zlob.downloader.vcd; smitfraud-c.msvps; AdRevolver;DoubleClick; Mediaplex; Zedo

[z-named]

It happened that I have all that on my PC. It's really annoying and in the worst possible moment. Spybot - Search & Destroy fixes them but the next time I restart it's all back. I hope someone could help me with these bastards...
That's the required log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:38:55, on 02.1.2008 г.
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
E:\Program Files 2\adaware\aawservice.exe
E:\PROGRAM FILES 2\FILE PROTECTOR\EFPAP.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\CCProxy\CCProxy.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
E:\Program Files 2\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
E:\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
E:\Program Files 2\iTunes\iPod\bin\iPodService.exe
E:\Program Files 2\Mozilla Firefox\firefox.exe
C:\Program Files\Winamp\winamp.exe
E:\Program Files 2\utorrent\utorrent.exe
E:\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Skype\Phone\Skype.exe
E:\Program Files 2\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.0.0.1:808
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - E:\Program Files 2\Flashget 1.82\install\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: BDEX System - {D10CD11A-4CA6-453A-ABE5-71EA37E1BC45} - C:\WINDOWS\domnftwvmd.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - E:\Program Files 2\Flashget 1.82\install\getflash.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: The emlkdvo - {8F96EAED-F89E-4B56-89C7-9B9F9C9F3A36} - C:\WINDOWS\emlkdvo.dll (file missing)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [GBB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] E:\Program Files 2\CorelDraw\Corel Install\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=021308 serial=DR12WNP-9936859-UJJ lang=EN
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files 2\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [UIWatcher] E:\Program Files 2\Ashampoo UnInstaller Platinum 2\UIWatcher.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [ICQ Lite] E:\PROGRA~1\ICQLite\ICQLite.exe -trayboot (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [ICQ Lite] E:\PROGRA~1\ICQLite\ICQLite.exe -trayboot (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Download All with FlashGet - E:\Program Files 2\Flashget 1.82\install\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - E:\Program Files 2\Flashget 1.82\install\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Program Files 2\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Program Files 2\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\Program Files 2\Flashget 1.82\install\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\Program Files 2\Flashget 1.82\install\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\Program Files 2\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\Program Files 2\ICQ6\ICQ.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\Program Files 2\yahoo messenger\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\Program Files 2\yahoo messenger\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C357FE0A-0556-4970-8990-64DF0B8E8C6B} (WebCamX Control) - http://sushilni.t0d.org:4201/WebCamX.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://87.120.43.77/activex/AMC.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FEF9F126-16A7-4BC4-A6C5-3DEAA6E0257A}: NameServer = 172.16.1.1
O21 - SSODL: alxvdvm - {65C645D1-FD41-497C-9F00-B8FDAE3C7EE4} - C:\WINDOWS\alxvdvm.dll
O21 - SSODL: bvtqfvx - {71482778-7313-488F-8205-2450DB961273} - C:\WINDOWS\bvtqfvx.dll (file missing)
O22 - SharedTaskScheduler: arsenicism - {075a465d-0af2-4b79-8db3-2fda0fd8d74c} - (no file)
O23 - Service: .NETSecurity - Unknown owner - C:\WINDOWS\system32\netsecurity.exe (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - E:\Program Files 2\adaware\aawservice.exe
O23 - Service: Easy File & Folder Protector (ACDService) - Unknown owner - E:\PROGRAM FILES 2\FILE PROTECTOR\EFPAP.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CCProxy - Unknown owner - C:\Program Files\CCProxy\CCProxy.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - E:\Program Files 2\iTunes\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 9494 bytes

I don't know if it will be useful but I'll also paste the beginning of the spybot log
--- Search result list ---
RadLight Media Player: [SBI $45DDAE31] Global settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\RadLight Team

RadLight Media Player: [SBI $900823A1] Desktop link (File, nothing done)
C:\Documents and Settings\A\Desktop\RadLight.lnk

Microsoft.WindowsSecurityCenter.AntiVirusDisableNotify: [SBI $5509538C] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify

Microsoft.WindowsSecurityCenter.FirewallDisableNotify: [SBI $8CFC8C85] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify

Microsoft.WindowsSecurityCenter.UpdateDisableNotify: [SBI $2FAA945D] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify

Microsoft.WindowsSecurityCenter_disabled: [SBI $2E20C9A9] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start

Smitfraud-C.MSVPS: [SBI $6FE8300C] Text file (File, nothing done)
C:\WINDOWS\dat.txt

Zlob.Downloader.vcd: [SBI $D8DF6192] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VideoPlugin

AdRevolver: [SBI $61F39AC8] Tracking cookie (Firefox: default) (Cookie, nothing done)


AdRevolver: [SBI $61F39AC8] Tracking cookie (Firefox: default) (Cookie, nothing done)


DoubleClick: [SBI $61F39AC8] Tracking cookie (Firefox: default) (Cookie, nothing done)


MediaPlex: [SBI $61F39AC8] Tracking cookie (Firefox: default) (Cookie, nothing done)


Zedo: [SBI $61F39AC8] Tracking cookie (Firefox: default) (Cookie, nothing done)


Zedo: [SBI $61F39AC8] Tracking cookie (Firefox: default) (Cookie, nothing done)


Zedo: [SBI $61F39AC8] Tracking cookie (Firefox: default) (Cookie, nothing done)


AdRevolver: [SBI $61F39AC8] Tracking cookie (Firefox: default) (Cookie, nothing done)


AdRevolver: [SBI $61F39AC8] Tracking cookie (Firefox: default) (Cookie, nothing done)


AdRevolver: [SBI $61F39AC8] Tracking cookie (Firefox: default) (Cookie, nothing done)


AdRevolver: [SBI $61F39AC8] Tracking cookie (Firefox: default) (Cookie, nothing done)

[Blade81]

Hi

Download
SDFix
and save it to your desktop. (If you can't download with this computer try to get it downloaded on some other one.)

