Pls help[ me. My pc has become very slow. All this started six days ago. Also as soon as i log on to the net a pop up of winantiviruspro2006 shows up along with other adults pop ups. I have tried mcafee but in vain.

Here is my HJT log

Logfile of HijackThis v1.99.1
Scan saved at 6:52:09 PM, on 7/1/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS.000\SYSTEM\KERNEL32.DLL
C:\WINDOWS.000\SYSTEM\MSGSRV32.EXE
C:\WINDOWS.000\SYSTEM\MPREXE.EXE
C:\WINDOWS.000\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\TV VIEWER\TVWAKEUP.EXE
C:\PROGRAM FILES\TV VIEWER\ANNCLIST.EXE
C:\WINDOWS.000\SYSTEM\MDM.EXE
C:\WINDOWS.000\SYSTEM\MSTASK.EXE
C:\WINDOWS.000\SYSTEM\DDHELP.EXE
C:\WINDOWS.000\EXPLORER.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\WINDOWS.000\TASKMON.EXE
C:\PROGRAM FILES\SLYSOFT\CLONECD\CLONECDTRAY.EXE
C:\WINDOWS.000\SYSTEM\E_S10IC2.EXE
C:\WINDOWS.000\SYSTEM\IRMON.EXE
C:\WINDOWS.000\SYSTEM\SPOOL32.EXE
C:\WINDOWS.000\SYSTEM\WDQBRCMEZ.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCTSKSHD.EXE
C:\WINDOWS.000\RUNDLL32.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
C:\PROGRAM FILES\SPYWARE DOCTOR\SWDOCTOR.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS.000\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\TATA INDICOM WIRELESS INTERNET SERVICE\TATAINDICOMDIALER.EXE
C:\WINDOWS.000\SYSTEM\RNAAPP.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCSHLD9X.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\OASCLNT.EXE
C:\WINDOWS.000\SYSTEM\PSTORES.EXE
C:\MY DOCUMENTS\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://uk.yahoo.com/
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\PROGRAM FILES\DAP\DAPBHO.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDSG.DLL
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\PROGRAM FILES\DAP\DAPIEBAR.DLL
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS.000\taskmon.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [EPSON Stylus C43 Series] C:\WINDOWS.000\SYSTEM\E_S10IC2.EXE /P23 "EPSON Stylus C43 Series" /O5 "LPT1:" /M "Stylus C43"
O4 - HKLM\..\Run: [bpcpost.exe] C:\WINDOWS.000\SYSTEM\bpcpost.exe
O4 - HKLM\..\Run: [IrMon] IrMon.exe
O4 - HKLM\..\Run: [TataIndicomStartUp] C:\Program Files\Tata Indicom Wireless Internet Service\TataIndicomStartUp.exe
O4 - HKLM\..\Run: [wdqbrcmez] c:\windows.000\system\wdqbrcmez.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
O4 - HKLM\..\Run: [MCTskShd] C:\PROGRA~1\MCAFEE.COM\AGENT\mctskshd.exe
O4 - HKLM\..\RunServices: [TVWakeup] C:\Progra~1\TVView~1\tvwakeup.exe
O4 - HKLM\..\RunServices: [VidSvr]
O4 - HKLM\..\RunServices: [Announcements] C:\Program Files\TV Viewer\annclist.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS.000\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [McShld9x] C:\Program Files\McAfee.com\VSO\mcshld9x.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS.000\SYSTEM\mstask.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGACCESS4_1063.dll,InstantAccess
O4 - HKCU\..\Run: [Spyware Doctor] "C:\PROGRAM FILES\SPYWARE DOCTOR\SWDOCTOR.EXE" /Q
O4 - HKCU\..\RunServices: [Instant Access] rundll32.exe EGACCESS4_1063.dll,InstantAccess
O4 - HKCU\..\RunServices: [Spyware Doctor] "C:\PROGRAM FILES\SPYWARE DOCTOR\SWDOCTOR.EXE" /Q
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS.000\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS.000\web\related.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE (file missing)
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O12 - Plugin for .exe: C:\PROGRA~1\INTERN~1\PLUGINS\NPBANDZ.DLL
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\NPPDF32.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.mcafee.com
O16 - DPF: {9EB4F647-FE4A-42F9-9F5C-B8FB28DD02F9} - http://scripts.dlv4.com/binaries/IA/sysia32svc_EN.cab
O16 - DPF: {82FC4503-8459-4239-9B85-0617BEAA950A} - http://es6-scripts.dlv4.com/binaries...cess4_1061.cab
O16 - DPF: {0878F049-D33E-45E0-A157-C36A6683CF25} - http://scripts.dlv4.com/binaries/ega...cess4_1063.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1...datePortal.cab


Pls help me.

