thnx a lot for that solution,it worked for me too,but i have some other pblm.when i start my computer,a process called ppxcs.exe running automatically and using 100% cpu.I cannot access to other processes with this.can u plz tell me how to solve this.

Hi Kishore, please start a new thread with a fresh MBAM and HijackThis log.
Also, I advice you to not follow other people's threads while special tools are being used, especially if it involves scripts.
It has not been used here, so it's ok to have run MBAM.

Also, please refrain from posting in other people's threads as helpers tend to lose track of what's going on in that thread

@elove :

Now download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Check the 'Input script manually' box.
• Click on the magnifying glass icon.
• Copy everything in the Quote box below, and paste it in the box that opens:
  
  
  Help with Code Tags

  (Toggle Plain Text)

  Files to delete:
  
  C:\WINDOWS\system32\pizorg.dat
  C:\WINDOWS\system32\users64.dat

  Files to delete: C:\WINDOWS\system32\pizorg.dat C:\WINDOWS\system32\users64.dat
• Now click the 'Done' button.
• Click on the traffic light icon and OK the prompt.
• You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt, please copy and paste the contents of the log here.

Also, Please do an online scan with Kaspersky WebScanner

Click Scan Now and Accept the agreement. You will be promted to install an ActiveX component from Kaspersky, click Yes

The program will launch and then begin downloading the latest definition files:

• Once the files have been downloaded click on NEXT
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  • Extended (if available otherwise Standard)
  • Scan Options:
  • Scan Archives
  • Scan Mail Bases
• Click OK
• Now under select a target to scan:
  • Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
• Save the file to your desktop.

Please post the contents of the log here.

Here are the results from Avenger (I had already somehow deleted file "C:\WINDOWS\system32\pizorg.dat") :
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: file "C:\WINDOWS\system32\pizorg.dat" not found!
Deletion of file "C:\WINDOWS\system32\pizorg.dat" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\WINDOWS\system32\users64.dat" deleted successfully.

Error: file "C:\WINDOWS\system32\pizorg.dat" not found!
Deletion of file "C:\WINDOWS\system32\pizorg.dat" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\users64.dat" not found!
Deletion of file "C:\WINDOWS\system32\users64.dat" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.

Alright, are you still getting the message?

I have not received the message since the delete. My Kaspersky report shows that I have a infection.

KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, August 20, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, August 20, 2008 09:25:42
Records in database: 1113234
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Files scanned: 64177
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 01:41:53


File name / Threat name / Threats count
C:\Documents and Settings\Administrator\Local Settings\temp\~nsu.tmp\Au_.exe Infected: Trojan-Downloader.Win32.FraudLoad.vaxg 1

The selected area was scanned.

Hi, this is just a minor infection running off a temporary location.

Please download ATF Cleaner...by Atribune.
It does not require any installation and uses minimal system resources.
It is set up to clean IE, FireFox and Opera, detecting the browsers you have and grays out the other(s).

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
  Recommend UNCHECKING COOKIES if you rely on system remembered passwords.
• Click the Empty Selected button.
  
  • If you use Firefox browser
  • Click Firefox at the top and choose: Select All EXCEPT FIREFOX SAVED PASSWORDS
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser
  • Click Opera at the top and choose: Select All EXCEPT COOKIES AND SAVED PASSWORDS
  • Click the Empty Selected button.
    NOTE: If you would like to keep your cookies and saved passwords, please click No at the prompt.
  
  
• Reply OK to the box with the total bytes removed...
• Click Exit on the Main menu to close the program.

Also, please scan your system with avast! and tell me if the infection is still present.