Virtumonde and other nasty things!

[acoas]

Please, somebody help me !!!

Recently my computer was infected by Virtumonde virus (at least Spybot said so) and I can't do anything about it. It aledgedly erase it but after rebooting it's here again. My NOD32 is freaking out, reporting some various threats (Adware.Ezula, Adware.SecToolbar, TrojanProxy.Wopla, BHO.G Trojan and finally AdwareVirtumonde application). I tried to fix it manually, (tried to resolve it with vundofix and combofix but no success), since I had some experience with this kind of problems, but it seems that was too much for me.

Except this I suspect there are some other malicious stuff, so I wouldn't mind if you could help with those too.

I'm posting HJT log file, hopefully somebody will know what to do.
Sorry, but I didn't post Kaspersky Online Scanner log, I tried it but it lasted forever so I never finished scanning.

P.S. Sorry for my English if I have made some writing or grammar mistakes.

HERE'S THE HJT LOG FILE:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:39:16, on 11/21/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = cache.eunet.yu:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.eunet.yu;*.eunet.yu;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: {67c2c864-f944-17cb-f9f4-5033b0d560f6} - {6f065d0b-3305-4f9f-bc71-449f468c2c76} - C:\WINDOWS\System32\khicetfk.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {B0EA6244-E349-4C46-BE8B-22F85D0047D2} - C:\WINDOWS\System32\awtqn.dll (file missing)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [SysMetrix] C:\Program Files\SysMetrix\SysMetrix.exe
O4 - HKLM\..\Run: [Desktop Service] C:\Program Files\Free-Soft\Virtual Desktop\DesktopLoader.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [cc7895f6] rundll32.exe "C:\WINDOWS\System32\fmuadynm.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [ClockSync] C:\Program Files\ClockSync\Sync.exe /q
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: Sid Registration.lnk = F:\ATR1.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download with Go!Zilla - file://C:\Program Files\Go!Zilla\download-with-gozilla.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Microsoft AntiSpyware helper - {19DD688F-FAA3-49F5-AEEE-5A8C550A403B} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {19DD688F-FAA3-49F5-AEEE-5A8C550A403B} - (no file) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - WWW. Prefix: http://
O15 - Trusted Zone: www.vetup.minpolj.sr.gov.yu
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\explorer.cab
O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {62BC5DB2-0044-4040-B366-D628F3CFD551} (PowerTeam HTML Printing Behavior) - http://www.vetup.minpolj.sr.gov.yu/V...PrinterBvr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D515463C-AD78-4558-AAAD-6973E8741F5B}: NameServer = 194.247.192.33 194.247.192.1
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 7553 bytes

[ken545]

Hello acoas

Welcome to Safer Networking.

Please read Before YouPost
That said, All advice given by anyone volunteering here, is taken at own risk.
While best efforts are made to assist in removing infections safely, unexpected stuff can happen.

You do have some things going on that we need to fix, Not to worry about your english, your doing just fine


First thing I would do in uninstall both these programs from your Add Remove Programs in the Control Panel


C:\Program Files\Security iGuard<-- This is a rogue program and not recommended
C:\Program Files\ClockSync <-- is bundled with Spyware


Open HijackThis > Do a System Scan Only, close your browser and all open windows including this one, the only program or window you should have open is HijackThis, check the following entries and click on Fix Checked.

O2 - BHO: {67c2c864-f944-17cb-f9f4-5033b0d560f6} - {6f065d0b-3305-4f9f-bc71-449f468c2c76} - C:\WINDOWS\System32\khicetfk.dll (file missing)
O2 - BHO: (no name) - {B0EA6244-E349-4C46-BE8B-22F85D0047D2} - C:\WINDOWS\System32\awtqn.dll (file missing)

O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [cc7895f6] rundll32.exe "C:\WINDOWS\System32\fmuadynm.dll",b
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKCU\..\Run: [ClockSync] C:\Program Files\ClockSync\Sync.exe /q
O4 - Startup: PowerReg Scheduler.exe

O9 - Extra button: Microsoft AntiSpyware helper - {19DD688F-FAA3-49F5-AEEE-5A8C550A403B} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {19DD688F-FAA3-49F5-AEEE-5A8C550A403B} - (no file) (HKCU)

O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\explorer.cab
O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab



Download VundoFix to your desktop

• Double-click VundoFix.exe to run it.
• Click the Scan for Vundo button.
• Once it's done scanning, click the Remove Vundo button.
• You will receive a prompt asking if you want to remove the files, click YES
• Once you click yes, your desktop will go blank as it starts removing Vundo.
• When completed, it will prompt that it will reboot your computer, click OK.
• Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.

Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.



Download ComboFix from Here or Here to your Desktop.

• Double click combofix.exe and follow the prompts.
• When finished, it shall produce a log for you. Post the Combofix log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

This is important , do this before you post a new log
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe<-- Right click on Hijackthis.exe ( looks like a man with a spyglass ) and rename it to Scanner.exe

Let me see the Vundo report, the Combofix report and a new HJT log renamed please.

[acoas]

Hi!

First, I didn't found these programs in my Add Remove Programs section in the Control Panel, or even on their supposed locations:
C:\Program Files\Security iGuard
C:\Program Files\ClockSync

Second, I did everything else:

VUNDO REPORT

VundoFix V6.6.2

Checking Java version...

Java version is 1.5.0.7
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Scan started at 23:17:06 11/21/2007

Listing files found while scanning....

No infected files were found.



COMBOFIX REPORT

ComboFix 07-11-19.3 - ALEKSANDAR 2007-11-21 23:51:49.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.187 [GMT 1:00]
Running from: C:\Documents and Settings\ALEKSANDAR\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-10-21 to 2007-11-21 )))))))))))))))))))))))))))))))
.

