Problem:
Constant pop-ups and system warnings of spyware, malware,adware, trojan and virus attack. Yellow triangle on taskbar with ! sign. IE browser hijack, porn dialling, pop-up ads for online casino gaming, adult dating and anti-virus products: Ad Protect, Malware Wipe, Virus Blast, Security Center, Securitypage and others. Named viruses include: Win 32.MT.Rs, iworm_attck, OHME among others. System sluggish. Sometimes to a crawl. Crashes sometimes. Internet connection also slow.

Action Taken:
Ran current version of AVG. 10 viruses including 4 trojans. Eliminated 2 trojans.
Ewido & Hijackthis. Saved scan logs for both.
Hijackthis scan log included in this post.
Ewido scan report is too long to include.
Can post in parts if that would help.

Logfile of HijackThis v1.99.1
Scan saved at 3:01:04 AM, on 7/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\acs.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Ewido\ewido anti-spyware 4.0\guard.exe
C:\Program Files\IntCodec\pmsngr.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\IntCodec\pmmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ewido\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\New Office\Office\OSA.EXE
C:\Program Files\Uninstaller\Tray icon tool.exe
C:\Program Files\Belkin\PCI F5D7000\Wireless Utility\Belkinwcui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
F1 - win.ini: run=C:\WINDOWS\..\PROGRA~1\COMMON~1\MICROS~1\MSInf o\info32.exe
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_0/home.html"); (C:\Documents and Settings\Chamath Perera\Application Data\Mozilla\Profiles\default\awoxe3in.slt\prefs.j s)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csea rchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Chamath Perera\Application Data\Mozilla\Profiles\default\awoxe3in.slt\prefs.j s)
O1 - Hosts: 65.77.82.162 easypic.com
O1 - Hosts: 65.77.82.162 pichunter.com
O1 - Hosts: 65.77.82.162 pussyslot.com
O1 - Hosts: 65.77.82.162 sexocean.com
O1 - Hosts: 65.77.82.162 worldsex.com
O1 - Hosts: 65.77.82.162 www.easypic.com
O1 - Hosts: 65.77.82.162 www.pichunter.com
O1 - Hosts: 65.77.82.162 www.pussyslot.com
O1 - Hosts: 65.77.82.162 www.sexocean.com
O1 - Hosts: 65.77.82.162 www.worldsex.com
O1 - Hosts: 65.77.82.162 www.pinkworld.com
O1 - Hosts: 65.77.82.162 pinkworld.com
O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL (file missing)
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: My &Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL (file missing)
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: &My Way Speedbar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\Ewido\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Office Startup.lnk = C:\Program Files\New Office\Office\OSA.EXE
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\New Office\Office\FINDFAST.EXE
O4 - Global Startup: Uninstaller tray icon tool.lnk = C:\Program Files\Uninstaller\Tray icon tool.exe
O4 - Global Startup: Belkin Wireless Utility.lnk = C:\Program Files\Belkin\PCI F5D7000\Wireless Utility\Belkinwcui.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
O16 - DPF: {79B96C72-C0D0-4DC8-BC7E-9F314A918228} - http://imgfarm.com/images/nocache/myspeedbar/myinitialsetup1.0.0.3.cab
O19 - User stylesheet: C:\Documents and Settings\Chamath Perera\My Documents\My Received Files\kaputa_new\KAPUTA.TTF
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: cholecyst - {ee2975b6-e8d5-405e-8448-8fe9590f6cfb} - (no file)
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\Ewido\ewido anti-spyware 4.0\guard.exe

Open Hijackthis and place a check next to:


R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

F1 - win.ini: run=C:\WINDOWS\..\PROGRA~1\COMMON~1\MICROS~1\MSInf o\info32.exe

O1 - Hosts: 65.77.82.162 easypic.com
O1 - Hosts: 65.77.82.162 pichunter.com
O1 - Hosts: 65.77.82.162 pussyslot.com
O1 - Hosts: 65.77.82.162 sexocean.com
O1 - Hosts: 65.77.82.162 worldsex.com
O1 - Hosts: 65.77.82.162 www.easypic.com
O1 - Hosts: 65.77.82.162 www.pichunter.com
O1 - Hosts: 65.77.82.162 www.pussyslot.com
O1 - Hosts: 65.77.82.162 www.sexocean.com
O1 - Hosts: 65.77.82.162 www.worldsex.com
O1 - Hosts: 65.77.82.162 www.pinkworld.com
O1 - Hosts: 65.77.82.162 pinkworld.com

O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL (file missing)
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: My &Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL (file missing)
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: &My Way Speedbar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL

O21 - SSODL: cholecyst - {ee2975b6-e8d5-405e-8448-8fe9590f6cfb} - (no file)

Close all open program and browser windows except for Hijackthis and click fix checked.