Please then reboot your computer in Safe Mode by doing the
following :

• Restart your computer
• After hearing your computer beep once during startup, but before the
  Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, a menu with options should appear;
• Select the first option, to run Windows in Safe Mode, then press
  Enter
  .
• Choose your usual account.

• In Safe Mode, double click the SDFix.exe file. Click Install in appearing window,
• Open the extracted folder and double click RunThis.bat to
  start the script.
• Type Y to begin the script.
• It will remove the Trojan Services then make some repairs to the
  registry and prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• Your system will take longer that normal to restart as the fixtool
  will be running and removing files.
• When the desktop loads the Fixtool will complete the removal and
  display Finished, then press any key to end the script and load
  your desktop icons.
• Finally open the SDFix folder on your desktop and copy and paste the
  contents of the results file Report.txt back onto the forum with
  a new HijackThis log

[z-named]

OK, I did what you told me and these are the reports:


SDFix: Version 1.123

Run by A on 04.01.2008 Ј. at 14:35

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\DOCUME~1\A\Desktop\save\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default HomePage Value
Restoring Default Desktop Components Value

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\SYSTEM32\SYS_DLL.DLL - Deleted
C:\Documents and Settings\A\Favorites\Error Cleaner.url - Deleted
C:\Documents and Settings\A\Favorites\Privacy Protector.url - Deleted
C:\Documents and Settings\A\Favorites\Spyware&Malware Protection.url - Deleted
C:\WINDOWS\privacy_danger\index.htm - Deleted
C:\WINDOWS\privacy_danger\images\capt.gif - Deleted
C:\WINDOWS\privacy_danger\images\danger.jpg - Deleted
C:\WINDOWS\privacy_danger\images\down.gif - Deleted
C:\WINDOWS\privacy_danger\images\spacer.gif - Deleted
C:\WINDOWS\system32\tmp57.tmp - Deleted
C:\WINDOWS\system32\tmp3F.tmp - Deleted
C:\DOCUME~1\A\LOCALS~1\Temp\ac8zt2.dat - Deleted
C:\WINDOWS\alxvdvm.dll - Deleted
C:\WINDOWS\dat.txt - Deleted
C:\WINDOWS\domnftwvmd.dll - Deleted
C:\WINDOWS\fvkwdrt.exe - Deleted
C:\WINDOWS\regedit.com - Deleted
C:\WINDOWS\rs.txt - Deleted
C:\WINDOWS\search_res.txt - Deleted



Folder C:\WINDOWS\privacy_danger - Removed

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1333.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-04 14:39:57
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

IPC error: 2 The system cannot find the file specified.
scanning hidden services ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
P17Helper = Rundll32 SPIRun.dll,RunDLLEntry?

scanning hidden files ...