2007-11-21 16:37 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-17 14:05 82,496 --a------ C:\WINDOWS\system32\umuqdwbe.dll
2007-11-17 00:11 81,984 --a------ C:\WINDOWS\system32\ksjanive.dll
2007-11-16 22:00 <DIR> d-------- C:\Program Files\Hattrick Coach Professional new
2007-11-16 20:08 81,984 --a------ C:\WINDOWS\system32\kotwmjsk.dll
2007-11-16 20:02 679,941 ---hs---- C:\WINDOWS\system32\mnydaumf.ini
2007-11-15 19:51 669,500 ---hs---- C:\WINDOWS\system32\mpnmbfcq.ini
2007-11-14 21:45 143 --a------ C:\WINDOWS\system32\mcrh.tmp
2007-11-14 19:59 671,627 ---hs---- C:\WINDOWS\system32\kgorpbos.ini
2007-11-14 17:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-13 19:46 88,128 --a------ C:\WINDOWS\system32\jisblxpe.dll
2007-11-11 12:45 79,936 --a------ C:\WINDOWS\system32\kmcsqhtn.dll
2007-11-10 15:44 36,352 --a------ C:\WINDOWS\system32\tuvvwxy.dll
2007-11-10 15:43 36,352 --a------ C:\WINDOWS\system32\opnoolj.dll
2007-11-10 15:42 32,764 --a------ C:\WINDOWS\17PHolmes572.exe
2007-11-02 19:39 <DIR> d-------- C:\Program Files\Clickster
2007-10-28 21:05 <DIR> d-------- C:\Program Files\Amiglobe 2006

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-21 22:50 --------- d-----w C:\Documents and Settings\ALEKSANDAR\Application Data\Free Download Manager
2007-11-21 13:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-20 19:54 --------- d-----w C:\Program Files\HT Ratings
2007-11-17 12:51 82,496 ----a-w C:\WINDOWS\system32\xepnqktt.dll
2007-11-16 23:22 81,984 ----a-w C:\WINDOWS\system32\vmndgpur.dll
2007-11-16 23:17 81,984 ----a-w C:\WINDOWS\system32\ctwakkkh.dll
2007-11-16 23:06 81,984 ----a-w C:\WINDOWS\system32\gcndbhpd.dll
2007-11-16 23:01 81,984 ----a-w C:\WINDOWS\system32\wjfbmcud.dll
2007-11-16 22:21 81,984 ----a-w C:\WINDOWS\system32\eauayrdu.dll
2007-11-16 19:28 --------- d-----w C:\Documents and Settings\ALEKSANDAR\Application Data\GameHouse
2007-11-16 19:27 --------- d-----w C:\Program Files\GameHouse
2007-11-15 18:53 79,936 ----a-w C:\WINDOWS\system32\eumhnadx.dll
2007-11-15 16:05 --------- d-----w C:\Program Files\SokkerViewer j
2007-11-15 01:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-10 14:59 502,208 ----a-w C:\WINDOWS\system32\drivers\amon.sys
2007-11-10 14:59 270,336 ----a-w C:\WINDOWS\system32\imon.dll
2007-11-10 14:43 36,352 ----a-w C:\WINDOWS\system32\gebabay.dll
2007-11-06 17:54 --------- d-----w C:\Program Files\HattrickOk
2007-11-03 14:07 --------- d-----w C:\Program Files\SHISEN
2007-11-02 16:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\MumboJumbo
2007-10-23 17:57 --------- d-----w C:\Program Files\Gham
2007-10-20 11:43 --------- d-----w C:\Documents and Settings\ALEKSANDAR\Application Data\Super-Cow
2007-10-15 14:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\SecretsOfOlympus
2007-10-14 10:09 --------- d-----w C:\Documents and Settings\ALEKSANDAR\Application Data\vlc
2007-10-14 10:07 --------- d-----w C:\Program Files\VideoLAN
2007-10-13 23:02 --------- d-----w C:\Program Files\QuickTime Alternative
2007-10-13 23:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-10-13 21:18 --------- d-----w C:\Program Files\Apple Software Update
2007-10-13 21:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-10-13 19:50 --------- d-----w C:\Program Files\Player
2007-10-13 19:37 --------- d-----w C:\Program Files\3GP Player
2007-10-13 11:21 --------- d-----w C:\Documents and Settings\ALEKSANDAR\Application Data\iWin
2007-10-08 19:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2007-10-08 19:28 --------- d-----w C:\Documents and Settings\ALEKSANDAR\Application Data\PlayFirst
2007-10-08 17:30 --------- d-----w C:\Documents and Settings\ALEKSANDAR\Application Data\gemsweeperextractedgfx
2007-10-08 17:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\My Games
2007-10-07 19:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\GameHouse
2007-10-06 18:11 --------- d-----w C:\Documents and Settings\ALEKSANDAR\Application Data\uTorrent
2007-10-04 17:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\HipSoft
2007-09-27 05:18 --------- d-----w C:\Documents and Settings\ALEKSANDAR\Application Data\ArcSoft
2007-09-27 05:13 --------- d-----w C:\Program Files\ArcSoft
2007-09-22 11:32 --------- d-----w C:\Program Files\Audacity
2006-03-18 21:37 560 ----a-w C:\Program Files\Global.sw
2005-07-30 20:20 524,300 ----a-w C:\Documents and Settings\ALEKSANDAR\Application Data\position.bin
2005-02-25 19:00 573,440 ----a-w C:\Documents and Settings\ALEKSANDAR\Application Data\arasan.exe
2005-02-25 18:21 1,179,648 ----a-w C:\Documents and Settings\ALEKSANDAR\Application Data\book.bin
2005-02-25 18:14 1,118,208 ----a-w C:\Documents and Settings\ALEKSANDAR\Application Data\arasanx.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2002-08-29 02:41]
"TASKMGRU"="" []
"MSIMN32"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2001-08-23 13:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2003-09-05 15:59 C:\WINDOWS\system32\nwiz.exe]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-28 14:43]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05]
"Anti-Blaxx Manager"="C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe" [2005-05-18 16:08]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 05:03]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 05:03]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 15:07]
"SysMetrix"="C:\Program Files\SysMetrix\SysMetrix.exe" []
"Desktop Service"="C:\Program Files\Free-Soft\Virtual Desktop\DesktopLoader.exe" []
"AGRSMMSG"="AGRSMMSG.exe" [2005-06-30 06:16 C:\WINDOWS\AGRSMMSG.exe]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-11-10 15:59]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 00:19:50]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-12-24 14:57:38]
VIA RAID TOOL.lnk - C:\Program Files\VIA\RAID\raid_tool.exe [2004-07-21 09:14:21]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]
2003-05-21 17:37 229437 --a------ C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2003-10-23 18:51 233472 --a------ C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2003-06-25 10:24 49152 --a------ C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ins3DT]
E:\INSTALL4\INS3DT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]
C:\PROGRA~1\SPYWAR~1\swdoctor.exe /Q

