Hi, nod32 can't remove, sophos and trend not detect but im sure that my pc is infected. Nod pop up the messages:
vbstat.j trojan and next virtumonde.
i find some weird names like ssttq.dll, rjxy....dll etc... I renamed hijack to scanner and below is final log, Thx for help:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:59:52, on 30/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
E:\WINXPEN\System32\smss.exe
E:\WINXPEN\system32\winlogon.exe
E:\WINXPEN\system32\services.exe
E:\WINXPEN\system32\lsass.exe
E:\WINXPEN\system32\svchost.exe
E:\Program Files\Windows Defender\MsMpEng.exe
E:\WINXPEN\System32\svchost.exe
E:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
E:\WINXPEN\system32\spoolsv.exe
E:\Program Files\Intel\IDU\awServ.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\WINXPEN\system32\CTsvcCDA.EXE
E:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
E:\WINXPEN\system32\inetsrv\inetinfo.exe
E:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
E:\Program Files\Eset\nod32krn.exe
E:\WINXPEN\system32\nvsvc32.exe
e:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
E:\WINXPEN\system32\svchost.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\WINXPEN\system32\wbem\wmiapsrv.exe
E:\WINXPEN\Explorer.EXE
E:\Program Files\TortoiseSVN\bin\TSVNCache.exe
E:\Program Files\Microsoft IntelliPoint\point32.exe
E:\Program Files\Intel\IDU\iptray.exe
E:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
E:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
E:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
E:\WINXPEN\CTHELPER.EXE
E:\WINXPEN\system32\CTXFIHLP.EXE
E:\WINXPEN\SYSTEM32\CTXFISPI.EXE
E:\Program Files\Windows Defender\MSASCui.exe
E:\Program Files\Creative\PC-CAM Center\CAMTRAY.EXE
E:\WINXPEN\WinLogT.exe
E:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\Eset\nod32kui.exe
E:\WINXPEN\system32\RUNDLL32.EXE
E:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
E:\Program Files\Google\Google Talk\googletalk.exe
E:\Program Files\MSN Messenger\MsnMsgr.Exe
E:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe
E:\Program Files\TGTSoft\StyleXP\StyleXP.exe
E:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
E:\Program Files\MagicDisc\MagicDisc.exe
E:\WINXPEN\Explorer.EXE
E:\WINXPEN\system32\NOTEPAD.EXE
E:\Program Files\Scintilla Text Editor\SciTE.exe
E:\WINXPEN\system32\ntvdm.exe
c:\AV-CLS\Trend\SYSCLEAN.COM
c:\AV-CLS\Trend\sysclean.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Documents and Settings\giuice\Desktop\betatest\remover\scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.google.com/mail/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {598F4775-6FB6-477B-9842-E0426824E077} - E:\DOCUME~1\giuice\LOCALS~1\Temp\~DP43.dll (file missing)
O2 - BHO: Microsoft Web Test Recorder Helper - {62355041-605D-4469-84FD-5D66ED67A7E3} - E:\Program Files\Microsoft Visual Studio 8\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E57BF60-718E-4CB4-B0E5-6353AD881FA3} - E:\WINXPEN\system32\ssttq.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: InlineSearchHandleHotKey - {B6FFE2AE-4D12-451F-B457-FE6125FFB1CF} - E:\Program Files\IEForge\Inline Search\InlineSearch.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - E:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - E:\WINXPEN\system32\ijxyngmi.dll
O2 - BHO: (no name) - {E9FE24FA-3113-4A03-908E-FF71D5AC683C} - E:\WINXPEN\system32\yayvuss.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IntelliPoint] "E:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "E:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ipTray.exe] "E:\Program Files\Intel\IDU\iptray.exe"
O4 - HKLM\..\Run: [CTDVDDET] "E:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [RCSystem] "E:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "E:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "E:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [VolPanel] "E:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] E:\WINXPEN\UpdReg.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINXPEN\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Defender] "E:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [eTrustPPAP] "E:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [Creative WebCam Tray] E:\Program Files\Creative\PC-CAM Center\CAMTRAY.EXE
O4 - HKLM\..\Run: [WinLogT] E:\WINXPEN\WinLogT.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINXPEN\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ISUSPM] "E:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [nod32kui] "E:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINXPEN\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunOnce: [megauploadtoolbar] E:\DOCUME~1\giuice\LOCALS~1\Temp\tbuninstall.exe -df "E:\Program Files\MegauploadToolbar\"
O4 - HKCU\..\Run: [Creative Detector] "E:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [googletalk] "E:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MtdAcq] E:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe /s
O4 - HKCU\..\Run: [STYLEXP] E:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINXPEN\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINXPEN\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINXPEN\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINXPEN\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINXPEN\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: MagicDisc.lnk = E:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: velox.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = E:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: &Windows Live Search - res://E:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - https://www.microsoft.com/resources/virtuallabs/ActiveX/VMRCActiveXClient1.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{03221A1A-5742-4706-BD07-2388A291172C}: NameServer = 200.149.55.142 200.165.132.155
O17 - HKLM\System\CS1\Services\Tcpip\..\{03221A1A-5742-4706-BD07-2388A291172C}: NameServer = 200.149.55.142 200.165.132.155
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ssttq - E:\WINXPEN\system32\ssttq.dll
O20 - Winlogon Notify: yayvuss - E:\WINXPEN\SYSTEM32\yayvuss.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - E:\WINXPEN\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - E:\WINXPEN\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Admin Works Agent X8 (AWService) - OSA Technologies Inc., An Avocent Company - E:\Program Files\Intel\IDU\awServ.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - E:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - E:\WINXPEN\system32\CTsvcCDA.EXE
O23 - Service: Diskeeper - Diskeeper® Corporation - E:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - E:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - E:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINXPEN\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - E:\Program Files\CyberLink\Shared Files\RichVideo.exe (file missing)
O23 - Service: StyleXPService - Unknown owner - E:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 12220 bytes