C:\WINDOWS\system32\pthreadVC.dll 65536 bytes
C:\WINDOWS\system32\px.dll 557056 bytes
C:\WINDOWS\system32\Packet.dll 98304 bytes
C:\WINDOWS\system32\WNASPI32.DLL 49152 bytes
C:\WINDOWS\system32\WanPacket.dll 65536 bytes
C:\WINDOWS\system32\pxmas.dll 196608 bytes
C:\WINDOWS\system32\SIntf16.dll 16384 bytes
C:\WINDOWS\system32\RTSndMgr.CPL 278528 bytes
C:\WINDOWS\system32\pxwave.dll 393216 bytes
C:\WINDOWS\system32\ALSNDMGR.CPL 311296 bytes
C:\WINDOWS\system32\RTCOM
C:\WINDOWS\system32\RTCOM\RTLCPAPI.dll 147456 bytes
C:\WINDOWS\system32\RTCOM\RTCOMDLL.dll 278528 bytes
C:\WINDOWS\system32\OggSplitter.ax 376832 bytes
C:\WINDOWS\system32\OpenQuicktimeLib.dll 442368 bytes
C:\WINDOWS\system32\RealMediaSplitter.ax 425984 bytes
C:\WINDOWS\system32\vxblock.dll 49152 bytes
C:\WINDOWS\system32\msvcr71.dll 360448 bytes
C:\WINDOWS\system32\atl71.dll 98304 bytes
C:\WINDOWS\system32\msvcp71.dll 507904 bytes
C:\WINDOWS\system32\pxdrv.dll 524288 bytes
C:\WINDOWS\system32\jupdate-1.5.0_08-b03.log 16384 bytes
C:\WINDOWS\system32\AVSredirect.dll 32768 bytes
C:\WINDOWS\system32\jpicpl32.cpl 65536 bytes
C:\WINDOWS\system32\pxsfs.dll 1638400 bytes
C:\WINDOWS\system32\d3d8caps.dat 16384 bytes
C:\WINDOWS\system32\divxdec.ax 720896 bytes
C:\WINDOWS\system32\xvid.ax 81920 bytes
C:\WINDOWS\system32\SIntf32.dll 32768 bytes
C:\WINDOWS\system32\SIntfNT.dll 32768 bytes
C:\WINDOWS\system32\NtmsData
C:\WINDOWS\system32\NtmsData\NTMSDATA 163840 bytes
C:\WINDOWS\system32\NtmsData\NTMSIDX 114688 bytes
C:\WINDOWS\system32\NtmsData\NTMSREG 16384 bytes
C:\WINDOWS\system32\NtmsData\NTMSDATA.BAK 163840 bytes
C:\WINDOWS\system32\DivXG400.ax 245760 bytes
C:\WINDOWS\system32\CmdLineExt03.dll 49152 bytes
C:\WINDOWS\system32\actsplash.ocx 196608 bytes
C:\WINDOWS\system32\Fish Tycoon.scr 49152 bytes
C:\WINDOWS\system32\AS-Exp2.ocx 278528 bytes
C:\WINDOWS\system32\jupdate-1.5.0_09-b03.log 16384 bytes
C:\WINDOWS\system32\java.exe 65536 bytes
C:\WINDOWS\system32\javaw.exe 65536 bytes
C:\WINDOWS\system32\javaws.exe 131072 bytes
C:\WINDOWS\system32\pxafs.dll 131072 bytes
C:\WINDOWS\system32\MSRDO20.DLL 409600 bytes
C:\WINDOWS\system32\RDOCURS.DLL 163840 bytes
C:\WINDOWS\system32\pxhpinst.exe 81920 bytes
C:\WINDOWS\system32\MFC42ENU.DLL 65536 bytes
C:\WINDOWS\system32\VEN2232.OLB 49152 bytes
C:\WINDOWS\system32\VBAEND32.OLB 32768 bytes
C:\WINDOWS\system32\VBAEN32.OLB 32768 bytes
C:\WINDOWS\system32\FM20ENU.DLL 49152 bytes
C:\WINDOWS\system32\VBAME.DLL 49152 bytes
C:\WINDOWS\system32\SCP32.DLL 16384 bytes
C:\WINDOWS\system32\pxinsa64.exe 65536 bytes
C:\WINDOWS\system32\MSSTKPRP.DLL 98304 bytes
C:\WINDOWS\system32\INKED.DLL 212992 bytes
C:\WINDOWS\system32\WISPTIS.EXE 294912 bytes
C:\WINDOWS\system32\MSCOMCTL.OCX 1081344 bytes
C:\WINDOWS\system32\VSFLEX3.OCX 229376 bytes
C:\WINDOWS\system32\mdimon.dll 32768 bytes
C:\WINDOWS\system32\FM20.DLL 1196032 bytes
C:\WINDOWS\system32\LoopyMusic.wav 950272 bytes
C:\WINDOWS\system32\BuzzingBee.wav 147456 bytes
C:\WINDOWS\system32\AS-IFce1.ocx 606208 bytes
C:\WINDOWS\system32\JMRaidTool.exe 393216 bytes
C:\WINDOWS\system32\Futuremark
C:\WINDOWS\system32\Futuremark\MSC
C:\WINDOWS\system32\XceedBkp.dll 425984 bytes
C:\WINDOWS\system32\bpssc1.1.dll 65536 bytes
C:\WINDOWS\system32\vbalProgBar6.ocx 65536 bytes
C:\WINDOWS\system32\Registry Control.ocx 65536 bytes
C:\WINDOWS\system32\SmartSubClass.dll 32768 bytes
C:\WINDOWS\system32\threadapi.tlb 16384 bytes
C:\WINDOWS\system32\Flash.ocx 1441792 bytes
C:\WINDOWS\system32\ProgressBar4.ocx 98304 bytes
C:\WINDOWS\system32\XceedCry.dll 524288 bytes
C:\WINDOWS\system32\AvsCodec.dll 65536 bytes
C:\WINDOWS\system32\AVSClientSDK45.dll 49152 bytes
C:\WINDOWS\system32\OemSpi.dll 147456 bytes
C:\WINDOWS\system32\CtDvInst.dll 147456 bytes
C:\WINDOWS\system32\A3d.dll 65536 bytes
C:\WINDOWS\system32\SPIRun.dll 16384 bytes
C:\WINDOWS\system32\P17res.dll 147456 bytes
C:\WINDOWS\system32\OpenAL32.dll 98304 bytes
C:\WINDOWS\system32\settingsbkup.sfm 16384 bytes
C:\WINDOWS\system32\pxcpya64.exe 65536 bytes
C:\WINDOWS\system32\URTTemp
C:\WINDOWS\system32\URTTemp\fusion.dll 294912 bytes
C:\WINDOWS\system32\URTTemp\mscoree.dll 163840 bytes
C:\WINDOWS\system32\URTTemp\mscorsn.dll 81920 bytes
C:\WINDOWS\system32\URTTemp\mscorwks.dll 2490368 bytes
C:\WINDOWS\system32\URTTemp\msvcr71.dll 360448 bytes
C:\WINDOWS\system32\URTTemp\mscoree.dll.local 0 bytes
C:\WINDOWS\system32\URTTemp\regtlib.exe 49152 bytes
C:\WINDOWS\system32\ogg.dll 32768 bytes
C:\WINDOWS\system32\netfxperf.dll 32768 bytes
C:\WINDOWS\system32\APTRRNTm.dll 49152 bytes
C:\WINDOWS\system32\vorbis.dll 114688 bytes
