Occasionally on clicking on a website I get redirected somewhere else sometimes 'Ebay'

Regards John


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:38:09, on 09/12/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Safe mode

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! UK & Ireland
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! UK & Ireland
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [ProcessLassoManagementConsole] C:\Program Files\Process Lasso\processlasso.exe
O4 - HKLM\..\Run: [ProcessGovernor] C:\Program Files\Process Lasso\processgovernor.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [VX1000] C:\Windows\vVX1000.exe
O4 - HKCU\..\Run: [AVO Ram Optimizer] c:\program files\systweak\advanced vista optimizer 2009\AVO.exe -s
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6 097707281E79.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVO2009 Defrag - Systweak Inc. - C:\Program Files\Systweak\Advanced Vista Optimizer 2009\AVODefragService32.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 6571 bytes


AVG 9.0 Anti-Virus command line scanner
Copyright (c) 1992 - 2009 AVG Technologies
Program version 9.0.663, engine 9.0.708
Virus Database: Version 270.14.99/2553 2009-12-08

C:\Windows\System32\wininit.exe (372):\memory_000e0000 Virus identified Win32/Cryptor
C:\Windows\System32\wininit.exe (372) Virus identified Win32/Cryptor
C:\Windows\System32\winlogon.exe (424):\memory_00bc0000 Virus identified Win32/Cryptor
C:\Windows\System32\winlogon.exe (424) Virus identified Win32/Cryptor
C:\Windows\System32\services.exe (460):\memory_00940000 Virus identified Win32/Cryptor
C:\Windows\System32\services.exe (460) Virus identified Win32/Cryptor
C:\Windows\System32\lsass.exe (472):\memory_00030000 Virus identified Win32/Cryptor
C:\Windows\System32\lsass.exe (472) Virus identified Win32/Cryptor
C:\Windows\System32\lsm.exe (480):\memory_007d0000 Virus identified Win32/Cryptor
C:\Windows\System32\lsm.exe (480) Virus identified Win32/Cryptor
C:\Windows\System32\svchost.exe (644):\memory_007a0000 Virus identified Win32/Cryptor
C:\Windows\System32\svchost.exe (644) Virus identified Win32/Cryptor
C:\Windows\System32\svchost.exe (708):\memory_008b0000 Virus identified Win32/Cryptor
C:\Windows\System32\svchost.exe (708) Virus identified Win32/Cryptor
C:\Windows\System32\svchost.exe (792):\memory_00980000 Virus identified Win32/Cryptor
C:\Windows\System32\svchost.exe (792) Virus identified Win32/Cryptor
C:\Windows\System32\svchost.exe (824):\memory_00920000 Virus identified Win32/Cryptor
C:\Windows\System32\svchost.exe (824) Virus identified Win32/Cryptor
C:\Windows\System32\svchost.exe (868):\memory_00280000 Virus identified Win32/Cryptor
C:\Windows\System32\svchost.exe (868) Virus identified Win32/Cryptor
C:\Windows\System32\config\systemprofile\AppData\R oaming\sdra64.exe (1052):\memory_01400000 Virus identified Win32/Cryptor
C:\Windows\System32\config\systemprofile\AppData\R oaming\sdra64.exe (1052):\memory_01420000 Virus identified Win32/Cryptor
C:\Windows\System32\config\systemprofile\AppData\R oaming\sdra64.exe (1052):\memory_01440000 Virus identified Win32/Cryptor
C:\Windows\System32\config\systemprofile\AppData\R oaming\sdra64.exe (1052) Virus identified Win32/Cryptor
C:\Windows\explorer.exe (1076):\memory_00f80000 Virus identified Win32/Cryptor