Is 'Tata Indicom Wireless Internet Service' your ISP?



(Please note that the loading and execution of SpySweeper will often appear to be somewhat sluggish in Win9X - taking up to two hours to run). Be patient with it and it should work fine.)

Please download WebRoot SpySweeper from HERE (It's a 14 day trial):
http://www.webroot.com/consumer/prod...de=af1&rc=3597
OR
http://www.webroot.com/shoppingcart/...php?bjpc=64011

• Click the Free Trial link to download the program.
  
• Double-click the file to install it as follows:
  • Click "Next", read the agreement, Click "Next"
  • Choose "Custom" click "Next".
  • Leave the default installation directory as it is, then click "Next".
  • UNcheck "Run SpySweeper at Windows Startup" and "Add Sweep for Spyware to Windows Explorer Context Menu". Click "Next".
  • On the following screen you can leave the e-mail address field blank, if you wish. Click "Next".
  • Finally, click "Install"
• Once the program is installed, it will open.
• It will prompt you to update to the latest definitions, click Yes.
  
  Once the definitions are installed, click Options on the left side.
  Click the Sweep Options tab.
  Under What to Sweep please put a check next to the following:
  • Sweep Memory
  • Sweep Registry
  • Sweep Cookies
  • Sweep All User Accounts
  • Enable Direct Disk Sweeping
  • Sweep Contents of Compressed Files
  • Sweep for Rootkits
  • Please UNCHECK Do not Sweep System Restore Folder.
  
  Disable SpySweeper Shields
  • Click Shields on the left.
  • Click Internet Explorer and uncheck all items.
  • Click Windows System and uncheck all items.
  • Click Startup Programs and uncheck all items.
• Once the definitions are installed and shields disabled, click Sweep Now on the left side.
• Click the Start button.
• When it's done scanning, click the Next button.
• Make sure everything has a check next to it, then click the Next button.
• It will remove all of the items found.
• Click Session Log in the upper right corner, copy everything in that window.
• Click the Summary tab and click Finish.
• Paste the contents of the session log you copied into your next reply.

REBOOT and Post the SpySweeper session log here along with a fresh HiJackThis log.

Thanks for your help. I think winantiviruspro has been removed. but my pc is as slow as earlier specially when loading of windows & other programs in windows.
here is my session log

