----w   c:\documents and settings\mmm\Local Settings\Application Data\Bron.tok-16-9
2009-04-08 18:02 . 2009-04-08 18:02   --------   d-----w   c:\documents and settings\mmm\Application Data\À??Microsoft
2009-04-08 11:09 . 2009-04-08 11:09   --------   d-----w   c:\documents and settings\mmm\Local Settings\Application Data\Bron.tok-16-8
2009-04-06 02:57 . 2009-04-06 02:57   --------   d-----w   c:\documents and settings\mmm\Local Settings\Application Data\Bron.tok-16-6
2009-04-05 02:17 . 2009-04-05 02:17   --------   d-----w   c:\documents and settings\mmm\Local Settings\Application Data\Ok-SendMail-Bron-tok
2009-04-05 02:15 . 2009-04-05 02:15   --------   d-----w   c:\documents and settings\mmm\Local Settings\Application Data\Loc.Mail.Bron.Tok
2009-04-05 02:09 . 2009-04-05 02:09   --------   d-----w   c:\documents and settings\mmm\Local Settings\Application Data\Bron.tok-16-5

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-21 12:03 . 2009-03-21 12:03   --------   d-----w   c:\program files\WinSCP
2009-03-12 20:05 . 2009-03-12 20:05   --------   d-----w   c:\program files\iPod
2009-03-12 20:01 . 2009-03-12 20:01   --------   d-----w   c:\program files\Bonjour
2009-03-06 14:44 . 2004-08-03 23:56   283648   ----a-w   c:\windows\system32\pdh.dll
2009-03-05 22:59 . 2009-03-12 20:00   1900544   ----a-w   c:\windows\system32\usbaaplrc.dll
2009-03-05 22:59 . 2009-01-27 20:09   36864   ----a-w   c:\windows\system32\drivers\usbaapl.sys
2009-02-20 14:27 . 2009-02-20 14:27   274432   ------w   c:\windows\Setup1.exe
2009-02-20 14:27 . 2009-02-20 14:27   73216   ----a-w   c:\windows\ST6UNST.EXE
2009-02-20 08:30 . 2004-08-03 23:56   659456   ----a-w   c:\windows\system32\wininet.dll
2009-02-20 08:30 . 2004-08-03 23:56   81920   ----a-w   c:\windows\system32\ieencode.dll
2009-02-09 10:20 . 2004-08-03 23:56   399360   ----a-w   c:\windows\system32\rpcss.dll
2009-02-09 10:20 . 2004-08-03 23:56   723456   ----a-w   c:\windows\system32\lsasrv.dll
2009-02-09 10:20 . 2004-08-03 23:56   616960   ----a-w   c:\windows\system32\advapi32.dll
2009-02-09 10:20 . 2004-08-03 23:56   714752   ----a-w   c:\windows\system32\ntdll.dll
2009-02-09 09:19 . 2004-08-03 22:17   1846272   ----a-w   c:\windows\system32\win32k.sys
2009-02-06 17:24 . 2004-08-03 22:20   2180480   ----a-w   c:\windows\system32\ntoskrnl.exe
2009-02-06 17:14 . 2004-08-03 23:56   110592   ----a-w   c:\windows\system32\services.exe
2009-02-06 16:54 . 2001-08-23 11:00   35328   ----a-w   c:\windows\system32\sc.exe
2009-02-06 16:49 . 2004-08-03 21:59   2057728   ----a-w   c:\windows\system32\ntkrnlpa.exe
2009-02-03 20:08 . 2004-08-03 23:56   55808   ----a-w   c:\windows\system32\secur32.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USB Storage Toolbox"="c:\program files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 65536]
"Norman ZANDA"="c:\documents and settings\mmm\My Documents\word\bin\ZLH.EXE" [2005-05-25 135168]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-11 342312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
Contents of the 'Scheduled Tasks' folder

2009-05-04 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-05-03 21:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: {{08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-04 19:21
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...  

scanning hidden autostart entries ...