RE-BOOT and post fresh HJT log.

Post the ewido log in two posts or edit out the cookies part of the log and post the rest.

It appears Ewido removed a bunch of it.

Thanks for the response.
Will post Ewido scan resport in parts in follow up posts.
I did as you suggested. Here is the HJT log after the suggested fixes:
Logfile of HijackThis v1.99.1
Scan saved at 3:46:57 PM, on 7/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Ewido\ewido anti-spyware 4.0\guard.exe
C:\Program Files\IntCodec\pmsngr.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\IntCodec\pmmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\New Office\Office\OSA.EXE
C:\Program Files\Uninstaller\Tray icon tool.exe
C:\Program Files\Belkin\PCI F5D7000\Wireless Utility\Belkinwcui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_0/home.html"); (C:\Documents and Settings\Chamath Perera\Application Data\Mozilla\Profiles\default\awoxe3in.slt\prefs.j s)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csea rchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Chamath Perera\Application Data\Mozilla\Profiles\default\awoxe3in.slt\prefs.j s)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Office Startup.lnk = C:\Program Files\New Office\Office\OSA.EXE
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\New Office\Office\FINDFAST.EXE
O4 - Global Startup: Uninstaller tray icon tool.lnk = C:\Program Files\Uninstaller\Tray icon tool.exe
O4 - Global Startup: Belkin Wireless Utility.lnk = C:\Program Files\Belkin\PCI F5D7000\Wireless Utility\Belkinwcui.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
O16 - DPF: {79B96C72-C0D0-4DC8-BC7E-9F314A918228} - http://imgfarm.com/images/nocache/myspeedbar/myinitialsetup1.0.0.3.cab
O19 - User stylesheet: C:\Documents and Settings\Chamath Perera\My Documents\My Received Files\kaputa_new\KAPUTA.TTF
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\Ewido\ewido anti-spyware 4.0\guard.exe

Ewido Scan Report

Without sections on trackinng cookies cleaned.

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 2:28:46 AM 7/30/2006

+ Scan result:



HKLM\SOFTWARE\Classes\CLSID\{5753791b-f607-48ca-814e-91c14d081f9e} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{ee2975b6-e8d5-405e-8448-8fe9590f6cfb} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{5753791b-f607-48ca-814e-91c14d081f9e} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-1957994488-1383384898-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{5753791B-F607-48CA-814E-91C14D081F9E} -> Adware.Generic : Cleaned with backup (quarantined).
C:\Documents and Settings\Chamath Perera\Local Settings\Temporary Internet Files\Content.IE5\47J3USHX\Install[1].exe -> Adware.Spysheriff : Cleaned with backup (quarantined).
HKU\S-1-5-21-1957994488-1383384898-1343024091-1003\Software\Coulomb -> Dialer.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-1957994488-1383384898-1343024091-1003\Software\Coulomb\****-site.com Hardcore Area -> Dialer.Generic : Cleaned with backup (quarantined).
C:\WINDOWS\system32\redirect.vbs -> Downloader.Psyme.as : Cleaned with backup (quarantined).
C:\Program Files\FunWebProducts\Installr\f3Setup1.exe -> Not-A-Virus.Downloader.Win32.FunWeb : Ignored.
:mozilla.646:C:\Documents and Settings\Chamath Perera\Application Data\Mozilla\Firefox\Profiles\iq04nrbz.default\coo kies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.648:C:\Documents and Settings\Chamath Perera\Application Data\Mozilla\Firefox\Profiles\iq04nrbz.default\coo kies.txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\Chamath Perera\Cookies\chamath perera@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\Chamath Perera\Cookies\chamath perera@247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.100:C:\Documents and Settings\Chamath Perera\Application

-----Removed section on cookies (cleaned).

C:\Documents and Settings\Chamath Perera\.jpi_cache\file\1.0\Dummy.class-205482c2-1c4a5085.class -> Trojan.ClassLoader.Dummy.d : Cleaned with backup (quarantined).
C:\Documents and Settings\Chamath Perera\.jpi_cache\file\1.0\Dummy.class-4ffef27c-48d9ffdf.class -> Trojan.ClassLoader.Dummy.d : Cleaned with backup (quarantined).