C:\WINDOWS\system32\Mscomct2.ocx 655360 bytes
C:\WINDOWS\system32\AgCPanelFrench.dll 65536 bytes
C:\WINDOWS\system32\AgCPanelGerman.dll 65536 bytes
C:\WINDOWS\system32\AgCPanelJapanese.dll 65536 bytes
C:\WINDOWS\system32\AgCPanelKorean.dll 65536 bytes
C:\WINDOWS\system32\AgCPanelPortugese.dll 65536 bytes
C:\WINDOWS\system32\BdaPlgIn.ax 32768 bytes
C:\WINDOWS\system32\PhysX.cpl 491520 bytes
C:\WINDOWS\system32\ksxbar.ax 49152 bytes
C:\WINDOWS\system32\AgCPanelSpanish.dll 65536 bytes
C:\WINDOWS\system32\PsisRndr.ax 49152 bytes
C:\WINDOWS\system32\AgCPanelSwedish.dll 65536 bytes
C:\WINDOWS\system32\MSDvbNP.ax 65536 bytes
C:\WINDOWS\system32\APTRRNTl.dll 49152 bytes
C:\WINDOWS\system32\vfwwdm32.dll 65536 bytes
C:\WINDOWS\system32\PhysXLoader.dll 81920 bytes
C:\WINDOWS\system32\PsisDecd.dll 376832 bytes
C:\WINDOWS\system32\Ludap17.ini 32768 bytes
C:\WINDOWS\system32\kstvtune.ax 65536 bytes
C:\WINDOWS\system32\d3dx10_34.dll 458752 bytes
C:\WINDOWS\system32\kswdmcap.ax 98304 bytes
C:\WINDOWS\system32\d3dx10_33.dll 458752 bytes
C:\WINDOWS\system32\vidcap.ax 32768 bytes
C:\WINDOWS\system32\AgCPanelSimplifiedChinese.dll 65536 bytes
C:\WINDOWS\system32\d3dx9_35.dll 3735552 bytes
C:\WINDOWS\system32\ipsink.ax 16384 bytes
C:\WINDOWS\system32\xinput1_3.dll 81920 bytes
C:\WINDOWS\system32\The Lost Watch 3D Screensaver.scr 933888 bytes
C:\WINDOWS\system32\PnkBstrB.exe 114688 bytes
C:\WINDOWS\system32\The Lost Watch 3D Screensaver.exe 3031040 bytes
C:\WINDOWS\system32\3Planesoft
C:\WINDOWS\system32\3Planesoft\Screensaver Manager
C:\WINDOWS\system32\AgCPanelTraditionalChinese.dll 65536 bytes
C:\WINDOWS\system32\PnkBstrA.exe 81920 bytes
C:\WINDOWS\system32\ScreensaverManager.log 16384 bytes
C:\WINDOWS\system32\The Lost Watch.log 16384 bytes
C:\WINDOWS\system32\giveio.sys 16384 bytes
C:\WINDOWS\system32\initdebug.nfo 16384 bytes
C:\WINDOWS\system32\speedfan.sys 16384 bytes
C:\WINDOWS\system32\Adobe
C:\WINDOWS\system32\Adobe\SVG Viewer
C:\WINDOWS\system32\msxml4r.dll 98304 bytes
C:\WINDOWS\system32\mfc71.dll 1064960 bytes
C:\WINDOWS\system32\mfc71u.dll 1048576 bytes
C:\WINDOWS\system32\MFC71CHS.DLL 49152 bytes
C:\WINDOWS\system32\MFC71CHT.DLL 49152 bytes
C:\WINDOWS\system32\MFC71DEU.DLL 65536 bytes
C:\WINDOWS\system32\MFC71ENU.DLL 65536 bytes
C:\WINDOWS\system32\MFC71ESP.DLL 65536 bytes
C:\WINDOWS\system32\MFC71FRA.DLL 65536 bytes
C:\WINDOWS\system32\MFC71ITA.DLL 65536 bytes
C:\WINDOWS\system32\MFC71JPN.DLL 49152 bytes
C:\WINDOWS\system32\MFC71KOR.DLL 49152 bytes
C:\WINDOWS\system32\msstdfmt.dll 131072 bytes
C:\WINDOWS\system32\D3DCompiler_34.dll 1130496 bytes
C:\WINDOWS\system32\rmvtrjan.trb 933888 bytes
C:\WINDOWS\system32\msi.dll 2899968 bytes
C:\WINDOWS\system32\810429tv4-test.jun 16384 bytes
C:\WINDOWS\system32\msiexec.exe 81920 bytes
C:\WINDOWS\system32\xactengine2_6.dll 262144 bytes
C:\WINDOWS\system32\trjscan.trb 507904 bytes
C:\WINDOWS\system32\msihnd.dll 278528 bytes
C:\WINDOWS\system32\x3daudio1_1.dll 16384 bytes
C:\WINDOWS\system32\trupd.trb 442368 bytes
C:\WINDOWS\system32\msimsg.dll 884736 bytes
C:\WINDOWS\system32\D3DCompiler_33.dll 1130496 bytes
C:\WINDOWS\system32\msisip.dll 16384 bytes
C:\WINDOWS\system32\xactengine2_7.dll 262144 bytes
C:\WINDOWS\system32\dfshim.dll 98304 bytes
C:\WINDOWS\system32\mscoree.dll 278528 bytes
C:\WINDOWS\system32\mscorier.dll 163840 bytes
C:\WINDOWS\system32\mscories.dll 81920 bytes
C:\WINDOWS\system32\xactengine2_8.dll 278528 bytes
C:\WINDOWS\system32\x3daudio1_2.dll 32768 bytes
C:\WINDOWS\system32\ThriXXX000127.dll 344064 bytes
C:\WINDOWS\system32\ThriXXX000127SOUNDDX3.dll 32768 bytes
C:\WINDOWS\system32\d3dx9_24.dll 2228224 bytes
C:\WINDOWS\system32\d3dx9_25.dll 2342912 bytes
C:\WINDOWS\system32\d3dx9_26.dll 2310144 bytes
C:\WINDOWS\system32\d3dx9_27.dll 2326528 bytes
C:\WINDOWS\system32\xinput9_1_0.dll 65536 bytes
C:\WINDOWS\system32\d3dx9_28.dll 2326528 bytes
C:\WINDOWS\system32\d3dx9_29.dll 2342912 bytes
C:\WINDOWS\system32\xactengine2_0.dll 245760 bytes
C:\WINDOWS\system32\x3daudio1_0.dll 16384 bytes
C:\WINDOWS\system32\d3dx9_30.dll 2392064 bytes
C:\WINDOWS\system32\xactengine2_1.dll 245760 bytes
C:\WINDOWS\system32\xinput1_1.dll 65536 bytes
C:\WINDOWS\system32\xactengine2_2.dll 245760 bytes
C:\WINDOWS\system32\ThriXXX010205PNG.dll 65536 bytes
C:\WINDOWS\system32\kbdBF.dll 16384 bytes
C:\WINDOWS\system32\kbdbd.dll 16384 bytes
C:\WINDOWS\system32\CmdLineExt.dll 114688 bytes
C:\WINDOWS\system32\ThriXXX010104Z.dll 32768 bytes
C:\WINDOWS\system32\ThriXXX015003JP2.dll 65536 bytes
C:\WINDOWS\system32\divx.dll 638976 bytes