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-05-04 19:24
ComboFix-quarantined-files.txt  2009-05-04 18:24
ComboFix2.txt  2009-05-04 18:09

Pre-Run: 1,464,147,968 bytes free
Post-Run: 1,458,626,560 bytes free

119   --- E O F ---   2009-05-03 17:51

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:35:15, on 04/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\Documents and Settings\mmm\My Documents\word\bin\ZLH.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Documents and Settings\mmm\My Documents\word\Bin\Zanda.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\mmm\My Documents\word\bin\NJEEVES.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\mmm\My Documents\word\bin\niu.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: <!doctype html public "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
O1 - Hosts: <html><head><title>Yahoo! - 503 Service Temporarily Unavailable</title><style>
O1 - Hosts: /* nn4 hide */
O1 - Hosts: /*/*/
O1 - Hosts: body {font:small/1.2em arial,helvetica,clean,sans-serif;font:x-small;text-align:center;}table {font-size:inherit;font:x-small;}
O1 - Hosts: html>body {font:83%/1.2em arial,helvetica,clean,sans-serif;}input {font-size:100%;vertical-align:middle;}p, form {margin:0;padding:0;}
O1 - Hosts: p {padding-bottom:6px;margin-bottom:10px;}#doc {width:48.5em;margin:0 auto;border:1px solid #fff;text-align:center;}#ygma {text-align:right;margin-bottom:53px}
O1 - Hosts: h1 {font-size:135%;text-align:center;margin:0 0 15px;}legend {display:none;}fieldset {border:0 solid #fff;padding:.8em 0 .8em 4.5em;}
O1 - Hosts: form {position:relative;background:#eee;margin-bottom:15px;border:1px solid #ccc;border-width:1px 0;}
O1 - Hosts: form span {position:absolute;left:70%;top:.8em;}form a {font:78%/1.2em arial;display:block;padding-left:.8em;white-space:nowrap;background: url(http://us.i1.yimg.com/us.yimg.com/i/s/bullet.gif) no-repeat left center;}
O1 - Hosts: form .sep {display:none;}.more {text-align:center;}#ft {padding-top:10px;border-top:1px solid #999;}#ft p {text-align:center;font:78% arial;}
O1 - Hosts: /* end nn4 hide */
O1 - Hosts: </style></head>
O1 - Hosts: <body><div id="doc">
O1 - Hosts: <div id="ygma"><a href="http://us.rd.yahoo.com/503/*http://www.yahoo.com"><img
O1 - Hosts: src=http://us.i1.yimg.com/us.yimg.com/i/yahoo.gif
O1 - Hosts: width=147 height=31 border=0 alt="Yahoo!"></a><div><a
O1 - Hosts: href="http://us.rd.yahoo.com/503/*http://www.yahoo.com">Yahoo!</a>
O1 - Hosts: - Help</div></div>
O1 - Hosts: <div id="bd"><h1>Sorry, Service Temporarily Unavailable.</h1>
O1 - Hosts: The server is temporarily unable to service your
O1 - Hosts: request due to maintenance downtime or capacity
O1 - Hosts: problems. Please try again later.
O1 - Hosts: <P>Additionally, a 503 Service Temporarily Unavailable
O1 - Hosts: error was encountered while trying to use an ErrorDocument to handle the request.
O1 - Hosts: <p>Please check the URL for proper spelling and capitalization. If
O1 - Hosts: you're having trouble locating a destination on Yahoo!, try visiting the
O1 - Hosts: <strong><a
O1 - Hosts: href="http://us.rd.yahoo.com/503/*http://www.yahoo.com">Yahoo! home
O1 - Hosts: page</a></strong> or look through a list of <strong><a
O1 - Hosts: href="http://us.rd.yahoo.com/503/*http://docs.yahoo.com/docs/family/more/">Yahoo!'s
O1 - Hosts: online services</a></strong>. Also, you may find what you're looking for
O1 - Hosts: if you try searching below.</p>
O1 - Hosts: <form name="s1" action="http://us.rd.yahoo.com/503/*-http://search.yahoo.com/search"><fieldset>
O1 - Hosts: <legend><label for="s1p">Search the Web</label></legend>
O1 - Hosts: <input type="text" size=30 name="p" id="s1p" title="enter search terms here">
O1 - Hosts: <input type="submit" value="Search">
O1 - Hosts: <span>advanced search <span class=sep>|</span> most popular</span>
O1 - Hosts: </fieldset></form>
O1 - Hosts: <p class="more">Please try <strong><a
O1 - Hosts: href="http://us.rd.yahoo.com/503/*http://help.yahoo.com">Yahoo!
O1 - Hosts: Help Central</a></strong> if you need more assistance.</p>
O1 - Hosts: </div><div id="ft"><p>Copyright © 2009 Yahoo! Inc.
O1 - Hosts: All rights reserved. <a
O1 - Hosts: href="http://us.rd.yahoo.com/503/*http://privacy.yahoo.com">Privacy
O1 - Hosts: Policy</a> - <a
O1 - Hosts: href="http://us.rd.yahoo.com/503/*http://docs.yahoo.com/info/terms/">Terms
O1 - Hosts: of Service</a></p></div>
O1 - Hosts: </div></body></html>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [Norman ZANDA] C:\Documents and Settings\mmm\My Documents\word\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Documents and Settings\mmm\My Documents\word\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Documents and Settings\mmm\My Documents\word\Bin\Zanda.exe
O24 - Desktop Component 0: (no name) - http://bollywoodpimp.com/pics/ashcannes23.jpg