8:11 PM: | Start of Session, Sunday, July 02, 2006 |
8:11 PM: Spy Sweeper started
8:11 PM: Sweep initiated using definitions version 711
8:11 PM: Starting Memory Sweep
8:37 PM: Memory Sweep Complete, Elapsed Time: 00:25:49
8:37 PM: Starting Registry Sweep
8:39 PM: Found Adware: winantivirus pro
8:39 PM: HKLM\software\winantivirus pro 2006\ (ID = 1216196)
8:39 PM: Found Adware: instant access
8:39 PM: HKU\.DEFAULT\software\microsoft\windows\currentver sion\run\ || instant access (ID = 128817)
8:39 PM: Found Adware: one2one viewer
8:39 PM: HKU\.DEFAULT\software\livesvc\ (ID = 136368)
8:39 PM: Registry Sweep Complete, Elapsed Time:00:01:40
8:39 PM: Starting Cookie Sweep
8:39 PM: Found Spy Cookie: 2o7.net cookie
8:39 PM: tamal guha@msnportal.112.2o7[1].txt (ID = 1958)
8:39 PM: Found Spy Cookie: about cookie
8:39 PM: tamal guha@about[1].txt (ID = 2037)
8:39 PM: Found Spy Cookie: atwola cookie
8:39 PM: tamal guha@atwola[1].txt (ID = 2255)
8:39 PM: Found Spy Cookie: azjmp cookie
8:39 PM: tamal guha@azjmp[2].txt (ID = 2270)
8:39 PM: Found Spy Cookie: ccbill cookie
8:39 PM: tamal guha@ccbill[1].txt (ID = 2369)
8:39 PM: Found Spy Cookie: gostats cookie
8:39 PM: tamal guha@gostats[1].txt (ID = 2747)
8:39 PM: Found Spy Cookie: rn11 cookie
8:39 PM: tamal guha@rn11[2].txt (ID = 3261)
8:39 PM: Found Spy Cookie: clickzs cookie
8:39 PM: tamal guha@cz4.clickzs[2].txt (ID = 2413)
8:39 PM: Found Spy Cookie: servlet cookie
8:39 PM: tamal guha@servlet[1].txt (ID = 3345)
8:39 PM: Found Spy Cookie: casalemedia cookie
8:39 PM: tamal guha@b.casalemedia[2].txt (ID = 2355)
8:39 PM: Found Spy Cookie: seeq cookie
8:39 PM: tamal guha@www48.seeq[1].txt (ID = 3332)
8:39 PM: Found Spy Cookie: screensavers.com cookie
8:39 PM: tamal guha@i.screensavers[1].txt (ID = 3298)
8:39 PM: Found Spy Cookie: myaffiliateprogram.com cookie
8:39 PM: tamal guha@www.myaffiliateprogram[2].txt (ID = 3032)
8:39 PM: Found Spy Cookie: overture cookie
8:39 PM: tamal guha@data4.perf.overture[1].txt (ID = 3106)
8:39 PM: Found Spy Cookie: adultfriendfinder cookie
8:39 PM: tamal guha@adultfriendfinder[2].txt (ID = 2165)
8:39 PM: Found Spy Cookie: kinghost cookie
8:39 PM: tamal guha@kinghost[1].txt (ID = 2903)
8:39 PM: tamal guha@www.screensavers[1].txt (ID = 3298)
8:39 PM: Found Spy Cookie: yieldmanager cookie
8:39 PM: tamal guha@ad.yieldmanager[2].txt (ID = 3751)
8:39 PM: Found Spy Cookie: herfirstlesbiansex cookie
8:39 PM: tamal guha@herfirstlesbiansex[2].txt (ID = 2771)
8:39 PM: Found Spy Cookie: burstnet cookie
8:39 PM: tamal guha@burstnet[1].txt (ID = 2336)
8:39 PM: tamal guha@microsofteup.112.2o7[1].txt (ID = 1958)
8:39 PM: Found Spy Cookie: tacoda cookie
8:39 PM: tamal guha@tacoda[1].txt (ID = 6444)
8:39 PM: tamal guha@teenadvice.about[1].txt (ID = 2038)
8:39 PM: Found Spy Cookie: hbmediapro cookie
8:39 PM: tamal guha@adopt.hbmediapro[2].txt (ID = 2768)
8:39 PM: Found Spy Cookie: webtrends cookie
8:39 PM: tamal guha@m.webtrends[2].txt (ID = 3669)
8:39 PM: Found Spy Cookie: reliablestats cookie
8:39 PM: tamal guha@stats1.reliablestats[1].txt (ID = 3254)
8:39 PM: tamal guha@sento.122.2o7[1].txt (ID = 1958)
8:39 PM: Cookie Sweep Complete, Elapsed Time: 00:00:07
8:39 PM: Starting File Sweep
11:47 PM: Sweep Canceled
11:47 PM: File Sweep Complete, Elapsed Time: 03:08:20
11:47 PM: Traces Found: 30
11:49 PM: Removal process initiated
11:49 PM: Quarantining All Traces: winantivirus pro
11:49 PM: Quarantining All Traces: instant access
11:49 PM: Quarantining All Traces: one2one viewer
11:49 PM: Quarantining All Traces: 2o7.net cookie
11:49 PM: Quarantining All Traces: about cookie
11:49 PM: Quarantining All Traces: adultfriendfinder cookie
11:49 PM: Quarantining All Traces: atwola cookie
11:49 PM: Quarantining All Traces: azjmp cookie
11:49 PM: Quarantining All Traces: burstnet cookie
11:49 PM: Quarantining All Traces: casalemedia cookie
11:49 PM: Quarantining All Traces: ccbill cookie
11:49 PM: Quarantining All Traces: clickzs cookie
11:49 PM: Quarantining All Traces: gostats cookie
11:49 PM: Quarantining All Traces: hbmediapro cookie
11:49 PM: Quarantining All Traces: herfirstlesbiansex cookie
11:49 PM: Quarantining All Traces: kinghost cookie
11:49 PM: Quarantining All Traces: myaffiliateprogram.com cookie
11:49 PM: Quarantining All Traces: overture cookie
11:49 PM: Quarantining All Traces: reliablestats cookie
11:49 PM: Quarantining All Traces: rn11 cookie
11:49 PM: Quarantining All Traces: screensavers.com cookie
11:49 PM: Quarantining All Traces: seeq cookie
11:49 PM: Quarantining All Traces: servlet cookie
11:49 PM: Quarantining All Traces: tacoda cookie
11:49 PM: Quarantining All Traces: webtrends cookie
11:49 PM: Quarantining All Traces: yieldmanager cookie
11:49 PM: Removal process completed. Elapsed time 00:00:22
********