Hi giuice

Please post a HijackThis log with version 1.99.1:

Use this (http://downloads.malwareremoval.com/hijackthis_sfx.exe) link to get HijackThis.
Save it to your desktop and then double-click to run it.
It will install the program in c:\program files\HijackThis.
Browse to that location with windows explorer, rename HijackThis.exe to scanner.exe and double click on the scanner.exe program to run. Choose the 'Do a system scan and save a logfile'
That will allow you to save the log to the desktop (or some other place) and leave open a notepad file with the HijackThis log in it.

Now post your HijackThis log into this topic.

Hi Shaba,
Thx for your replay, there are many changes that i made, seems im not infected anymore but i dont have sure, this is the new log:

Logfile of HijackThis v1.99.1
Scan saved at 12:11, on 07-05-01
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
E:\WINXPEN\System32\smss.exe
E:\WINXPEN\system32\winlogon.exe
E:\WINXPEN\system32\services.exe
E:\WINXPEN\system32\lsass.exe
E:\WINXPEN\system32\svchost.exe
E:\WINXPEN\System32\svchost.exe
E:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
E:\WINXPEN\system32\spoolsv.exe
E:\WINXPEN\Explorer.EXE
E:\Program Files\TortoiseSVN\bin\TSVNCache.exe
E:\Program Files\Microsoft IntelliPoint\point32.exe
E:\Program Files\Intel\IDU\iptray.exe
E:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
E:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
E:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
E:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
E:\WINXPEN\CTHELPER.EXE
E:\WINXPEN\system32\CTXFIHLP.EXE
E:\WINXPEN\SYSTEM32\CTXFISPI.EXE
E:\Program Files\Creative\PC-CAM Center\CAMTRAY.EXE
E:\WINXPEN\WinLogT.exe
E:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
E:\Program Files\QuickTime\qttask.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
E:\WINXPEN\system32\RUNDLL32.EXE
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
E:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
E:\Program Files\Google\Google Talk\googletalk.exe
E:\Program Files\MSN Messenger\MsnMsgr.Exe
E:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
E:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe
E:\Program Files\TGTSoft\StyleXP\StyleXP.exe
E:\WINXPEN\system32\ctfmon.exe
E:\Program Files\MagicDisc\MagicDisc.exe
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
E:\Program Files\Intel\IDU\awServ.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\WINXPEN\system32\CTsvcCDA.EXE
E:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
E:\WINXPEN\system32\inetsrv\inetinfo.exe
E:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
E:\WINXPEN\system32\nvsvc32.exe
e:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
E:\WINXPEN\system32\svchost.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\WINXPEN\system32\wbem\wmiapsrv.exe
E:\Program Files\Joost\xulrunner\tvprunner.exe
E:\Program Files\Outlook Express\msimn.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\Scintilla Text Editor\SciTE.exe
E:\WINXPEN\Explorer.EXE
E:\WINXPEN\system32\rundll32.exe
E:\WINXPEN\system32\wscntfy.exe
E:\Program Files\Windows Defender\MsMpEng.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Documents and Settings\giuice\Desktop\betatest\remover\Scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.google.com/mail/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Microsoft Web Test Recorder Helper - {62355041-605D-4469-84FD-5D66ED67A7E3} - E:\Program Files\Microsoft Visual Studio 8\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: InlineSearchHandleHotKey - {B6FFE2AE-4D12-451F-B457-FE6125FFB1CF} - E:\Program Files\IEForge\Inline Search\InlineSearch.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - E:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IntelliPoint] "E:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "E:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ipTray.exe] "E:\Program Files\Intel\IDU\iptray.exe"
O4 - HKLM\..\Run: [CTDVDDET] "E:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [RCSystem] "E:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "E:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "E:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [VolPanel] "E:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] E:\WINXPEN\UpdReg.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINXPEN\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Defender] "E:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [eTrustPPAP] "E:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [Creative WebCam Tray] E:\Program Files\Creative\PC-CAM Center\CAMTRAY.EXE