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 196


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\ICQLite\\ICQLite.exe"="C:\\Program Files\\ICQLite\\ICQLite.exe:*:Enabled:ICQ Lite"
"E:\\Program Files 2\\ICQLite\\ICQLite.exe"="E:\\Program Files 2\\ICQLite\\ICQLite.exe:*:Enabled:ICQ Lite"
"D:\\Games\\Neverwinter Nights 2\\nwn2main.exe"="D:\\Games\\Neverwinter Nights 2\\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main"
"D:\\Games\\Neverwinter Nights 2\\nwn2main_amdxp.exe"="D:\\Games\\Neverwinter Nights 2\\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD"
"D:\\Games\\Neverwinter Nights 2\\nwupdate.exe"="D:\\Games\\Neverwinter Nights 2\\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater"
"D:\\Games\\Neverwinter Nights 2\\nwn2server.exe"="D:\\Games\\Neverwinter Nights 2\\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server"
"E:\\Program Files 2\\yahoo messenger\\Messenger\\YahooMessenger.exe"="E:\\Program Files 2\\yahoo messenger\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"E:\\Program Files 2\\yahoo messenger\\Messenger\\YServer.exe"="E:\\Program Files 2\\yahoo messenger\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"E:\\Program Files\\FlashGet\\flashget.exe"="E:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"
"E:\\Program Files 2\\ICQ6\\ICQ.exe"="E:\\Program Files 2\\ICQ6\\ICQ.exe:*:Enabled:ICQ6"
"E:\\Program Files 2\\Flashget 1.82\\install\\flashget.exe"="E:\\Program Files 2\\Flashget 1.82\\install\\flashget.exe:*:Enabled:Flashget"
"E:\\Program Files 2\\utorrent\\utorrent.exe"="E:\\Program Files 2\\utorrent\\utorrent.exe:*:Enabled:зTorrent"
"D:\\Games\\Hellgate\\Launcher.exe"="D:\\Games\\Hellgate\\Launcher.exe:*:Enabled:Hellgate: London"
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb"
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray"
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"E:\\Program Files 2\\iTunes\\iTunes.exe"="E:\\Program Files 2\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files:
---------------

File Backups: - C:\DOCUME~1\A\Desktop\save\SDFix\backups\backups.zip

Files with Hidden Attributes:

Mon 27 Jun 2005 616,448 A.SHR --- "C:\WINDOWS\system32\cygwin1.dll"
Wed 22 Jun 2005 45,568 A.SHR --- "C:\WINDOWS\system32\cygz.dll"
Thu 14 Jul 2005 27,648 A.SH. --- "C:\WINDOWS\system32\AVSredirect.dll"
Sun 22 Apr 2007 286,720 ...H. --- "C:\Program Files\Amazonia\cracked.exe"
Thu 9 Nov 2006 61,952 ...H. --- "C:\Documents and Settings\A\My Documents\~WRL1019.tmp"
Thu 16 Nov 2006 22,528 ...H. --- "C:\Documents and Settings\A\My Documents\~WRL1074.tmp"
Thu 16 Nov 2006 27,648 ...H. --- "C:\Documents and Settings\A\My Documents\~WRL1896.tmp"
Sat 30 Dec 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Fri 4 Jan 2008 85,946 A..H. --- "C:\Documents and Settings\A\Local Settings\Temp\BIT2375.tmp"
Mon 12 Feb 2007 3,096,576 A..H. --- "C:\Documents and Settings\A\Application Data\U3\temp\Launchpad Removal.exe"
Thu 15 Nov 2007 1,332 ...HR --- "C:\Documents and Settings\A\Application Data\SecuROM\UserData\securom_v7_01.bak"
Wed 10 Oct 2001 54 ..SH. --- "C:\Documents and Settings\A\Application Data\iPodSoft\iPod Agent\1.1.2.0\WinIPA.sys"

Finished!

[z-named]

And that's the hijack this report log...:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:49:39, on 04.1.2008 г.
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
E:\Program Files 2\adaware\aawservice.exe
E:\PROGRAM FILES 2\FILE PROTECTOR\EFPAP.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\CCProxy\CCProxy.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
E:\Program Files 2\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
E:\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
E:\Program Files 2\iTunes\iPod\bin\iPodService.exe
E:\Program Files 2\Mozilla Firefox\firefox.exe
E:\Program Files 2\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.0.0.1:808
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - E:\Program Files 2\Flashget 1.82\install\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {D10CD11A-4CA6-453A-ABE5-71EA37E1BC45} - (no file)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - E:\Program Files 2\Flashget 1.82\install\getflash.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [GBB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] E:\Program Files 2\CorelDraw\Corel Install\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=021308 serial=DR12WNP-9936859-UJJ lang=EN
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files 2\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [UIWatcher] E:\Program Files 2\Ashampoo UnInstaller Platinum 2\UIWatcher.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [ICQ Lite] E:\PROGRA~1\ICQLite\ICQLite.exe -trayboot (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [ICQ Lite] E:\PROGRA~1\ICQLite\ICQLite.exe -trayboot (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Download All with FlashGet - E:\Program Files 2\Flashget 1.82\install\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - E:\Program Files 2\Flashget 1.82\install\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Program Files 2\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Program Files 2\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\Program Files 2\Flashget 1.82\install\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\Program Files 2\Flashget 1.82\install\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\Program Files 2\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\Program Files 2\ICQ6\ICQ.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\Program Files 2\yahoo messenger\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\Program Files 2\yahoo messenger\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C357FE0A-0556-4970-8990-64DF0B8E8C6B} (WebCamX Control) - http://sushilni.t0d.org:4201/WebCamX.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://87.120.43.77/activex/AMC.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FEF9F126-16A7-4BC4-A6C5-3DEAA6E0257A}: NameServer = 172.16.1.1
O22 - SharedTaskScheduler: arsenicism - {075a465d-0af2-4b79-8db3-2fda0fd8d74c} - (no file)
O23 - Service: .NETSecurity - Unknown owner - C:\WINDOWS\system32\netsecurity.exe (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - E:\Program Files 2\adaware\aawservice.exe
O23 - Service: Easy File & Folder Protector (ACDService) - Unknown owner - E:\PROGRAM FILES 2\FILE PROTECTOR\EFPAP.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CCProxy - Unknown owner - C:\Program Files\CCProxy\CCProxy.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - E:\Program Files 2\iTunes\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 8950 bytes

[Blade81]

Good. Let's continue

Download
haxfix.exe
and save it to your desktop.