::Report end

How is the system running??????

Pop-ups continue unabated.
System still slows down. Especially when browsing and when exiting a program.
Thanks

Please download the Killbox (http://www.downloads.subratam.org/KillBox.zip).
Unzip it to the desktop but do NOT run it yet.
Then please reboot into Safe Mode by restarting your computer and pressing F8 as your computer is booting up. Then select the Safe Mode option.
Once in Safe Mode, please run Killbox.
Click "Delete on Reboot".
Paste the following into the top "Full Path of File to Delete" box.

C:\Program Files\IntCodec\pmmon.exe

Click the red-and-white "Delete File".
Click "Yes" at the Delete on Reboot prompt.
Click "No" at the Pending Operations prompt.



After rebooting, find the folder C:\Program Files\IntCodec, and delete it,and all it's contents

Thanks for Killbox tip.
Dowloaded and ran as instructed in previous post.
Managed to delete all but two files in the IntecCodec folder.
Cannot delete error messages access denied for:
pmsngr.exe
pmmon.exe
Please advise.
Ran Ewido again before and after Killbox.
Last count had 18 traces.
1 high threat quarrantined Downloader.Zlob.aar
16 medium threat cookies, deleted.
1 low threat Not-a-virus.Downloader.Win32.Funweb, ignored.

With Ewido (trial version) shield up and with IE and other options turned on in Antispy tools section, pop-ups and warnings and toolbar yellow triangle have subsided.
System is still pretty sluggish.
Tried to delete
pmsngr.exe
pmmon.exe
using the Ewido shredder. Access denied. File open or in use.

Please advise.

Isn't there an option to delete on the next re-boot?

If not, try safe mode and see if that helps. If not, we go another way....

Thanks. Manged to delete last 2 IntecCodec files in Safe Mode.
System still tends to slowdown.
Ewido shield keeps falling down i.e. de-activated of its own accord.
Is this because it is the trail version?
Or is it caused by a malware?
Fewer traces and objects found by Ewido with each scan.
HJT scans show objects that may pose potential dangers. Please see latest scan log. Are there items I could delete without endangering system functions or performance? For example there are programs I don't use such as, IE, Incredimail, MS Messenger. Can I delete items related to these programs without endangering system function or performance?
Please advise.
Thanks
HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 11:52:17 AM, on 8/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\acs.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Ewido\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\New Office\Office\OSA.EXE
C:\Program Files\Uninstaller\Tray icon tool.exe
C:\Program Files\Belkin\PCI F5D7000\Wireless Utility\Belkinwcui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\Program Files\Ewido\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_0/home.html"); (C:\Documents and Settings\Chamath Perera\Application Data\Mozilla\Profiles\default\awoxe3in.slt\prefs.j s)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csea rchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Chamath Perera\Application Data\Mozilla\Profiles\default\awoxe3in.slt\prefs.j s)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Office Startup.lnk = C:\Program Files\New Office\Office\OSA.EXE
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\New Office\Office\FINDFAST.EXE
O4 - Global Startup: Uninstaller tray icon tool.lnk = C:\Program Files\Uninstaller\Tray icon tool.exe
O4 - Global Startup: Belkin Wireless Utility.lnk = C:\Program Files\Belkin\PCI F5D7000\Wireless Utility\Belkinwcui.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
O16 - DPF: {79B96C72-C0D0-4DC8-BC7E-9F314A918228} - http://imgfarm.com/images/nocache/myspeedbar/myinitialsetup1.0.0.3.cab
O19 - User stylesheet: C:\Documents and Settings\Chamath Perera\My Documents\My Received Files\kaputa_new\KAPUTA.TTF
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\Ewido\ewido anti-spyware 4.0\guard.exe

The log looks fine...

Try running a couple of online virus scans and see if they pick up anything...

* Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Doubleclick the drweb-cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look if you can click next icon next to the files found: http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif
If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif
This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.

There is one more HJT item to fix... Open and HJT scan and put a check by:

O16 - DPF: {79B96C72-C0D0-4DC8-BC7E-9F314A918228} - http://imgfarm.com/images/nocache/m...etup1.0.0.3.cab

Close all open windows except HJT and press Fix checked...