Here's my HJT log

Logfile of HijackThis v1.99.1
Scan saved at 9:25:25 AM, on 7/3/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS.000\SYSTEM\KERNEL32.DLL
C:\WINDOWS.000\SYSTEM\MSGSRV32.EXE
C:\WINDOWS.000\SYSTEM\MPREXE.EXE
C:\WINDOWS.000\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\TV VIEWER\TVWAKEUP.EXE
C:\PROGRAM FILES\TV VIEWER\ANNCLIST.EXE
C:\WINDOWS.000\SYSTEM\MDM.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCSHLD9X.EXE
C:\WINDOWS.000\SYSTEM\MSTASK.EXE
C:\WINDOWS.000\SYSTEM\DDHELP.EXE
C:\WINDOWS.000\EXPLORER.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\OASCLNT.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\WINDOWS.000\TASKMON.EXE
C:\PROGRAM FILES\SLYSOFT\CLONECD\CLONECDTRAY.EXE
C:\WINDOWS.000\SYSTEM\E_S10IC2.EXE
C:\WINDOWS.000\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCTSKSHD.EXE
C:\PROGRAM FILES\SPYWARE DOCTOR\SWDOCTOR.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\WRSSSDK.EXE
C:\PROGRAM FILES\TATA INDICOM WIRELESS INTERNET SERVICE\TATAINDICOMDIALER.EXE
C:\WINDOWS.000\SYSTEM\RNAAPP.EXE
C:\WINDOWS.000\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\MY DOCUMENTS\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://uk.yahoo.com/
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\PROGRAM FILES\DAP\DAPBHO.DLL
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDSG.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\PROGRAM FILES\DAP\DAPIEBAR.DLL
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS.000\taskmon.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [EPSON Stylus C43 Series] C:\WINDOWS.000\SYSTEM\E_S10IC2.EXE /P23 "EPSON Stylus C43 Series" /O5 "LPT1:" /M "Stylus C43"
O4 - HKLM\..\Run: [bpcpost.exe] C:\WINDOWS.000\SYSTEM\bpcpost.exe
O4 - HKLM\..\Run: [TataIndicomStartUp] C:\Program Files\Tata Indicom Wireless Internet Service\TataIndicomStartUp.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
O4 - HKLM\..\Run: [MCTskShd] C:\PROGRA~1\MCAFEE.COM\AGENT\mctskshd.exe
O4 - HKLM\..\RunServices: [TVWakeup] C:\Progra~1\TVView~1\tvwakeup.exe
O4 - HKLM\..\RunServices: [Announcements] C:\Program Files\TV Viewer\annclist.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS.000\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [McShld9x] C:\Program Files\McAfee.com\VSO\mcshld9x.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS.000\SYSTEM\mstask.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\PROGRAM FILES\SPYWARE DOCTOR\SWDOCTOR.EXE" /Q
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O12 - Plugin for .exe: C:\PROGRA~1\INTERN~1\PLUGINS\NPBANDZ.DLL
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\NPPDF32.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.mcafee.com
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1...datePortal.cab

my pc is as slow as earlier

Keep in mind that Spysweeper (SS) and SpyWare Doctor (SD) are very resource intensive applications on WIN98 especially when the 'Active Protection' components are running. Also they do similar things, so you don't want to running both at the same time. I only run SS on my WIN98 PC only on demand, as a result. And it runs much better without SS running (likely the same for SD).


Let us see what is loaded on your PC:

• Run HJT and Click ‘Open the Misc Tools section’ button.
• Then click the ‘Open Uninstall Manager…’ button.
• Click the ‘Save list…’ button. Save uninstall_list to your desktop.
  
  
• Open the Uninstall list file and post in your next reply please.