R0 MrFilter;EasyWrite Driver;C:\WINDOWS\System32\drivers\MrFilter.sys
R0 viasraid;viasraid;C:\WINDOWS\System32\drivers\viasraid.sys
R2 Pctspk;PCTEL Speaker Phone;C:\WINDOWS\system32\pctspk.exe
S2 Ca533av;Icatch(IV) Video Camera Device;C:\WINDOWS\System32\Drivers\Ca533av.sys
S3 FreshIO;FreshIO;\??\C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys
S3 jnv4_mib;jnv4_mib;\??\C:\DOCUME~1\ALEKSA~1\LOCALS~1\Temp\jnv4_mib.sys
S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\System32\DRIVERS\k600bus.sys
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\System32\DRIVERS\k600mdfl.sys
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\System32\DRIVERS\k600mdm.sys
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\System32\DRIVERS\k600mgmt.sys
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\System32\DRIVERS\k600obex.sys
S3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS\System32\DRIVERS\ptserlp.sys
S3 RegGuard;RegGuard;\??\C:\WINDOWS\System32\Drivers\regguard.sys
S3 USBCamera;Icatch(IV) Still Camera Device;C:\WINDOWS\System32\Drivers\Bulk533.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-11-03 22:59:11 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-21 21:13:23 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-21 23:56:13
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-11-21 23:57:38
C:\ComboFix2.txt ... 2007-11-17 18:45
.
--- E O F ---



HJT LOG (renamed)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:00:42, on 11/22/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\System32\cmd.exe
C:\ComboFix\vfind.cfexe
C:\WINDOWS\System32\cmd.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\Scanner.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = cache.eunet.yu:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.eunet.yu;*.eunet.yu;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [SysMetrix] C:\Program Files\SysMetrix\SysMetrix.exe
O4 - HKLM\..\Run: [Desktop Service] C:\Program Files\Free-Soft\Virtual Desktop\DesktopLoader.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: Sid Registration.lnk = F:\ATR1.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download with Go!Zilla - file://C:\Program Files\Go!Zilla\download-with-gozilla.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - WWW. Prefix: http://
O15 - Trusted Zone: www.vetup.minpolj.sr.gov.yu
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {62BC5DB2-0044-4040-B366-D628F3CFD551} (PowerTeam HTML Printing Behavior) - http://www.vetup.minpolj.sr.gov.yu/V...PrinterBvr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D515463C-AD78-4558-AAAD-6973E8741F5B}: NameServer = 194.247.192.33 194.247.192.1
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 6607 bytes


Thanks in advance!!!

[ken545]

Hello acoas,

After your clean, you need to update your Operating System to Service Pack 2 or your going to keep getting iinfected, don't do it yet, I will give you instructions once your system is clean.


Open Notepad and copy all the text inside the quote box by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad

File::
C:\WINDOWS\system32\umuqdwbe.dll
C:\WINDOWS\system32\ksjanive.dll
C:\WINDOWS\system32\kotwmjsk.dll
C:\WINDOWS\system32\mnydaumf.ini
C:\WINDOWS\system32\mpnmbfcq.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\kgorpbos.ini
C:\WINDOWS\system32\jisblxpe.dll
C:\WINDOWS\system32\kmcsqhtn.dll
C:\WINDOWS\system32\tuvvwxy.dll
C:\WINDOWS\system32\opnoolj.dll
C:\WINDOWS\17PHolmes572.exe
C:\WINDOWS\system32\xepnqktt.dll
C:\WINDOWS\system32\vmndgpur.dll
C:\WINDOWS\system32\ctwakkkh.dll
C:\WINDOWS\system32\gcndbhpd.dll
C:\WINDOWS\system32\wjfbmcud.dll
C:\WINDOWS\system32\eauayrdu.dll
C:\WINDOWS\system32\eumhnadx.dll
C:\WINDOWS\system32\gebabay.dll

Folder::
C:\Program Files\Security iGuard
C:\Program Files\ClockSync

Save this as CFScript to your desktop.

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.




This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

[acoas]

OK, it seems that we are getting somewhere...


Here's the COMBOFIX LOG

ComboFix 07-11-19.3 - ALEKSANDAR 2007-11-22 16:04:30.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.267 [GMT 1:00]
Running from: C:\Documents and Settings\ALEKSANDAR\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\ALEKSANDAR\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\17PHolmes572.exe
C:\WINDOWS\system32\ctwakkkh.dll
C:\WINDOWS\system32\eauayrdu.dll
C:\WINDOWS\system32\eumhnadx.dll
C:\WINDOWS\system32\gcndbhpd.dll
C:\WINDOWS\system32\gebabay.dll
C:\WINDOWS\system32\jisblxpe.dll
C:\WINDOWS\system32\kgorpbos.ini
C:\WINDOWS\system32\kmcsqhtn.dll
C:\WINDOWS\system32\kotwmjsk.dll
C:\WINDOWS\system32\ksjanive.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mnydaumf.ini
C:\WINDOWS\system32\mpnmbfcq.ini
C:\WINDOWS\system32\opnoolj.dll
C:\WINDOWS\system32\tuvvwxy.dll
C:\WINDOWS\system32\umuqdwbe.dll
C:\WINDOWS\system32\vmndgpur.dll
C:\WINDOWS\system32\wjfbmcud.dll
C:\WINDOWS\system32\xepnqktt.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\17PHolmes572.exe
C:\WINDOWS\system32\ctwakkkh.dll
C:\WINDOWS\system32\eauayrdu.dll
C:\WINDOWS\system32\eumhnadx.dll
C:\WINDOWS\system32\gcndbhpd.dll
C:\WINDOWS\system32\gebabay.dll
C:\WINDOWS\system32\jisblxpe.dll
C:\WINDOWS\system32\kgorpbos.ini
C:\WINDOWS\system32\kmcsqhtn.dll
C:\WINDOWS\system32\kotwmjsk.dll
C:\WINDOWS\system32\ksjanive.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mnydaumf.ini
C:\WINDOWS\system32\mpnmbfcq.ini
C:\WINDOWS\system32\opnoolj.dll
C:\WINDOWS\system32\tuvvwxy.dll
C:\WINDOWS\system32\umuqdwbe.dll
C:\WINDOWS\system32\vmndgpur.dll
C:\WINDOWS\system32\wjfbmcud.dll
C:\WINDOWS\system32\xepnqktt.dll

.
((((((((((((((((((((((((( Files Created from 2007-10-22 to 2007-11-22 )))))))))))))))))))))))))))))))
.