• Double click on haxfix.exe to install haxfix. (standard
  installation path is c:\program Files\haxfix)
• Checkmark
  Create a desktop icon
  
• Click Next
  
• When the installation is completed, make sure that the checkmark
  
  Launch HaxFix is placed
• Click Finish

A red dos window (dos box) will open with options:
1. Make logfile
2. Run auto fix
3. Run manual fix
E. Exit Haxfix

• Select option 1. Make logfile by typing 1 and then
  pressing Enter
• Haxfix will start scanning the computer. When it is finished a
  logfile will open: haxlog.txt > (c:\haxfix.txt)
• Copy the contents of that logfile and paste it into this thread.

[z-named]

HAXFIX logfile - by Marckie

version 4.63.1
04.01.2008 Ј. 16:23:44,25

--- Checking for Haxdoor ---

checking for a3d files
a3d files not found

checking for matching notify keys
no matching notify keys found

checking for matching services
matching services found
ASPI32

checking for matching safeboot services
no matching safeboot services found

checking for other Haxdoor-files
no other Haxdoor-files found


--- Checking for Goldun ---

checking for SSODL keys
no ssodl keys found

checking for notify keys
no notify keys found

checking for services
no services found

checking for other Goldun-files
no other Goldun-files found

checking iexplore.exe
iexplore.exe is not infected


--- Catchme logfile - thank you Gmer ---

catchme 0.3.1262.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-04 16:23:44
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
P17Helper = Rundll32 SPIRun.dll,RunDLLEntry?

scanning hidden files ...