Run the following tool preferably in SAFE MODE:

Clean out TEMPORARY FILES:
To clean your temp folder, recycle bin, etc..please download this free tool:

CCleaner http://www.ccleaner.com/downloadbuilds.asp

Install Options:

• [Don't install any Toolbars, or other programs, should it ask you!
• Just uncheck the option of installing the Yahoo toolbar.

It will put a shortcut on your Desktop.

Select the ‘Cleaner’ BUTTON option (top LEFT), if not already selected. Use the ’Windows’ TAB up front by default.

• Uncheck ‘Cookies’ option (advisable)
• Optionally, Uncheck ‘Recently Typed URLs’ option (potentially still useful)
• Click the ‘Analyse’ button.
• Thereafter, click ‘Run Cleaner’ after you have reviewed what it proposes to clean.

It is preferable to REBOOT as certain files may still reflect ‘Marked for deletion’ (you can check with the ‘Analyse’ BUTTON.

Here,s the uninstall list you wanted to see

Ad-Aware SE Personal
Call of Duty
CloneCD
C-Media 3D Audio
Delete Windows 98 Second Edition uninstall information
Delta Force - Black Hawk Down
Download Accelerator Plus
EPSON PhotoQuicker3.4
EPSON PRINT Image Framer Tool2.1
EPSON Printer Software
ES C43 Problem Solver
Google Toolbar for Internet Explorer
HijackThis 1.99.1
Intel(R) 82845G Graphics Driver Software
Macromedia Flash Player 8
McAfee SecurityCenter
McAfee VirusScan
Microsoft Internet Explorer 6 SP1 and Internet Tools
Microsoft Office 2000 SR-1 Premium
Microsoft Outlook Express 6
Microsoft Web Publishing Wizard 1.6
Mozilla Firefox (1.5)
PIF DESIGNER2.1
PRO SOCCER CUP 2002
ScanToWeb
SiS 900 PCI Fast Ethernet Adapter Driver
SpeedOptimizer
Spy Sweeper
Spyware Doctor 3.8
TataIndicom
Uninstall Windows 98 Second Edition
Windows Media Player system update (9 Series)
WinRAR archiver
Yahoo! Companion Toolbar

uninstall list

Nothing major really stands out. You might want to consider what has been loaded since your slowdown issues. THe following may be overhead contributors to unaccepible horsepower drains for a WIN98-based PC:

Download Accelerator Plus
SpeedOptimizer

-------------------------------
Google Toolbar


I have none of these running on my WIN98 PC. Also, I only run SS and SD on a weekly basis and definitely not in real time plus 'active protection' mode.

I have been using Download acelerator plus for a very long time & it has not caused any problem in the past. I have uninstalled speed optimizer. I could not understand about active protection of spysweeper & spyware doctor. I have run ad aware but in vain. do you want to view the item log.
there is a queer thing about my pc. I tried to defragment drive c but for ten hours it showed 0% complete, & the queerest part is that while th defragmenter was running the pc was working grteat but when i stopped the defragmenter it again became slow as it was.

I hope you will find this queer to.

greetings

Ron

Running each of the applications below is bad enough (advisable to not load them at startup if your PC is sluggish). The worse part is that 'Active Protection' constantly checks everything that your PC is doing including inspecting incoming files and any attempted system changes. This can become an extreme bottleneck on older PCs. That is why is may be inadvisable to run them on a 'full-time' basis (most especially the active protection shields):

Disable Spyware Doctor

1. Click the Spyware Doctor icon in the System Tray.
2. Click Settings.
3. Click Startup Settings under Pick a Category.
4. Uncheck Run at Windows startup.
5. Click Apply and Exit Spyware Doctor.

Disable SpySweeper

1. Open it, Click Options over on the left, then Program options
2. Uncheck load at windows startup.
3. Over to the left, Click shields and Uncheck all there.
4. Uncheck home page shield.
5. Uncheck automatically restore default without notification.
6. Exit Spysweeper.

Defrag:

Do you need to defrag - is it that badly fragmented. For best results always defrag in SAFE MODE (also generally advisable to run SCANDISK, first). Go to the following link to find out the extent of any fragmentation and their recommendation:

Disk Health
http://www.pcpitstop.com/pcpitstop/diskhealth.asp

While there you may as well run the 'Full Tests' - it may help identify some additional issues for you. A 'new member' doesn't have to register but if you register you can post a link to your results for others to comment on.