2007-11-21 16:37 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-17 17:01 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-11-16 22:00 <DIR> d-------- C:\Program Files\Hattrick Coach Professional new
2007-11-14 17:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-13 19:46 583,184 ---hs---- C:\WINDOWS\system32\epxlbsij.ini
2007-11-12 14:18 827,598 ---hs---- C:\WINDOWS\system32\egyxevag.ini
2007-11-10 15:59 502,208 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-11-02 19:39 <DIR> d-------- C:\Program Files\Clickster
2007-10-28 21:05 <DIR> d-------- C:\Program Files\Amiglobe 2006

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-21 22:50 --------- d-----w C:\Documents and Settings\ALEKSANDAR\Application Data\Free Download Manager
2007-11-21 13:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-21 13:49 --------- d-----w C:\Program Files\Paradox Interactive
2007-11-20 19:54 --------- d-----w C:\Program Files\HT Ratings
2007-11-16 19:28 --------- d-----w C:\Documents and Settings\ALEKSANDAR\Application Data\GameHouse
2007-11-16 19:27 --------- d-----w C:\Program Files\GameHouse
2007-11-15 16:05 --------- d-----w C:\Program Files\SokkerViewer j
2007-11-15 01:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-06 17:54 --------- d-----w C:\Program Files\HattrickOk
2007-11-03 14:07 --------- d-----w C:\Program Files\SHISEN
2007-11-02 16:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\MumboJumbo
2007-10-23 17:57 --------- d-----w C:\Program Files\Gham
2007-10-20 11:43 --------- d-----w C:\Documents and Settings\ALEKSANDAR\Application Data\Super-Cow
2007-10-15 14:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\SecretsOfOlympus
2007-10-14 10:09 --------- d-----w C:\Documents and Settings\ALEKSANDAR\Application Data\vlc
2007-10-14 10:07 --------- d-----w C:\Program Files\VideoLAN
2007-10-13 23:02 --------- d-----w C:\Program Files\QuickTime Alternative
2007-10-13 23:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-10-13 21:18 --------- d-----w C:\Program Files\Apple Software Update
2007-10-13 21:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-10-13 19:50 --------- d-----w C:\Program Files\Player
2007-10-13 19:37 --------- d-----w C:\Program Files\3GP Player
2007-10-13 11:21 --------- d-----w C:\Documents and Settings\ALEKSANDAR\Application Data\iWin
2007-10-08 19:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2007-10-08 19:28 --------- d-----w C:\Documents and Settings\ALEKSANDAR\Application Data\PlayFirst
2007-10-08 17:30 --------- d-----w C:\Documents and Settings\ALEKSANDAR\Application Data\gemsweeperextractedgfx
2007-10-08 17:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\My Games
2007-10-07 19:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\GameHouse
2007-10-06 18:11 --------- d-----w C:\Documents and Settings\ALEKSANDAR\Application Data\uTorrent
2007-10-04 17:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\HipSoft
2007-09-27 05:18 --------- d-----w C:\Documents and Settings\ALEKSANDAR\Application Data\ArcSoft
2007-09-27 05:13 --------- d-----w C:\Program Files\ArcSoft
2007-09-22 11:32 --------- d-----w C:\Program Files\Audacity
2006-03-18 21:37 560 ----a-w C:\Program Files\Global.sw
2005-07-30 20:20 524,300 ----a-w C:\Documents and Settings\ALEKSANDAR\Application Data\position.bin
2005-02-25 19:00 573,440 ----a-w C:\Documents and Settings\ALEKSANDAR\Application Data\arasan.exe
2005-02-25 18:21 1,179,648 ----a-w C:\Documents and Settings\ALEKSANDAR\Application Data\book.bin
2005-02-25 18:14 1,118,208 ----a-w C:\Documents and Settings\ALEKSANDAR\Application Data\arasanx.exe
.

((((((((((((((((((((((((((((( snapshot@2007-11-21_23.56.25.33 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-11-21 21:12:35 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2007-11-22 05:13:00 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2007-11-21 21:12:35 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-11-22 05:13:00 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-11-21 21:12:35 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-11-22 05:13:00 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2002-08-29 02:41]
"TASKMGRU"="" []
"MSIMN32"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2001-08-23 13:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2003-09-05 15:59 C:\WINDOWS\system32\nwiz.exe]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-28 14:43]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05]
"Anti-Blaxx Manager"="C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe" [2005-05-18 16:08]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 05:03]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 05:03]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 15:07]
"SysMetrix"="C:\Program Files\SysMetrix\SysMetrix.exe" []
"Desktop Service"="C:\Program Files\Free-Soft\Virtual Desktop\DesktopLoader.exe" []
"AGRSMMSG"="AGRSMMSG.exe" [2005-06-30 06:16 C:\WINDOWS\AGRSMMSG.exe]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-11-10 15:59]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 00:19:50]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-12-24 14:57:38]
VIA RAID TOOL.lnk - C:\Program Files\VIA\RAID\raid_tool.exe [2004-07-21 09:14:21]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]
2003-05-21 17:37 229437 --a------ C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2003-10-23 18:51 233472 --a------ C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2003-06-25 10:24 49152 --a------ C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ins3DT]
E:\INSTALL4\INS3DT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]
C:\PROGRA~1\SPYWAR~1\swdoctor.exe /Q

R0 MrFilter;EasyWrite Driver;C:\WINDOWS\System32\drivers\MrFilter.sys
R0 viasraid;viasraid;C:\WINDOWS\System32\drivers\viasraid.sys
R2 Pctspk;PCTEL Speaker Phone;C:\WINDOWS\system32\pctspk.exe
S2 Ca533av;Icatch(IV) Video Camera Device;C:\WINDOWS\System32\Drivers\Ca533av.sys
S3 FreshIO;FreshIO;\??\C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys
S3 jnv4_mib;jnv4_mib;\??\C:\DOCUME~1\ALEKSA~1\LOCALS~1\Temp\jnv4_mib.sys
S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\System32\DRIVERS\k600bus.sys
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\System32\DRIVERS\k600mdfl.sys
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\System32\DRIVERS\k600mdm.sys
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\System32\DRIVERS\k600mgmt.sys
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\System32\DRIVERS\k600obex.sys
S3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS\System32\DRIVERS\ptserlp.sys
S3 RegGuard;RegGuard;\??\C:\WINDOWS\System32\Drivers\regguard.sys
S3 USBCamera;Icatch(IV) Still Camera Device;C:\WINDOWS\System32\Drivers\Bulk533.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-11-03 22:59:11 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-22 05:13:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-22 16:11:50
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-11-22 16:13:44 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-21 23:57
C:\ComboFix3.txt ... 2007-11-17 18:45
.
--- E O F ---