O4 - HKLM\..\Run: [WinLogT] E:\WINXPEN\WinLogT.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINXPEN\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ISUSPM] "E:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINXPEN\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVP] "E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [Creative Detector] "E:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [googletalk] "E:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MtdAcq] E:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe /s
O4 - HKCU\..\Run: [STYLEXP] E:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINXPEN\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: MagicDisc.lnk = E:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: velox.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = E:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: &Windows Live Search - res://E:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: e:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - https://www.microsoft.com/resources/virtuallabs/ActiveX/VMRCActiveXClient1.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{03221A1A-5742-4706-BD07-2388A291172C}: NameServer = 200.149.55.142 200.165.132.155
O17 - HKLM\System\CS1\Services\Tcpip\..\{03221A1A-5742-4706-BD07-2388A291172C}: NameServer = 200.149.55.142 200.165.132.155
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - E:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - E:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: E:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll
O20 - Winlogon Notify: klogon - E:\WINXPEN\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - E:\WINXPEN\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - E:\WINXPEN\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing)
O23 - Service: Admin Works Agent X8 (AWService) - OSA Technologies Inc., An Avocent Company - E:\Program Files\Intel\IDU\awServ.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - E:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - E:\WINXPEN\system32\CTsvcCDA.EXE
O23 - Service: Diskeeper - Diskeeper® Corporation - E:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - E:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - e:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINXPEN\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - E:\Program Files\CyberLink\Shared Files\RichVideo.exe (file missing)
O23 - Service: StyleXPService - Unknown owner - E:\Program Files\TGTSoft\StyleXP\StyleXPService.exe



Thx,
Giuliano

Hi

Log really looks clean now.

Please do an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/downloads/kws/kavwebscan.html). You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then start to download the latest definition files.
Once the scanner is installed and the definitions downloaded, click Next.
Now click on Scan Settings
In the scan settings make sure that the following are selected:

o Scan using the following Anti-Virus database:

+ Extended (If available otherwise Standard)

o Scan Options:

+ Scan Archives
+ Scan Mail Bases

Click OK
Now under select a target to scan select My Computer
The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button
Save the file to your desktop.
Copy and paste that information in your next post.

Post:

- a fresh HijackThis log
- kaspersky report

5) Final Run:
Towards the end of a cleanup please make sure you follow through with any final log requested even if it appears to you that your computer is back to normal operation.
As much as we like our members ;) we would rather not see you back in a few weeks because there was no follow up with the helper.
http://forums.spybot.info/showpost.php?p=1150&postcount=2 :)

This topic has been archived.

If you need it re-opened, please send me a private message (pm) and provide a link to the thread. Applies only to the original poster, anyone else with similar problems please start a new topic.