PC Pitstop runs diagnostics on your PC to identify things that will improve performance click on >> full test. On left side, after you get score then click System Comparisons to compares your PC to the best performance obtainable for your class of PC.

There is always the possibility of malware still running on your PC:

Download (the free version), install, update, and run A-Squared scanning tool (strong tool against Trojans):
http://www.emsisoft.com/en/software/free

Post any available log (IMPORTANT FEEDBACK) - do not fix any 'riskware' items (in particular) unless you understand why you are fixing those items. Indicate which found items remain to be fixed.



REBOOT if anything was fixed.


Please do an online scan (scan only tool) with Kaspersky WebScanner



[Internet Explorer required]
Go to Kaspersky website: www.kaspersky.com/virusscanner and click on the Kaspersky Online Scanner BUTTON/BOX.

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make sure that the following are selected:
  • Scan using the following Anti-Virus database:
    - Extended (if available otherwise Standard)
  • Scan Options:
    - Scan Archives
    - Scan Mail Bases
• Click OK
• Now under select a target to scan:
  • Select My Computer
• This program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
• Save the file to your desktop.
• Copy and paste that information in your next post.

You might also want to run this scan as an added check:


[Internet Explorer required]
Place a shortcut to Panda ActiveScan on your desktop (FREE Version is mostly a scan only tool) .


Run the Panda ActiveScan shortcut.
- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.


Post a Panda log back here, if anything is reported.

Hi,

I have followed your instructions for SDS & SS

I think we are making some progress.
Each of the scan you advised had something to show.

IN a-squared scan, I have not fixed any of the suspicious object it foun & would do it only on your advice.

Here's the a-squared report:


Scan started: 7/4/06 5:24:56 PM
Scan finished: 7/4/06 6:26:13 PM
Scan duration: 1h 1min 16sec
Scanned files: 104740
Infected files: 11

Object Diagnosis
C:\My Documents\\edonkey2000 downloads Trace.Directory.eDonkey
c:\WINDOWS\SYSTEM32\OLEEXT.DLL Trojan.Win32.Small.ev
c:\WINDOWS.000\Downloaded Program Files\UWA6P_0001_N822M1605NetInstaller.exe Riskware.Downloader.Win32.WinFixer.j
c:\WINDOWS.000\Cookies\tamal guha@com[1].txt Trace.TrackingCookie
c:\WINDOWS.000\Cookies\tamal guha@sexysharapova[1].txt Trace.TrackingCookie
c:\WINDOWS.000\Cookies\tamal guha@pop.searchco[2].txt Trace.TrackingCookie
c:\WINDOWS.000\Cookies\tamal guha@mediaplayer[1].txt Trace.TrackingCookie
c:\WINDOWS.000\Cookies\tamal guha@popularscreensavers[1].txt Trace.TrackingCookie
c:\WINDOWS.000\Cookies\tamal guha@link.maxxandmore[1].txt Trace.TrackingCookie
c:\WINDOWS.000\Cookies\tamal guha@indextools[1].txt Trace.TrackingCookie
c:\WINDOWS.000\Cookies\tamal guha@tribalfusion[1].txt Trace.TrackingCookie



Here's the Kaspersky online scanning report:


KASPERSKY ONLINE SCANNER REPORT
Tuesday, July 04, 2006 3:57:33 PM
Operating System: Microsoft Windows 98 SE
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 4/07/2006
Kaspersky Anti-Virus database records: 204564
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
a:\
c:\
d:\
e:\
Scan Statistics
Total number of scanned objects 49118
Number of viruses found 9
Number of infected objects 13 / 0
Number of suspicious objects 0
Duration of the scan process 02:27:29