... and here is my HJT LOG

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:16:13, on 11/22/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Trend Micro\HijackThis\Scanner.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = cache.eunet.yu:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.eunet.yu;*.eunet.yu;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [SysMetrix] C:\Program Files\SysMetrix\SysMetrix.exe
O4 - HKLM\..\Run: [Desktop Service] C:\Program Files\Free-Soft\Virtual Desktop\DesktopLoader.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: Sid Registration.lnk = F:\ATR1.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download with Go!Zilla - file://C:\Program Files\Go!Zilla\download-with-gozilla.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - WWW. Prefix: http://
O15 - Trusted Zone: www.vetup.minpolj.sr.gov.yu
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {62BC5DB2-0044-4040-B366-D628F3CFD551} (PowerTeam HTML Printing Behavior) - http://www.vetup.minpolj.sr.gov.yu/V...PrinterBvr.cab
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 6401 bytes

[acoas]

By the way, last night I tried to scan My computer with Kaspersky Online Scanner. It took more then 6 hours to scan around 28% of files on my local discs, so I couldn't finish what I have started.
Maybe this wouldn't help you at all but anyway I'm posting the part of this log (those 28%)

Wednesday, November 21, 2007 23:01:05
Operating System: Microsoft Windows XP Professional, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 21/11/2007
Kaspersky Anti-Virus database records: 462774


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
G:\
H:\

Scan Statistics
Total number of scanned objects 88431
Number of viruses found 8
Number of infected objects 59
Number of suspicious objects 0
Duration of the scan process 06:05:40

Infected Object Name Virus Name Last Action
C:\Documents and Settings\ALEKSANDAR\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\ALEKSANDAR\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\ALEKSANDAR\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\ALEKSANDAR\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\ALEKSANDAR\Local Settings\History\History.IE5\MSHist012007112120071122\index.dat Object is locked skipped

C:\Documents and Settings\ALEKSANDAR\Local Settings\Temp\Free Download Manager\tic9.tmp Object is locked skipped

C:\Documents and Settings\ALEKSANDAR\Local Settings\Temp\~DFAA0E.tmp Object is locked skipped

C:\Documents and Settings\ALEKSANDAR\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\ALEKSANDAR\My Documents\My Movies\DiVX\Original Sin\Install\Player\RadLight 3.03 R5.2\RadLight3.exe/data0036/SaveNow.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ag skipped

C:\Documents and Settings\ALEKSANDAR\My Documents\My Movies\DiVX\Original Sin\Install\Player\RadLight 3.03 R5.2\RadLight3.exe/data0036/Uninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.aw skipped

C:\Documents and Settings\ALEKSANDAR\My Documents\My Movies\DiVX\Original Sin\Install\Player\RadLight 3.03 R5.2\RadLight3.exe/data0036 Infected: not-a-virus:AdWare.Win32.SaveNow.aw skipped

C:\Documents and Settings\ALEKSANDAR\My Documents\My Movies\DiVX\Original Sin\Install\Player\RadLight 3.03 R5.2\RadLight3.exe/data0037 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped

C:\Documents and Settings\ALEKSANDAR\My Documents\My Movies\DiVX\Original Sin\Install\Player\RadLight 3.03 R5.2\RadLight3.exe Inno: infected - 4 skipped

C:\Documents and Settings\ALEKSANDAR\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\ALEKSANDAR\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Downloads\baby_balloons.exe/file7 Infected: not-a-virus:AdTool.Win32.WhenU.a skipped

C:\Downloads\baby_balloons.exe Inno: infected - 1 skipped

C:\Downloads\brgcg203.exe/run.exe/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.aan skipped

C:\Downloads\brgcg203.exe/run.exe/stream Infected: Trojan-Downloader.Win32.Zlob.aan skipped

C:\Downloads\brgcg203.exe/run.exe Infected: Trojan-Downloader.Win32.Zlob.aan skipped

C:\Downloads\brgcg203.exe ZIP: infected - 3 skipped

C:\Downloads\Cake_Mania_v1[1].0_Cracked_WORKING-TNT\run.exe/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.aum skipped

C:\Downloads\Cake_Mania_v1[1].0_Cracked_WORKING-TNT\run.exe/stream Infected: Trojan-Downloader.Win32.Zlob.aum skipped

C:\Downloads\Cake_Mania_v1[1].0_Cracked_WORKING-TNT\run.exe NSIS: infected - 2 skipped

C:\Downloads\Cake_Mania_v1[1].0_Cracked_WORKING-TNT\run.exe UPX: infected - 2 skipped

C:\Downloads\Cake_Mania_v1[1].0_Cracked_WORKING-TNT\run.exe PE_Patch.UPX: infected - 2 skipped

C:\Downloads\Chameleon_Gems_v1[1].07_Cracked-TNT\run.exe/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.aum skipped

C:\Downloads\Chameleon_Gems_v1[1].07_Cracked-TNT\run.exe/stream Infected: Trojan-Downloader.Win32.Zlob.aum skipped

C:\Downloads\Chameleon_Gems_v1[1].07_Cracked-TNT\run.exe NSIS: infected - 2 skipped

C:\Downloads\Chameleon_Gems_v1[1].07_Cracked-TNT\run.exe UPX: infected - 2 skipped

C:\Downloads\Chameleon_Gems_v1[1].07_Cracked-TNT\run.exe PE_Patch.UPX: infected - 2 skipped

C:\Downloads\cherry_cook.exe/file12 Infected: not-a-virus:AdTool.Win32.WhenU.a skipped

C:\Downloads\cherry_cook.exe Inno: infected - 1 skipped

C:\Downloads\Cubis Gold 2 (GameHouse) by Knetus.exe/run.exe/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.aan skipped

C:\Downloads\Cubis Gold 2 (GameHouse) by Knetus.exe/run.exe/stream Infected: Trojan-Downloader.Win32.Zlob.aan skipped

C:\Downloads\Cubis Gold 2 (GameHouse) by Knetus.exe/run.exe Infected: Trojan-Downloader.Win32.Zlob.aan skipped

C:\Downloads\Cubis Gold 2 (GameHouse) by Knetus.exe ZIP: infected - 3 skipped

C:\Downloads\Cubis Gold 2 v1.03 Crack.exe/run.exe/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.aan skipped

C:\Downloads\Cubis Gold 2 v1.03 Crack.exe/run.exe/stream Infected: Trojan-Downloader.Win32.Zlob.aan skipped

C:\Downloads\Cubis Gold 2 v1.03 Crack.exe/run.exe Infected: Trojan-Downloader.Win32.Zlob.aan skipped

C:\Downloads\Cubis Gold 2 v1.03 Crack.exe ZIP: infected - 3 skipped

C:\Downloads\Delicious_Deluxe_v1[1].0_Cracked-TNT\run.exe/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.aum skipped

C:\Downloads\Delicious_Deluxe_v1[1].0_Cracked-TNT\run.exe/stream Infected: Trojan-Downloader.Win32.Zlob.aum skipped