C:\WINDOWS\system32\pthreadVC.dll 65536 bytes
C:\WINDOWS\system32\px.dll 557056 bytes
C:\WINDOWS\system32\Packet.dll 98304 bytes
C:\WINDOWS\system32\WNASPI32.DLL 49152 bytes
C:\WINDOWS\system32\WanPacket.dll 65536 bytes
C:\WINDOWS\system32\pxmas.dll 196608 bytes
C:\WINDOWS\system32\SIntf16.dll 16384 bytes
C:\WINDOWS\system32\RTSndMgr.CPL 278528 bytes
C:\WINDOWS\system32\pxwave.dll 393216 bytes
C:\WINDOWS\system32\ALSNDMGR.CPL 311296 bytes
C:\WINDOWS\system32\RTCOM
C:\WINDOWS\system32\RTCOM\RTLCPAPI.dll 147456 bytes
C:\WINDOWS\system32\RTCOM\RTCOMDLL.dll 278528 bytes
C:\WINDOWS\system32\OggSplitter.ax 376832 bytes
C:\WINDOWS\system32\OpenQuicktimeLib.dll 442368 bytes
C:\WINDOWS\system32\RealMediaSplitter.ax 425984 bytes
C:\WINDOWS\system32\vxblock.dll 49152 bytes
C:\WINDOWS\system32\msvcr71.dll 360448 bytes
C:\WINDOWS\system32\atl71.dll 98304 bytes
C:\WINDOWS\system32\msvcp71.dll 507904 bytes
C:\WINDOWS\system32\pxdrv.dll 524288 bytes
C:\WINDOWS\system32\jupdate-1.5.0_08-b03.log 16384 bytes
C:\WINDOWS\system32\AVSredirect.dll 32768 bytes
C:\WINDOWS\system32\jpicpl32.cpl 65536 bytes
C:\WINDOWS\system32\pxsfs.dll 1638400 bytes
C:\WINDOWS\system32\d3d8caps.dat 16384 bytes
C:\WINDOWS\system32\divxdec.ax 720896 bytes
C:\WINDOWS\system32\xvid.ax 81920 bytes
C:\WINDOWS\system32\SIntf32.dll 32768 bytes
C:\WINDOWS\system32\SIntfNT.dll 32768 bytes
C:\WINDOWS\system32\NtmsData
C:\WINDOWS\system32\NtmsData\NTMSDATA 163840 bytes
C:\WINDOWS\system32\NtmsData\NTMSIDX 114688 bytes
C:\WINDOWS\system32\NtmsData\NTMSREG 16384 bytes
C:\WINDOWS\system32\NtmsData\NTMSDATA.BAK 163840 bytes
C:\WINDOWS\system32\DivXG400.ax 245760 bytes
C:\WINDOWS\system32\CmdLineExt03.dll 49152 bytes
C:\WINDOWS\system32\actsplash.ocx 196608 bytes
C:\WINDOWS\system32\Fish Tycoon.scr 49152 bytes
C:\WINDOWS\system32\moveex.exe 49152 bytes
C:\WINDOWS\system32\process.exe 65536 bytes
C:\WINDOWS\system32\catchme.exe 147456 bytes
C:\WINDOWS\system32\AS-Exp2.ocx 278528 bytes
C:\WINDOWS\system32\jupdate-1.5.0_09-b03.log 16384 bytes
C:\WINDOWS\system32\java.exe 65536 bytes
C:\WINDOWS\system32\javaw.exe 65536 bytes
C:\WINDOWS\system32\javaws.exe 131072 bytes
C:\WINDOWS\system32\pxafs.dll 131072 bytes
C:\WINDOWS\system32\MSRDO20.DLL 409600 bytes
C:\WINDOWS\system32\RDOCURS.DLL 163840 bytes
C:\WINDOWS\system32\pxhpinst.exe 81920 bytes
C:\WINDOWS\system32\MFC42ENU.DLL 65536 bytes
C:\WINDOWS\system32\VEN2232.OLB 49152 bytes
C:\WINDOWS\system32\VBAEND32.OLB 32768 bytes
C:\WINDOWS\system32\VBAEN32.OLB 32768 bytes
C:\WINDOWS\system32\FM20ENU.DLL 49152 bytes
C:\WINDOWS\system32\VBAME.DLL 49152 bytes
C:\WINDOWS\system32\SCP32.DLL 16384 bytes
C:\WINDOWS\system32\pxinsa64.exe 65536 bytes
C:\WINDOWS\system32\MSSTKPRP.DLL 98304 bytes
C:\WINDOWS\system32\INKED.DLL 212992 bytes
C:\WINDOWS\system32\WISPTIS.EXE 294912 bytes
C:\WINDOWS\system32\MSCOMCTL.OCX 1081344 bytes
C:\WINDOWS\system32\VSFLEX3.OCX 229376 bytes
C:\WINDOWS\system32\mdimon.dll 32768 bytes
C:\WINDOWS\system32\FM20.DLL 1196032 bytes
C:\WINDOWS\system32\LoopyMusic.wav 950272 bytes
C:\WINDOWS\system32\BuzzingBee.wav 147456 bytes
C:\WINDOWS\system32\AS-IFce1.ocx 606208 bytes
C:\WINDOWS\system32\JMRaidTool.exe 393216 bytes
C:\WINDOWS\system32\Futuremark
C:\WINDOWS\system32\Futuremark\MSC
C:\WINDOWS\system32\XceedBkp.dll 425984 bytes
C:\WINDOWS\system32\bpssc1.1.dll 65536 bytes
C:\WINDOWS\system32\vbalProgBar6.ocx 65536 bytes
C:\WINDOWS\system32\Registry Control.ocx 65536 bytes
C:\WINDOWS\system32\SmartSubClass.dll 32768 bytes
C:\WINDOWS\system32\threadapi.tlb 16384 bytes
C:\WINDOWS\system32\Flash.ocx 1441792 bytes
C:\WINDOWS\system32\ProgressBar4.ocx 98304 bytes
C:\WINDOWS\system32\XceedCry.dll 524288 bytes
C:\WINDOWS\system32\AvsCodec.dll 65536 bytes
C:\WINDOWS\system32\AVSClientSDK45.dll 49152 bytes
C:\WINDOWS\system32\OemSpi.dll 147456 bytes
C:\WINDOWS\system32\CtDvInst.dll 147456 bytes
C:\WINDOWS\system32\A3d.dll 65536 bytes
C:\WINDOWS\system32\SPIRun.dll 16384 bytes
C:\WINDOWS\system32\P17res.dll 147456 bytes
C:\WINDOWS\system32\OpenAL32.dll 98304 bytes
C:\WINDOWS\system32\settingsbkup.sfm 16384 bytes
C:\WINDOWS\system32\pxcpya64.exe 65536 bytes
C:\WINDOWS\system32\URTTemp
C:\WINDOWS\system32\URTTemp\fusion.dll 294912 bytes
C:\WINDOWS\system32\URTTemp\mscoree.dll 163840 bytes
C:\WINDOWS\system32\URTTemp\mscorsn.dll 81920 bytes
C:\WINDOWS\system32\URTTemp\mscorwks.dll 2490368 bytes
C:\WINDOWS\system32\URTTemp\msvcr71.dll 360448 bytes
C:\WINDOWS\system32\URTTemp\mscoree.dll.local 0 bytes
C:\WINDOWS\system32\URTTemp\regtlib.exe 49152 bytes
C:\WINDOWS\system32\ogg.dll 32768 bytes
C:\WINDOWS\system32\netfxperf.dll 32768 bytes
C:\WINDOWS\system32\APTRRNTm.dll 49152 bytes
C:\WINDOWS\system32\vorbis.dll 114688 bytes