Infected Object Name Virus Name Last Action
c:\WINDOWS\SYSTEM32\OLEEXT.DLL Infected: Trojan.Win32.Small.ev skipped
c:\Documents and Settings\tamal guha\Local Settings\Temporary Internet Files\Content.IE5\O12R4TUV\adv433[1].htm Infected: Trojan-Dropper.VBS.Inor.cz skipped
c:\Program Files\TV Viewer\ANNCLIST.FIL Object is locked skipped
c:\System Volume Information\_restore{234CC1D6-E1FF-4ED1-BC4B-4CB9C8302CF8}\RP52\A0067712.DLL Infected: Virus.Win32.Nsag.b skipped
c:\System Volume Information\_restore{234CC1D6-E1FF-4ED1-BC4B-4CB9C8302CF8}\RP52\A0067713.DLL Infected: Virus.Win32.Nsag.b skipped
c:\System Volume Information\_restore{234CC1D6-E1FF-4ED1-BC4B-4CB9C8302CF8}\RP57\A0100922.DLL Infected: Trojan.Win32.Agent.hh skipped
c:\WINDOWS.000\SYSTEM\dpngkhqual.exe Infected: not-a-virus:AdWare.Win32.NaviPromo.s skipped
c:\WINDOWS.000\SYSTEM\egaccess4_1063.dll Infected: not-a-virus:Porn-Dialer.Win32.EgroupDial.x skipped
c:\WINDOWS.000\TEMP\~DF2336.TMP Object is locked skipped
c:\WINDOWS.000\Application Data\Mozilla\Firefox\Profiles\0yfefrkp.default\Cac he\_CACHE_001_ Object is locked skipped
c:\WINDOWS.000\Application Data\Mozilla\Firefox\Profiles\0yfefrkp.default\Cac he\_CACHE_002_ Object is locked skipped
c:\WINDOWS.000\Application Data\Mozilla\Firefox\Profiles\0yfefrkp.default\Cac he\_CACHE_003_ Object is locked skipped
c:\WINDOWS.000\Downloaded Program Files\UWA6P_0001_N822M1605NetInstaller.exe Infected: not-a-virusownloader.Win32.WinFixer.j skipped
c:\WINDOWS.000\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
c:\WINDOWS.000\Cookies\index.dat Object is locked skipped
c:\WINDOWS.000\History\History.IE5\index.dat Object is locked skipped
c:\WINDOWS.000\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
c:\WINDOWS.000\WIN386.SWP Object is locked skipped
c:\My Documents\hijackthis\backups\backup-20060702-174941-408.dll Infected: not-a-virus:Porn-Dialer.Win32.EgroupDial.v skipped
c:\My Documents\hijackthis\backups\backup-20060702-174941-910.dll Infected: not-a-virus:Porn-Dialer.Win32.EgroupDial.x skipped
c:\My Documents\hijackthis\backups\backup-20060702-182057-643.dll Infected: not-a-virus:Porn-Dialer.Win32.EgroupDial.v skipped
c:\My Documents\hijackthis\backups\backup-20060702-182111-524.dll Infected: not-a-virus:Porn-Dialer.Win32.EgroupDial.x skipped
c:\Downloads\HitmanCodename47Setup-dm[1].exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped
Scan process completed.


Here's the panda scan report:


Incident Status Location

Potentially unwanted tool:application/winfixer2005 Not disinfected c:\windows.000\downloaded program files\UWA6P_0001_N822M1605NetInstaller.exe
Adware:adware/navipromo Not disinfected c:\windows.000\system\wdqbrcmez_nav.dat
Adware:adware/powerstrip Not disinfected Windows Registry
Potentially unwanted tool:Application/Restart Not disinfected C:\WINDOWS\SYSTEM32\Tools\Restart.exe
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@quest ionmarket[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@hitbo x[1].txt
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@click bank[2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@ehg-idg.hitbox[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@statc ounter[1].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@z1.ad server[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@dist. belnk[1].txt
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@brave net[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@triba lfusion[1].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@reven ue[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@fastc lick[1].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@ccbil l[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@com[2].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@maxse rving[2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@apmeb f[2].txt
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@qksrv[2].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@zedo[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@adver tising[2].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@2o7[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@serve dby.advertising[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@belnk[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@doubl eclick[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@ad.yi eldmanager[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@casal emedia[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@ath.b elnk[1].txt
Spyware:Cookie/Paypopup Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@paypo pup[2].txt
Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@targe tnet[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@burst net[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\tamal guha\Local Settings\Temp\Cookies\tamal guha@atdmt[2].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\tamal guha\Local Settings\Temp\Cookies\tamal guha@2o7[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\tamal guha\Local Settings\Temp\Cookies\tamal guha@doubleclick[2].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\tamal guha\Local Settings\Temp\Cookies\tamal guha@counter15.sextracker[1].txt
Spyware:Cookie/XXXCounter Not disinfected C:\Documents and Settings\tamal guha\Local Settings\Temp\Cookies\tamal guha@xxxcounter[1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\tamal guha\Local Settings\Temp\Cookies\tamal guha@counter4.sextracker[1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\tamal guha\Local Settings\Temp\Cookies\tamal guha@sextracker[2].txt
Potentially unwanted tool:Application/PRScheduler Not disinfected C:\Documents and Settings\tamal guha\Start Menu\Programs\Startup\PowerReg Scheduler.exe
Potentially unwanted tool:Application/PRScheduler Not disinfected C:\Documents and Settings\tamal guha\Desktop\backups\backup-20060628-153934-644-PowerReg Scheduler.exe
Potentially unwanted tool:Application/Restart Not disinfected C:\WINDOWS.000\SYSTEM\Tools\Restart.exe
Spyware:Cookie/Tribalfusion Not disinfected C:\WINDOWS.000\Application Data\Mozilla\Firefox\Profiles\0yfefrkp.default\coo kies.txt[.tribalfusion.com/]
Spyware:Cookie/Com.com Not disinfected C:\WINDOWS.000\Cookies\tamal guha@com[1].txt
Spyware:Cookie/Buydomains Not disinfected C:\WINDOWS.000\Cookies\tamal guha@www47.buydomains[1].txt
Spyware:Cookie/Xmts Not disinfected C:\WINDOWS.000\Cookies\tamal guha@xmts[1].txt
Spyware:Cookie/Searchportal Not disinfected C:\WINDOWS.000\Cookies\tamal guha@searchportal.information[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\WINDOWS.000\Cookies\tamal guha@tribalfusion[1].txt
Dialerialer.GXI Not disinfected C:\My Documents\hijackthis\backups\backup-20060702-174941-408.dll
Dialerialer.GXI Not disinfected C:\My Documents\hijackthis\backups\backup-20060702-182057-643.dll
Adware:Adware/Trymedia Not disinfected C:\Downloads\HitmanCodename47Setup-dm[1].exe


Hope you will find these instresting.

greetings

Ron.

1) Please download the Killbox.
Unzip it to the desktop and run it.

2) Select "Delete on Reboot".
3) Then Click the "All Files" button.

4) Copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\My Documents\\edonkey2000 downloads
c:\WINDOWS\SYSTEM32\OLEEXT.DLL
c:\WINDOWS.000\Downloaded Program Files\UWA6P_0001_N822M1605NetInstaller.exe c:\WINDOWS.000\Cookies\tamal guha@com[1].txt
c:\WINDOWS.000\Cookies\tamal guha@sexysharapova[1].txt
c:\WINDOWS.000\Cookies\tamal guha@pop.searchco[2].txt
c:\WINDOWS.000\Cookies\tamal guha@mediaplayer[1].txt
c:\WINDOWS.000\Cookies\tamal guha@popularscreensavers[1].txt
c:\WINDOWS.000\Cookies\tamal guha@link.maxxandmore[1].txt
c:\WINDOWS.000\Cookies\tamal guha@indextools[1].txt
c:\WINDOWS.000\Cookies\tamal guha@tribalfusion[1].txt

c:\Documents and Settings\tamal guha\Local Settings\Temporary Internet Files\Content.IE5\O12R4TUV\adv433[1].htm
c:\WINDOWS.000\SYSTEM\dpngkhqual.exe
c:\WINDOWS.000\SYSTEM\egaccess4_1063.dll
c:\WINDOWS.000\Downloaded Program Files\UWA6P_0001_N822M1605NetInstaller.exe
c:\My Documents\hijackthis\backups\backup-20060702-174941-408.dll
c:\My Documents\hijackthis\backups\backup-20060702-174941-910.dll
c:\My Documents\hijackthis\backups\backup-20060702-182057-643.dll
c:\My Documents\hijackthis\backups\backup-20060702-182111-524.dll
c:\Downloads\HitmanCodename47Setup-dm[1].exe
c:\windows.000\system\wdqbrcmez_nav.dat

5) Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

6) Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "Yes" to reboot next.



Also remove any cookies found by Panda (either individually of in a killbox list prepared by you).




Please download VundoFix.exe to your desktop.

http://www.atribune.org/ccount/click.php?id=4

Double-click VundoFix.exe to run it.

Click the Scan for Vundo button.

Once it's done scanning, click the Remove Vundo button.

You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.


Please post the contents of C:\vundofix.txt and a new HiJackThis log. Tell us how your PC is now doing.