C:\Downloads\Delicious_Deluxe_v1[1].0_Cracked-TNT\run.exe NSIS: infected - 2 skipped

C:\Downloads\Delicious_Deluxe_v1[1].0_Cracked-TNT\run.exe UPX: infected - 2 skipped

C:\Downloads\Delicious_Deluxe_v1[1].0_Cracked-TNT\run.exe PE_Patch.UPX: infected - 2 skipped

C:\Downloads\eastern_mahjong.exe/file7 Infected: not-a-virus:AdTool.Win32.WhenU.a skipped

C:\Downloads\eastern_mahjong.exe Inno: infected - 1 skipped

C:\Downloads\Gamehouse.CUBIS.GOLD.2.v1.03_CRK-FFF.exe/run.exe/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.aan skipped

C:\Downloads\Gamehouse.CUBIS.GOLD.2.v1.03_CRK-FFF.exe/run.exe/stream Infected: Trojan-Downloader.Win32.Zlob.aan skipped

C:\Downloads\Gamehouse.CUBIS.GOLD.2.v1.03_CRK-FFF.exe/run.exe Infected: Trojan-Downloader.Win32.Zlob.aan skipped

C:\Downloads\Gamehouse.CUBIS.GOLD.2.v1.03_CRK-FFF.exe ZIP: infected - 3 skipped

C:\Downloads\GameHouse.Mystery.Case.Files.Huntsville.v1.2_CRKDLL-FFF.exe/run.exe Infected: Trojan-Downloader.Win32.Zlob.vg skipped

C:\Downloads\GameHouse.Mystery.Case.Files.Huntsville.v1.2_CRKDLL-FFF.exe ZIP: infected - 1 skipped

C:\Downloads\help_santa.exe/file07 Infected: not-a-virus:AdTool.Win32.WhenU.a skipped

C:\Downloads\help_santa.exe Inno: infected - 1 skipped

C:\Downloads\Karu (GameHouse) by Knetus.exe/run.exe Infected: Trojan-Downloader.Win32.Zlob.vg skipped

C:\Downloads\Karu (GameHouse) by Knetus.exe ZIP: infected - 1 skipped

C:\Downloads\snd-atlantisquest1.0.cracked.exe.exe/run.exe Infected: Trojan-Downloader.Win32.Zlob.vg skipped

C:\Downloads\snd-atlantisquest1.0.cracked.exe.exe ZIP: infected - 1 skipped

C:\Downloads\snd-teddyfactory1.0.cracked.exe.exe/run.exe/data0007 Infected: Trojan-Downloader.Win32.Zlob.xp skipped

C:\Downloads\snd-teddyfactory1.0.cracked.exe.exe/run.exe/data0008 Infected: Trojan-Downloader.Win32.Zlob.xp skipped

C:\Downloads\snd-teddyfactory1.0.cracked.exe.exe/run.exe Infected: Trojan-Downloader.Win32.Zlob.xp skipped

C:\Downloads\snd-teddyfactory1.0.cracked.exe.exe ZIP: infected - 3 skipped

C:\Downloads\Talismania_Deluxe_v1[1].0.173700_Cracked-TNT\run.exe/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.aum skipped

C:\Downloads\Talismania_Deluxe_v1[1].0.173700_Cracked-TNT\run.exe/stream Infected: Trojan-Downloader.Win32.Zlob.aum skipped

C:\Downloads\Talismania_Deluxe_v1[1].0.173700_Cracked-TNT\run.exe NSIS: infected - 2 skipped

C:\Downloads\Talismania_Deluxe_v1[1].0.173700_Cracked-TNT\run.exe UPX: infected - 2 skipped

C:\Downloads\Talismania_Deluxe_v1[1].0.173700_Cracked-TNT\run.exe PE_Patch.UPX: infected - 2 skipped

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2007-11-21.16-31-16.log Object is locked skipped

Scan was interrupted by user!


I'm looking forward for your next post... Bye!

[ken545]

These two have to go.

Open Notepad and copy all the text inside the quote box by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad

File::
C:\WINDOWS\system32\epxlbsij.ini
C:\WINDOWS\system32\egyxevag.ini

Save this as CFScript to your desktop.

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.




This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.




Please download SuperAntiSpyware
Install the program

• Run SuperAntiSpyware and click: Check for updates
• Once the update is finished, on the main screen, click: Scan your computer
• Check: Perform Complete Scan
• Click Next to start the scan.

Superantispyware scans the computer, and when finished, lists all the infections found.
Make sure everything found has a check next to it, and press: Next
Then, click Finish

It is possible that the program asks to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:

• Click: Preferences
• Click the Statistics/Logs tab
• Under Scanner Logs, double-click SuperAntiSpyware Scan Log

It opens in your default text editor (such as Notepad)

Please provide the SuperAntiSpyware log in your reply, as well as a new HijackThis log.



Need to see the new Combofix log and the SAS log please

[acoas]

And here we go...


COMBOFIX LOG

ComboFix 07-11-19.3 - ALEKSANDAR 2007-11-22 23:50:19.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.240 [GMT 1:00]
Running from: C:\Documents and Settings\ALEKSANDAR\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\ALEKSANDAR\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\egyxevag.ini
C:\WINDOWS\system32\epxlbsij.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\egyxevag.ini
C:\WINDOWS\system32\epxlbsij.ini

.
((((((((((((((((((((((((( Files Created from 2007-10-22 to 2007-11-22 )))))))))))))))))))))))))))))))
.

2007-11-22 23:09 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-11-22 23:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-22 23:09 <DIR> d-------- C:\Documents and Settings\ALEKSANDAR\Application Data\SUPERAntiSpyware.com
2007-11-21 16:37 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-17 17:01 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-11-16 22:00 <DIR> d-------- C:\Program Files\Hattrick Coach Professional new
2007-11-14 17:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-10 15:59 502,208 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-11-02 19:39 <DIR> d-------- C:\Program Files\Clickster
2007-10-28 21:05 <DIR> d-------- C:\Program Files\Amiglobe 2006