C:\Windows\explorer.exe (1076):\memory_02880000 Virus identified Win32/Cryptor
C:\Windows\explorer.exe (1076):\memory_028a0000 Virus identified Win32/Cryptor
C:\Windows\explorer.exe (1076) Virus identified Win32/Cryptor
C:\Windows\HelpPane.exe (1332):\memory_001f0000 Virus identified Win32/Cryptor
C:\Windows\HelpPane.exe (1332):\memory_00a90000 Virus identified Win32/Cryptor
C:\Windows\HelpPane.exe (1332) Virus identified Win32/Cryptor
C:\Program Files\AVG\AVG9\avgui.exe (1596):\memory_01ea0000 Virus identified Win32/Cryptor
C:\Program Files\AVG\AVG9\avgui.exe (1596) Virus identified Win32/Cryptor
C:\Boot\BCD Locked file. Not tested.
C:\Boot\BCD.LOG Locked file. Not tested.
C:\Documents and Settings\ Locked file. Not tested.
C:\pagefile.sys Locked file. Not tested.
C:\ProgramData\avg9\Log\bd984012-ec58-48fd-93f1-e5929e2e91a3 Locked file. Not tested.
C:\ProgramData\Desktop\ Locked file. Not tested.
C:\ProgramData\Documents\ Locked file. Not tested.
C:\ProgramData\Favorites\ Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\00 5c8179fe62356e94d13dd5bd34c551_331ae93d-8aa1-4420-8d04-93fa2473c73d Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\00 cef753189c05fe9ed338f1dbe04444_331ae93d-8aa1-4420-8d04-93fa2473c73d Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\09 43ca4c7fbdcf4ef05f6597d17ee65f_331ae93d-8aa1-4420-8d04-93fa2473c73d Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1d 5b96a63f86161dacc9546a84eda6a8_331ae93d-8aa1-4420-8d04-93fa2473c73d Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1f 285b50769f5db0f66ab1c14cbeab15_331ae93d-8aa1-4420-8d04-93fa2473c73d Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1f 9cd2648144cbf1177bd0bc0c14d7a7_331ae93d-8aa1-4420-8d04-93fa2473c73d Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\25 2e3f1dfcbf685b9b7d55322b610bdc_331ae93d-8aa1-4420-8d04-93fa2473c73d Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\25 6e913dc5b150e9ca676e164c9b53fd_331ae93d-8aa1-4420-8d04-93fa2473c73d Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\25 9666e50d976ef68e3f19018752ba07_331ae93d-8aa1-4420-8d04-93fa2473c73d Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2f 66026cca11ebe24346d4eaf406d208_331ae93d-8aa1-4420-8d04-93fa2473c73d Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\39 ed7cd1c25651e875ef10423f088799_331ae93d-8aa1-4420-8d04-93fa2473c73d Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4f ab151f78f12840b32b59342d0cb5f4_331ae93d-8aa1-4420-8d04-93fa2473c73d Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\53 21ecbec8dfa76bc490aa964f449688_331ae93d-8aa1-4420-8d04-93fa2473c73d Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\68 01d518aa292274be0eb3e5d7893737_331ae93d-8aa1-4420-8d04-93fa2473c73d Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\68 ce175f1221633570af595312d0446e_331ae93d-8aa1-4420-8d04-93fa2473c73d Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7b de58fed88656d423959163eb0a2ee3_331ae93d-8aa1-4420-8d04-93fa2473c73d Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\80 e8ec7ac498f8b524e861ff1e943aa0_331ae93d-8aa1-4420-8d04-93fa2473c73d Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\84 f8731dd8fe8c62ac7d4450ee181ecf_331ae93d-8aa1-4420-8d04-93fa2473c73d Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6a e8eeef99e69714d379a44c47b7cea0_331ae93d-8aa1-4420-8d04-93fa2473c73d Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\94 