C:\WINDOWS\system32\Mscomct2.ocx 655360 bytes
C:\WINDOWS\system32\AgCPanelFrench.dll 65536 bytes
C:\WINDOWS\system32\AgCPanelGerman.dll 65536 bytes
C:\WINDOWS\system32\AgCPanelJapanese.dll 65536 bytes
C:\WINDOWS\system32\AgCPanelKorean.dll 65536 bytes
C:\WINDOWS\system32\AgCPanelPortugese.dll 65536 bytes
C:\WINDOWS\system32\BdaPlgIn.ax 32768 bytes
C:\WINDOWS\system32\PhysX.cpl 491520 bytes
C:\WINDOWS\system32\ksxbar.ax 49152 bytes
C:\WINDOWS\system32\AgCPanelSpanish.dll 65536 bytes
C:\WINDOWS\system32\PsisRndr.ax 49152 bytes
C:\WINDOWS\system32\AgCPanelSwedish.dll 65536 bytes
C:\WINDOWS\system32\MSDvbNP.ax 65536 bytes
C:\WINDOWS\system32\APTRRNTl.dll 49152 bytes
C:\WINDOWS\system32\vfwwdm32.dll 65536 bytes
C:\WINDOWS\system32\PhysXLoader.dll 81920 bytes
C:\WINDOWS\system32\PsisDecd.dll 376832 bytes
C:\WINDOWS\system32\Ludap17.ini 32768 bytes
C:\WINDOWS\system32\kstvtune.ax 65536 bytes
C:\WINDOWS\system32\d3dx10_34.dll 458752 bytes
C:\WINDOWS\system32\kswdmcap.ax 98304 bytes
C:\WINDOWS\system32\d3dx10_33.dll 458752 bytes
C:\WINDOWS\system32\vidcap.ax 32768 bytes
C:\WINDOWS\system32\AgCPanelSimplifiedChinese.dll 65536 bytes
C:\WINDOWS\system32\d3dx9_35.dll 3735552 bytes
C:\WINDOWS\system32\ipsink.ax 16384 bytes
C:\WINDOWS\system32\xinput1_3.dll 81920 bytes
C:\WINDOWS\system32\The Lost Watch 3D Screensaver.scr 933888 bytes
C:\WINDOWS\system32\PnkBstrB.exe 114688 bytes
C:\WINDOWS\system32\The Lost Watch 3D Screensaver.exe 3031040 bytes
C:\WINDOWS\system32\3Planesoft
C:\WINDOWS\system32\3Planesoft\Screensaver Manager
C:\WINDOWS\system32\AgCPanelTraditionalChinese.dll 65536 bytes
C:\WINDOWS\system32\PnkBstrA.exe 81920 bytes
C:\WINDOWS\system32\ScreensaverManager.log 16384 bytes
C:\WINDOWS\system32\The Lost Watch.log 16384 bytes
C:\WINDOWS\system32\giveio.sys 16384 bytes
C:\WINDOWS\system32\initdebug.nfo 16384 bytes
C:\WINDOWS\system32\speedfan.sys 16384 bytes
C:\WINDOWS\system32\Adobe
C:\WINDOWS\system32\Adobe\SVG Viewer
C:\WINDOWS\system32\msxml4r.dll 98304 bytes
C:\WINDOWS\system32\mfc71.dll 1064960 bytes
C:\WINDOWS\system32\mfc71u.dll 1048576 bytes
C:\WINDOWS\system32\MFC71CHS.DLL 49152 bytes
C:\WINDOWS\system32\MFC71CHT.DLL 49152 bytes
C:\WINDOWS\system32\MFC71DEU.DLL 65536 bytes
C:\WINDOWS\system32\MFC71ENU.DLL 65536 bytes
C:\WINDOWS\system32\MFC71ESP.DLL 65536 bytes
C:\WINDOWS\system32\MFC71FRA.DLL 65536 bytes
C:\WINDOWS\system32\MFC71ITA.DLL 65536 bytes
C:\WINDOWS\system32\MFC71JPN.DLL 49152 bytes
C:\WINDOWS\system32\MFC71KOR.DLL 49152 bytes
C:\WINDOWS\system32\msstdfmt.dll 131072 bytes
C:\WINDOWS\system32\D3DCompiler_34.dll 1130496 bytes
C:\WINDOWS\system32\rmvtrjan.trb 933888 bytes
C:\WINDOWS\system32\msi.dll 2899968 bytes
C:\WINDOWS\system32\810429tv4-test.jun 16384 bytes
C:\WINDOWS\system32\msiexec.exe 81920 bytes
C:\WINDOWS\system32\xactengine2_6.dll 262144 bytes
C:\WINDOWS\system32\trjscan.trb 507904 bytes
C:\WINDOWS\system32\msihnd.dll 278528 bytes
C:\WINDOWS\system32\x3daudio1_1.dll 16384 bytes
C:\WINDOWS\system32\trupd.trb 442368 bytes
C:\WINDOWS\system32\msimsg.dll 884736 bytes
C:\WINDOWS\system32\D3DCompiler_33.dll 1130496 bytes
C:\WINDOWS\system32\msisip.dll 16384 bytes
C:\WINDOWS\system32\xactengine2_7.dll 262144 bytes
C:\WINDOWS\system32\dfshim.dll 98304 bytes
C:\WINDOWS\system32\mscoree.dll 278528 bytes
C:\WINDOWS\system32\mscorier.dll 163840 bytes
C:\WINDOWS\system32\mscories.dll 81920 bytes
C:\WINDOWS\system32\xactengine2_8.dll 278528 bytes
C:\WINDOWS\system32\x3daudio1_2.dll 32768 bytes
C:\WINDOWS\system32\ThriXXX000127.dll 344064 bytes
C:\WINDOWS\system32\ThriXXX000127SOUNDDX3.dll 32768 bytes
C:\WINDOWS\system32\d3dx9_24.dll 2228224 bytes
C:\WINDOWS\system32\d3dx9_25.dll 2342912 bytes
C:\WINDOWS\system32\d3dx9_26.dll 2310144 bytes
C:\WINDOWS\system32\d3dx9_27.dll 2326528 bytes
C:\WINDOWS\system32\xinput9_1_0.dll 65536 bytes
C:\WINDOWS\system32\d3dx9_28.dll 2326528 bytes
C:\WINDOWS\system32\d3dx9_29.dll 2342912 bytes
C:\WINDOWS\system32\xactengine2_0.dll 245760 bytes
C:\WINDOWS\system32\x3daudio1_0.dll 16384 bytes
C:\WINDOWS\system32\d3dx9_30.dll 2392064 bytes
C:\WINDOWS\system32\xactengine2_1.dll 245760 bytes
C:\WINDOWS\system32\xinput1_1.dll 65536 bytes
C:\WINDOWS\system32\xactengine2_2.dll 245760 bytes
C:\WINDOWS\system32\ThriXXX010205PNG.dll 65536 bytes
C:\WINDOWS\system32\kbdBF.dll 16384 bytes
C:\WINDOWS\system32\kbdbd.dll 16384 bytes
C:\WINDOWS\system32\CmdLineExt.dll 114688 bytes
C:\WINDOWS\system32\ThriXXX010104Z.dll 32768 bytes
C:\WINDOWS\system32\ThriXXX015003JP2.dll 65536 bytes
C:\WINDOWS\system32\divx.dll 638976 bytes

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 199


--- Analysing Catchme logfile ---

matching service found: giveio
matching service found: speedfan


Finished!