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-22 22:09 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-22 19:03 --------- d-----w C:\Documents and Settings\ALEKSANDAR\Application Data\Free Download Manager
2007-11-22 15:56 --------- d-----w C:\Program Files\SokkerViewer j
2007-11-21 13:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-21 13:49 --------- d-----w C:\Program Files\Paradox Interactive
2007-11-20 19:54 --------- d-----w C:\Program Files\HT Ratings
2007-11-16 19:28 --------- d-----w C:\Documents and Settings\ALEKSANDAR\Application Data\GameHouse
2007-11-16 19:27 --------- d-----w C:\Program Files\GameHouse
2007-11-15 01:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-10 14:59 270,336 ----a-w C:\WINDOWS\system32\imon.dll
2007-11-06 17:54 --------- d-----w C:\Program Files\HattrickOk
2007-11-03 14:07 --------- d-----w C:\Program Files\SHISEN
2007-11-02 16:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\MumboJumbo
2007-10-23 17:57 --------- d-----w C:\Program Files\Gham
2007-10-20 11:43 --------- d-----w C:\Documents and Settings\ALEKSANDAR\Application Data\Super-Cow
2007-10-15 14:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\SecretsOfOlympus
2007-10-14 10:09 --------- d-----w C:\Documents and Settings\ALEKSANDAR\Application Data\vlc
2007-10-14 10:07 --------- d-----w C:\Program Files\VideoLAN
2007-10-13 23:02 --------- d-----w C:\Program Files\QuickTime Alternative
2007-10-13 23:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-10-13 21:18 --------- d-----w C:\Program Files\Apple Software Update
2007-10-13 21:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-10-13 19:50 --------- d-----w C:\Program Files\Player
2007-10-13 19:37 --------- d-----w C:\Program Files\3GP Player
2007-10-13 11:21 --------- d-----w C:\Documents and Settings\ALEKSANDAR\Application Data\iWin
2007-10-08 19:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2007-10-08 19:28 --------- d-----w C:\Documents and Settings\ALEKSANDAR\Application Data\PlayFirst
2007-10-08 17:30 --------- d-----w C:\Documents and Settings\ALEKSANDAR\Application Data\gemsweeperextractedgfx
2007-10-08 17:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\My Games
2007-10-07 19:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\GameHouse
2007-10-06 18:11 --------- d-----w C:\Documents and Settings\ALEKSANDAR\Application Data\uTorrent
2007-10-04 17:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\HipSoft
2007-09-27 05:18 --------- d-----w C:\Documents and Settings\ALEKSANDAR\Application Data\ArcSoft
2007-09-27 05:13 --------- d-----w C:\Program Files\ArcSoft
2007-09-22 11:32 --------- d-----w C:\Program Files\Audacity
2006-03-18 21:37 560 ----a-w C:\Program Files\Global.sw
2005-07-30 20:20 524,300 ----a-w C:\Documents and Settings\ALEKSANDAR\Application Data\position.bin
2005-02-25 19:00 573,440 ----a-w C:\Documents and Settings\ALEKSANDAR\Application Data\arasan.exe
2005-02-25 18:21 1,179,648 ----a-w C:\Documents and Settings\ALEKSANDAR\Application Data\book.bin
2005-02-25 18:14 1,118,208 ----a-w C:\Documents and Settings\ALEKSANDAR\Application Data\arasanx.exe
.

((((((((((((((((((((((((((((( snapshot@2007-11-21_23.56.25.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-22 22:09:48 29,696 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe
+ 2007-11-22 22:09:48 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2007-11-22 22:09:48 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
- 2007-11-21 21:12:35 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2007-11-22 21:13:00 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2007-11-21 21:12:35 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-11-22 21:13:00 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-11-21 21:12:35 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-11-22 21:13:00 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2002-08-29 02:41]
"TASKMGRU"="" []
"MSIMN32"="" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2001-08-23 13:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2003-09-05 15:59 C:\WINDOWS\system32\nwiz.exe]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-28 14:43]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05]
"Anti-Blaxx Manager"="C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe" [2005-05-18 16:08]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 05:03]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 05:03]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 15:07]
"SysMetrix"="C:\Program Files\SysMetrix\SysMetrix.exe" []
"Desktop Service"="C:\Program Files\Free-Soft\Virtual Desktop\DesktopLoader.exe" []
"AGRSMMSG"="AGRSMMSG.exe" [2005-06-30 06:16 C:\WINDOWS\AGRSMMSG.exe]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-11-10 15:59]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 00:19:50]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-12-24 14:57:38]
VIA RAID TOOL.lnk - C:\Program Files\VIA\RAID\raid_tool.exe [2004-07-21 09:14:21]

[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]
2003-05-21 17:37 229437 --a------ C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2003-10-23 18:51 233472 --a------ C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2003-06-25 10:24 49152 --a------ C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ins3DT]
E:\INSTALL4\INS3DT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]
C:\PROGRA~1\SPYWAR~1\swdoctor.exe /Q

R0 MrFilter;EasyWrite Driver;C:\WINDOWS\System32\drivers\MrFilter.sys
R0 viasraid;viasraid;C:\WINDOWS\System32\drivers\viasraid.sys
R2 Pctspk;PCTEL Speaker Phone;C:\WINDOWS\system32\pctspk.exe
S2 Ca533av;Icatch(IV) Video Camera Device;C:\WINDOWS\System32\Drivers\Ca533av.sys
S3 FreshIO;FreshIO;\??\C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys
S3 jnv4_mib;jnv4_mib;\??\C:\DOCUME~1\ALEKSA~1\LOCALS~1\Temp\jnv4_mib.sys
S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\System32\DRIVERS\k600bus.sys
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\System32\DRIVERS\k600mdfl.sys
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\System32\DRIVERS\k600mdm.sys
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\System32\DRIVERS\k600mgmt.sys
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\System32\DRIVERS\k600obex.sys
S3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS\System32\DRIVERS\ptserlp.sys
S3 RegGuard;RegGuard;\??\C:\WINDOWS\System32\Drivers\regguard.sys
S3 USBCamera;Icatch(IV) Still Camera Device;C:\WINDOWS\System32\Drivers\Bulk533.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-11-03 22:59:11 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-22 21:13:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-22 23:54:38
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-11-22 23:55:48
C:\ComboFix2.txt ... 2007-11-22 16:13
C:\ComboFix3.txt ... 2007-11-21 23:57
.
--- E O F ---



HJT LOG

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:57:46, on 11/22/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\System32\cmd.exe
C:\ComboFix\vfind.cfexe
C:\WINDOWS\System32\cmd.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\Scanner.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = cache.eunet.yu:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.eunet.yu;*.eunet.yu;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [SysMetrix] C:\Program Files\SysMetrix\SysMetrix.exe
O4 - HKLM\..\Run: [Desktop Service] C:\Program Files\Free-Soft\Virtual Desktop\DesktopLoader.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Sid Registration.lnk = F:\ATR1.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download with Go!Zilla - file://C:\Program Files\Go!Zilla\download-with-gozilla.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - WWW. Prefix: http://
O15 - Trusted Zone: www.vetup.minpolj.sr.gov.yu
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {62BC5DB2-0044-4040-B366-D628F3CFD551} (PowerTeam HTML Printing Behavior) - http://www.vetup.minpolj.sr.gov.yu/V...PrinterBvr.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 6719 bytes

[acoas]

...