83e60225027448f43ffa92e0316de7_331ae93d-8aa1-4420-8d04-93fa2473c73d Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\be 07df02458bbd8257c1c978754e4d52_331ae93d-8aa1-4420-8d04-93fa2473c73d Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c3 10c391f9eeda823533a069df2b266a_331ae93d-8aa1-4420-8d04-93fa2473c73d Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c2 cd4b9304cfdf3e14d6e8167ecc06b5_331ae93d-8aa1-4420-8d04-93fa2473c73d Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\cc a633202d588acbc130c96e3e16f0d7_331ae93d-8aa1-4420-8d04-93fa2473c73d Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\cc d05d1c9bb52b35a08fbd7ab25e935c_331ae93d-8aa1-4420-8d04-93fa2473c73d Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ce 145d54fe23a062c39124a7dc9c7b99_331ae93d-8aa1-4420-8d04-93fa2473c73d Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d9 13525af3ac4b78148e29d70e2bd70b_331ae93d-8aa1-4420-8d04-93fa2473c73d Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\da 136b32bb9fd5853f12a31e0db637ff_331ae93d-8aa1-4420-8d04-93fa2473c73d Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\db dff6616412b512b49a5f2708a6ba80_331ae93d-8aa1-4420-8d04-93fa2473c73d Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e8 8cadc366a6541b497e29741a76f798_331ae93d-8aa1-4420-8d04-93fa2473c73d Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f3 34f15ef86f05099f41d21ffb8f2d6e_331ae93d-8aa1-4420-8d04-93fa2473c73d Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fb 3f27bbfe793562cb14c6fbd48af79c_331ae93d-8aa1-4420-8d04-93fa2473c73d Locked file. Not tested.
C:\ProgramData\Templates\ Locked file. Not tested.
C:\System Volume Information\ Locked file. Not tested.
C:\Users\Default\AppData\Local\History\ Locked file. Not tested.
C:\Users\Default\Documents\My Music\ Locked file. Not tested.
C:\Users\Default\Documents\My Pictures\ Locked file. Not tested.
C:\Users\Default\Documents\My Videos\ Locked file. Not tested.
C:\Users\Default\NetHood\ Locked file. Not tested.
C:\Users\Default\PrintHood\ Locked file. Not tested.
C:\Users\Default\Recent\ Locked file. Not tested.
C:\Users\Default\Templates\ Locked file. Not tested.
C:\Users\john\AppData\Local\History\ Locked file. Not tested.
C:\Users\john\AppData\Local\Microsoft\Windows\UsrC lass.dat Locked file. Not tested.
C:\Users\john\AppData\Local\Microsoft\Windows\UsrC lass.dat.LOG1 Locked file. Not tested.
C:\Users\john\AppData\Local\Microsoft\Windows\UsrC lass.dat.LOG2 Locked file. Not tested.
C:\Users\john\Documents\My Music\ Locked file. Not tested.
C:\Users\john\Documents\My Pictures\ Locked file. Not tested.
C:\Users\john\Documents\My Videos\ Locked file. Not tested.
C:\Users\john\NetHood\ Locked file. Not tested.
C:\Users\john\NTUSER.DAT Locked file. Not tested.
C:\Users\john\ntuser.dat.LOG1 Locked file. Not tested.
C:\Users\john\ntuser.dat.LOG2 Locked file. Not tested.
C:\Users\john\PrintHood\ Locked file. Not tested.
C:\Users\john\Templates\ Locked file. Not tested.
C:\Users\Public\Documents\My Music\ Locked file. Not tested.
C:\Users\Public\Documents\My Pictures\ Locked file. Not tested.
C:\Users\Public\Documents\My Videos\ Locked file. Not tested.
C:\Windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat Locked file. Not tested.
C:\Windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat Locked file. Not tested.
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT Locked file. Not tested.