--
End of file - 8368 bytes  

Answer
Hi Rushna

Things look better, but we just need to cleanup your Windows host files.  Start HijackThis and click to do a Scan Only.  Place a check mark in the box next to the following entries, close all open browser windows, then click the Fix Checked button:

O1 - Hosts:
O1 - Hosts: Yahoo! - 503 Service Temporarily Unavailable
O1 - Hosts: /* nn4 hide */
O1 - Hosts: /*/*/
O1 - Hosts: body {font:small/1.2em arial,helvetica,clean,sans-serif;font:x-small;text-align:center;}table {font-size:inherit;font:x-small;}
O1 - Hosts: html>body {font:83%/1.2em arial,helvetica,clean,sans-serif;}input {font-size:100%;vertical-align:middle;}p, form {margin:0;padding:0;}
O1 - Hosts: p {padding-bottom:6px;margin-bottom:10px;}#doc {width:48.5em;margin:0 auto;border:1px solid #fff;text-align:center;}#ygma {text-align:right;margin-bottom:53px}
O1 - Hosts: h1 {font-size:135%;text-align:center;margin:0 0 15px;}legend {display:none;}fieldset {border:0 solid #fff;padding:.8em 0 .8em 4.5em;}
O1 - Hosts: form {position:relative;background:#eee;margin-bottom:15px;border:1px solid #ccc;border-width:1px 0;}
O1 - Hosts: form span {position:absolute;left:70%;top:.8em;}form a {font:78%/1.2em arial;display:block;padding-left:.8em;white-space:nowrap;background: url(http://us.i1.yimg.com/us.yimg.com/i/s/bullet.gif) no-repeat left center;}
O1 - Hosts: form .sep {display:none;}.more {text-align:center;}#ft {padding-top:10px;border-top:1px solid #999;}#ft p {text-align:center;font:78% arial;}
O1 - Hosts: /* end nn4 hide */
O1 - Hosts:
O1 - Hosts:
O1 - Hosts:
O1 - Hosts: src=http://us.i1.yimg.com/us.yimg.com/i/yahoo.gif
O1 - Hosts: width=147 height=31 border=0 alt="Yahoo!">
O1 - Hosts: href="http://us.rd.yahoo.com/503/*http://www.yahoo.com">Yahoo!
O1 - Hosts: - Help
O1 - Hosts: Sorry, Service Temporarily Unavailable.
O1 - Hosts: The server is temporarily unable to service your
O1 - Hosts: request due to maintenance downtime or capacity
O1 - Hosts: problems. Please try again later.
O1 - Hosts: Additionally, a 503 Service Temporarily Unavailable
O1 - Hosts: error was encountered while trying to use an ErrorDocument to handle the request.
O1 - Hosts: Please check the URL for proper spelling and capitalization. If
O1 - Hosts: you're having trouble locating a destination on Yahoo!, try visiting the
O1 - Hosts:
O1 - Hosts: href="http://us.rd.yahoo.com/503/*http://www.yahoo.com">Yahoo! home
O1 - Hosts: page or look through a list of
O1 - Hosts: href="http://us.rd.yahoo.com/503/*http://docs.yahoo.com/docs/family/more/">Yahoo !'s
O1 - Hosts: online services. Also, you may find what you're looking for
O1 - Hosts: if you try searching below.
O1 - Hosts:
O1 - Hosts: Search the Web
O1 - Hosts:
O1 - Hosts:
O1 - Hosts: advanced search | most popular
O1 - Hosts:
O1 - Hosts: Please try
O1 - Hosts: href="http://us.rd.yahoo.com/503/*http://help.yahoo.com">Yahoo!
O1 - Hosts: Help Central if you need more assistance.
O1 - Hosts: Copyright © 2009 Yahoo! Inc.
O1 - Hosts: All rights reserved.
O1 - Hosts: href="http://us.rd.yahoo.com/503/*http://privacy.yahoo.com">Privacy
O1 - Hosts: Policy -
O1 - Hosts: href="http://us.rd.yahoo.com/503/*http://docs.yahoo.com/info/terms/">Terms
O1 - Hosts: of Service
O1 - Hosts:
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com (file missing)

Basically, check all the 01 entries, plus the first 09 entry, then fix.  After fixing, reboot and post me one more HJT log to double-check that everything's fine now.

Brian