SUPER ANTISPYWARE SCAN LOG

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/23/2007 at 01:30 AM

Application Version : 3.9.1008

Core Rules Database Version : 3259
Trace Rules Database Version: 1270

Scan type : Complete Scan
Total Scan Time : 01:31:21

Memory items scanned : 331
Memory threats detected : 0
Registry items scanned : 5804
Registry threats detected : 14
File items scanned : 70011
File threats detected : 100

Unclassified.AnalyzeIE Module
HKLM\Software\Classes\CLSID\{1A1488CB-8028-49ba-AD19-18D13CDC650F}
HKCR\CLSID\{1A1488CB-8028-49BA-AD19-18D13CDC650F}
HKCR\CLSID\{1A1488CB-8028-49BA-AD19-18D13CDC650F}
HKCR\CLSID\{1A1488CB-8028-49BA-AD19-18D13CDC650F}\InprocServer32
HKCR\CLSID\{1A1488CB-8028-49BA-AD19-18D13CDC650F}\InprocServer32#ThreadingModel
HKCR\CLSID\{1A1488CB-8028-49BA-AD19-18D13CDC650F}\ProgID
HKCR\CLSID\{1A1488CB-8028-49BA-AD19-18D13CDC650F}\Programmable
HKCR\CLSID\{1A1488CB-8028-49BA-AD19-18D13CDC650F}\TypeLib
HKCR\CLSID\{1A1488CB-8028-49BA-AD19-18D13CDC650F}\VersionIndependentProgID
BLANK

Adware.Tracking Cookie
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@cgi-bin[5].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@image.masterstats[1].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@www.ultime-porno[1].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@ads2.pogodak.co[1].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@www.lesssex[1].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@cz3.clickzs[2].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@www.newpornpics[2].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@www.adultxpix[2].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@2o7[2].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@ipoint.targetpoint[1].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@sites[2].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@perfectmovie[1].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@cgi-bin[2].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@sexymature[1].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@top.porn-comics[1].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@itxt.vibrantmedia[1].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@vecernji[1].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@tacoda[2].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@ad.httpool[1].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@yadro[1].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@ads.gamesbannernet[4].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@cz6.clickzs[2].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@cz5.clickzs[3].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@www.bestpornstardb[1].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@www.elitesecurity[1].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@amlocalhost.trymedia[2].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@cgi-bin[4].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@cgi-bin[3].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@statcounter[2].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@teens-getfucked[1].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@xxxflavour[2].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@xiti[1].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@babeporno[2].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@elitesecurity[1].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@a[1].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@youlovegayporn[2].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@cgi-bin[6].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@sex-blust[2].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@005.free-counter.co[2].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@adultxpix[2].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@st[19].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@system[1].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@xxxcreatures[2].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@glorious-pornstars[2].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@1072407087[1].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@usenext[1].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@www.teen-snatches[2].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@cgi-bin[8].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@eas.apm.emediate[1].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@adultadworld[1].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@clicksor[2].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@audit.median[1].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@stats.ilsemedia[1].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@sexysportschicks[1].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@ads2.sportglobal[2].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@adopt.specificclick[1].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@www.momsonsex[1].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@clickaider[2].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@www.screensavers[1].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@i[2].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@pixel.ilsemedia[1].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@atwola[1].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@advertising[2].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@toplist[1].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@cgi-bin[7].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@try.screensavers[1].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@adultdvddaily[1].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@xxxvideomature[1].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@ad1.clickhype[1].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@sexyshare[1].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@cz4.clickzs[2].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@i.screensavers[1].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@nudecelebrityporn[2].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@sexstoriespost[2].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@tracking.quisma[2].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@r-kimedia.co[1].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@hit.stat[2].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@media.mtvnservices[1].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@www.windowsmedia[2].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@www.burstbeacon[1].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@ads.mediamayhemcorp[2].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@track.webgains[1].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@windowsmedia[2].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@ad[1].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@ads.softure[1].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@findpornstar[2].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@azjmp[2].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@ads.realtechnetwork[1].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@smileycentral[2].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@ad.yieldmanager[2].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@ad.yieldmanager[3].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@banners[1].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@banners[2].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@counter[1].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@crack-list@yahoogroups[1].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@ehg-kasperskylab.hitbox[2].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@ehg-kasperskylab.hitbox[3].txt
C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@hitbox[1].txt

Registry Cleaner Trial
HKCR\Install.Install
HKCR\Install.Install\CLSID
HKCR\Install.Install\CurVer
HKCR\Install.Install.1
HKCR\Install.Install.1\CLSID

Adware.ClickSpring/Yazzle
C:\DOCUMENTS AND SETTINGS\ALEKSANDAR\MY DOCUMENTS\DOWNLOADS\GAMEHOUSE SUDOKU FULL\GAMEHOUSE SUDOKU FULL\SUDOKUINSTALL.EXE



HJT LOG (after scanning with Super Antispyware)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:21:01, on 11/23/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Trend Micro\HijackThis\Scanner.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = cache.eunet.yu:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.eunet.yu;*.eunet.yu;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [SysMetrix] C:\Program Files\SysMetrix\SysMetrix.exe
O4 - HKLM\..\Run: [Desktop Service] C:\Program Files\Free-Soft\Virtual Desktop\DesktopLoader.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Sid Registration.lnk = F:\ATR1.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download with Go!Zilla - file://C:\Program Files\Go!Zilla\download-with-gozilla.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - WWW. Prefix: http://
O15 - Trusted Zone: www.vetup.minpolj.sr.gov.yu
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {62BC5DB2-0044-4040-B366-D628F3CFD551} (PowerTeam HTML Printing Behavior) - http://www.vetup.minpolj.sr.gov.yu/V...PrinterBvr.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 6636 bytes

[ken545]

An update for you after looking over your logs.

We do not support the use of illegal Pirated/Warez/Cracked software.

Helping a person who insists on using such software, could be construed in the eyes of the law to be aiding and abetting a crime. Therefore you will be asked to remove any cracked programs and in the case of your operating system, to obtain a valid licensed copy.

If a helper does assist you in the cleanup, it will be on good faith that you install a licensed OS on the machine immediately thereafter, and will not appear in this forum again without such.

Thank you for your understanding, and assisting in keeping the net a safer place for everyone.

C:\Downloads <-- Delete everything in this folder. Most of it is infected. Then run kaspersky virus scanner again and post the log.