C:\Windows\ServiceProfiles\LocalService\ntuser.dat .LOG1 Locked file. Not tested.
C:\Windows\ServiceProfiles\LocalService\ntuser.dat .LOG2 Locked file. Not tested.
C:\Windows\ServiceProfiles\NetworkService\AppData\ Local\Temp\csp4FFE.tmp Locked file. Not tested.
C:\Windows\ServiceProfiles\NetworkService\AppData\ Local\Temp\csp5248.tmp Locked file. Not tested.
C:\Windows\ServiceProfiles\NetworkService\AppData\ Local\Temp\csp684E.tmp Locked file. Not tested.
C:\Windows\ServiceProfiles\NetworkService\AppData\ Local\Temp\cspBC32.tmp Locked file. Not tested.
C:\Windows\ServiceProfiles\NetworkService\AppData\ Local\Temp\cspC94D.tmp Locked file. Not tested.
C:\Windows\ServiceProfiles\NetworkService\NTUSER.D AT Locked file. Not tested.
C:\Windows\ServiceProfiles\NetworkService\ntuser.d at.LOG1 Locked file. Not tested.
C:\Windows\ServiceProfiles\NetworkService\ntuser.d at.LOG2 Locked file. Not tested.
C:\Windows\System32\catroot2\edb.log Locked file. Not tested.
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Locked file. Not tested.
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Locked file. Not tested.
C:\Windows\System32\config\COMPONENTS Locked file. Not tested.
C:\Windows\System32\config\COMPONENTS.LOG1 Locked file. Not tested.
C:\Windows\System32\config\COMPONENTS.LOG2 Locked file. Not tested.
C:\Windows\System32\config\DEFAULT Locked file. Not tested.
C:\Windows\System32\config\DEFAULT.LOG1 Locked file. Not tested.
C:\Windows\System32\config\DEFAULT.LOG2 Locked file. Not tested.
C:\Windows\System32\config\RegBack\COMPONENTS Locked file. Not tested.
C:\Windows\System32\config\RegBack\DEFAULT Locked file. Not tested.
C:\Windows\System32\config\RegBack\SAM Locked file. Not tested.
C:\Windows\System32\config\RegBack\SECURITY Locked file. Not tested.
C:\Windows\System32\config\RegBack\SOFTWARE Locked file. Not tested.
C:\Windows\System32\config\RegBack\SYSTEM Locked file. Not tested.
C:\Windows\System32\config\SAM Locked file. Not tested.
C:\Windows\System32\config\SAM.LOG1 Locked file. Not tested.
C:\Windows\System32\config\SAM.LOG2 Locked file. Not tested.
C:\Windows\System32\config\SECURITY Locked file. Not tested.
C:\Windows\System32\config\SECURITY.LOG1 Locked file. Not tested.
C:\Windows\System32\config\SECURITY.LOG2 Locked file. Not tested.
C:\Windows\System32\config\SOFTWARE Locked file. Not tested.
C:\Windows\System32\config\SOFTWARE.LOG1 Locked file. Not tested.
C:\Windows\System32\config\SOFTWARE.LOG2 Locked file. Not tested.
C:\Windows\System32\config\SYSTEM Locked file. Not tested.
C:\Windows\System32\config\SYSTEM.LOG1 Locked file. Not tested.
C:\Windows\System32\config\SYSTEM.LOG2 Locked file. Not tested.
C:\Windows\System32\config\systemprofile\AppData\L ocal\History\ Locked file. Not tested.
C:\Windows\System32\config\systemprofile\Documents \My Music\ Locked file. Not tested.
C:\Windows\System32\config\systemprofile\Documents \My Pictures\ Locked file. Not tested.
C:\Windows\System32\config\systemprofile\Documents \My Videos\ Locked file. Not tested.
C:\Windows\System32\LogFiles\WMI\RtBackup\ Locked file. Not tested.
C:\Windows\System32\lowsec\local.ds Locked file. Not tested.
C:\Windows\System32\lowsec\user.ds Locked file. Not tested.
C:\Windows\System32\sdra64.exe Locked file. Not tested.
D:\System Volume Information\ Locked file. Not tested.

------------------------------------------------------------
Objects scanned : 611513
Found infections : 33
Found PUPs : 0
Healed infections : 33
Healed PUPs : 0
Warnings : 0
------------------------------------------------------------

Malwarebytes' Anti-Malware 1.42
Database version: 3328
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

09/12/2009 14:16:46
mbam-log-2009-12-09 (14-16-41).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 236602
Time elapsed: 44 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 2
Registry Data Items Infected: 5
Folders Infected: 1
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\Cur rentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explo rer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\userinit (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\sdra64.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: system32\sdra64.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\config\systemprofile\appdata\r oaming\sdra64.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: system32\config\systemprofile\appdata\roaming\sdra 64.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\Windows\system32\userinit.exe,C:\Windows\syste m32\config\systemprofile\AppData\Roaming\sdra64.ex e,C:\Windows\system32\sdra64.exe,C:\Users\john\App Data\Roaming\sdra64.exe,) Good: (Userinit.exe) -> No action taken.

Folders Infected:
C:\Windows\System32\lowsec (Stolen.data) -> No action taken.

Files Infected:
C:\Users\john\AppData\Local\Temp\DaemonSearch.exe (Trojan.Downloader) -> No action taken.
C:\Users\john\AppData\Local\Temp\extractor.exe (Trojan.Agent) -> No action taken.
C:\Windows\System32\sdra64.exe (Trojan.FakeAlert) -> No action taken.
C:\Windows\System32\config\systemprofile\AppData\R oaming\sdra64.exe (Trojan.FakeAlert) -> No action taken.
C:\Windows\Temp\bwvj.tmp\svchost.exe (Trojan.FakeAlert) -> No action taken.
C:\Windows\System32\lowsec\local.ds (Stolen.data) -> No action taken.
C:\Windows\System32\lowsec\user.ds (Stolen.data) -> No action taken.
C:\Windows\System32\config\Systemprofile\Applicati on Data\sdra64.exe (Trojan.Agent) -> No action taken.

Malwarebytes log says "No action taken" after each line.
Please, re-run Malwarebytes, or post correct log (after fixes were applied).

Malwarebytes' Anti-Malware 1.42
Database version: 3328
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

09/12/2009 14:17:15
mbam-log-2009-12-09 (14-17-15).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 236602
Time elapsed: 44 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 2
Registry Data Items Infected: 5
Folders Infected: 1
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\Cur rentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explo rer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\userinit (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\sdra64.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: system32\sdra64.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\config\systemprofile\appdata\r oaming\sdra64.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: system32\config\systemprofile\appdata\roaming\sdra 64.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\Windows\system32\userinit.exe,C:\Windows\syste m32\config\systemprofile\AppData\Roaming\sdra64.ex e,C:\Windows\system32\sdra64.exe,C:\Users\john\App Data\Roaming\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:
C:\Windows\System32\lowsec (Stolen.data) -> Quarantined and deleted successfully.

Files Infected:
C:\Users\john\AppData\Local\Temp\DaemonSearch.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\john\AppData\Local\Temp\extractor.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\sdra64.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\R oaming\sdra64.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\Temp\bwvj.tmp\svchost.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\System32\lowsec\local.ds (Stolen.data) -> Quarantined and deleted successfully.
C:\Windows\System32\lowsec\user.ds (Stolen.data) -> Quarantined and deleted successfully.
C:\Windows\System32\config\Systemprofile\Applicati on Data\sdra64.exe (Trojan.Agent) -> Quarantined and deleted successfully.

and Spybot keeps finding this: Win32.Agent.pz

regards john

Print these instructions out.

NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

***VERY IMPORTANT! Make sure, you update Superantispyware, and Malwarebytes before running the scans.***

STEP 1. Download SUPERAntiSpyware Free for Home Users:
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: SUPERAntiSpyware.com - Database Definition Information.)
* Close SUPERAntiSpyware.

PHYSICALLY DISCONNECT FROM THE INTERNET

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

* Open SUPERAntiSpyware.
* Click Scan your Computer... button.
* Click Scanning Preferences/Control Center... button.
* Under General and Startup tab, make sure, Start SUPERAntiSpyware when Windows starts option is UN-checked.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):

• Close browsers before scanning.
• Terminate memory threats before quarantining.

* Click the Close button to leave the control center screen.
* On the left, make sure you check C:\Fixed Drive.
* On the right, choose Perform Complete Scan.
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.
* Make sure everything has a checkmark next to it and click Next.
* A notification will appear that Quarantine and Removal is Complete. Click OK and then click the Finish button to return to the main menu.
* If asked if you want to reboot, click Yes.
* To retrieve the removal information after reboot, launch SUPERAntispyware again.

• Click Preferences, then click the Statistics/Logs tab.
• Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
• If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
• Please copy and paste the Scan Log results in your next reply.

* Click Close to exit the program.
Post SUPERAntiSpyware log.

RECONNECT TO THE INTERNET

RESTART COMPUTER!


STEP 2. Download GMER: GMER - Rootkit Detector and Remover, by clicking on Download EXE button.
Alternative downloads:
- |MG| GMER 1.0.15.15273 Download
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

RESTART COMPUTER

STEP 4.
Post fresh HijackThis log.
Make sure, you run it in normal, not safe mode!
NOTE. If you're using Vista, right click on HijackThis, and click Run as Administrator
Do NOT attempt to "fix" anything!


DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Thank you..

Ok.