HELP PLEASE Downloader mislead app. infection!

Hi drakkana

ComboFix is a very powerful tool and should be run under the supervision of a trained analyst. Please do not run ComboFix unless asked to do so.

Click Start > Run and copy/paste the following txt into the run box and press enter:

"C:\qoobox\ComboFix4.txt"

post the contents of ComboFix4.txt

Next Go to Microsoft's website => http://support.microsoft.com/kb/310994
Select the download that's appropriate for your Operating System

Download the file & save it as its originally named, next to ComboFix.exe.

Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, a log named CF_RC.txt will open. Please post the contents of that log.Please do not reboot your machine until we have reviewed the log.

thanks..but unfortunately i had to do a format.. but i appreciate your help...is there any chance of it being still in the system after the format?

It's unlikely though not impossible, how did you format?

Are you still experiencing symptons?

I did the common type of format.. inserted windows xp cd...install etc etc.. from dos..
the only problem i got right now is that whenever i start my windows the resolution of my screen is set to the lowest.. i then define it to be at 1024x768 but when i restart the pc the resolution is once again low...i installed the drivers of my monitor..but don't know what's goin on.. is that a "mislead" symptom?

Hi drakkana

I had a similar problem on a customers computer. The graphics software would pop up at boot up but after changing the resolution and rebooting it would pop up again. After changing the resolution in the graphics app I then changed it via Desktop > Properties > Settings rebooted and the setting stuck. Does this help solve your problem?

nope..i have done it like a hundred times..
i installed the drivers to the monitor, to the graphic card..nothing.

Post new logs from HijackThis and ComboFix

Post new logs from HijackThis and ComboFix

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:40:07 μμ, on 8/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SAV\DefWatch.exe
C:\WINDOWS\system32\CBA\pds.exe
C:\Program Files\Common Files\Symantec Shared\Reporting Agents\Win32\ReporterSvc.exe
C:\Program Files\SAV\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\htpatch.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\PROGRA~1\SAV\VPTray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\SAGEM\CONN-X SAGEM Fast 800\dslmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Συνδέσεις
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Βοηθός εισόδου του Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SAV\VPTray.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Reboot.exe
O4 - Global Startup: DSLMON.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{9CE5DDF0-EC01-4D7D-BAA0-7A8B9DEF9930}: NameServer = 195.170.0.1 195.170.2.2
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\SAV\DefWatch.exe
O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\CBA\pds.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Reporting Agents (Reporting) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Reporting Agents\Win32\ReporterSvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\SAV\Rtvscan.exe

--
End of file - 7305 bytes

ComboFix 08-02.05.3 - drakkana 2008-02-08 12:41:27.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1253.1.1032.18.146 [GMT 2:00]
Running from: C:\Documents and Settings\drakkana\Επιφάνεια εργασίας\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

hxxp://au
.
((((((((((((((((((((((((( Files Created from 2008-01-08 to 2008-02-08 )))))))))))))))))))))))))))))))
.

2008-02-08 12:39 . 2008-02-08 12:39 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-08 12:21 . 2008-02-08 12:21 268 --ah----- C:\sqmdata15.sqm
2008-02-08 12:21 . 2008-02-08 12:21 244 --ah----- C:\sqmnoopt15.sqm
2008-02-08 12:18 . 2008-02-08 12:18 268 --ah----- C:\sqmdata14.sqm
2008-02-08 12:18 . 2008-02-08 12:18 244 --ah----- C:\sqmnoopt14.sqm
2008-02-07 21:53 . 2008-02-07 21:53 268 --ah----- C:\sqmdata13.sqm
2008-02-07 21:53 . 2008-02-07 21:53 244 --ah----- C:\sqmnoopt13.sqm
2008-02-07 14:24 . 2008-02-07 15:13 <DIR> d-------- C:\Program Files\DC++
2008-02-06 15:16 . 2008-02-06 15:16 268 --ah----- C:\sqmdata12.sqm
2008-02-06 15:16 . 2008-02-06 15:16 244 --ah----- C:\sqmnoopt12.sqm
2008-02-06 15:06 . 2008-02-06 15:06 <DIR> d-------- C:\Documents and Settings\All Users\SonicStage
2008-02-06 15:03 . 2008-02-06 15:03 268 --ah----- C:\sqmdata11.sqm
2008-02-06 15:03 . 2008-02-06 15:03 244 --ah----- C:\sqmnoopt11.sqm
2008-02-06 15:02 . 2008-02-06 15:02 <DIR> d-------- C:\Program Files\Sony Corporation
2008-02-06 15:02 . 2001-09-13 02:15 90,112 --------- C:\WINDOWS\snymsico.dll
2008-02-06 15:02 . 2002-08-08 15:51 38,951 --------- C:\WINDOWS\system32\drivers\NETMDUSB.sys
2008-02-06 15:02 . 2005-10-31 10:46 36,679 --------- C:\WINDOWS\system32\drivers\NETMD052.sys
2008-02-06 15:02 . 2003-11-10 12:31 36,232 --------- C:\WINDOWS\system32\drivers\NETMD033.sys
2008-02-06 15:02 . 2003-04-01 18:55 35,319 --------- C:\WINDOWS\system32\drivers\NETMD031.sys
2008-02-06 15:02 . 2001-08-31 15:07 27,255 --------- C:\WINDOWS\system32\drivers\NWWMUSB.sys
2008-02-06 15:02 . 2002-09-11 10:20 11,510 --------- C:\WINDOWS\system32\drivers\VMCUSB.sys
2008-02-06 15:01 . 2008-02-06 15:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Corporation
2008-02-06 15:01 . 2005-09-08 10:22 765,952 --a------ C:\WINDOWS\system32\CDDBUISony.dll
2008-02-06 15:01 . 2005-10-11 21:46 598,016 --a------ C:\WINDOWS\system32\CDDBControlSony.dll
2008-02-06 15:01 . 2005-09-08 10:09 565,248 --a------ C:\WINDOWS\system32\CddbMusicIDSony.dll
2008-02-06 15:01 . 2005-09-08 10:21 73,728 --a------ C:\WINDOWS\system32\CddbLinkSony.dll
2008-02-06 15:00 . 2008-02-06 15:02 <DIR> d-------- C:\Program Files\Sony
2008-02-06 14:59 . 2008-02-06 15:02 <DIR> d-------- C:\Program Files\Common Files\Sony Shared
2008-02-06 14:59 . 2008-02-06 15:06 <DIR> d-------- C:\Documents and Settings\drakkana\Application Data\Sony Corporation
2008-02-05 23:49 . 2008-02-05 23:49 268 --ah----- C:\sqmdata10.sqm
2008-02-05 23:49 . 2008-02-05 23:49 244 --ah----- C:\sqmnoopt10.sqm
2008-02-05 18:01 . 2008-02-05 18:01 268 --ah----- C:\sqmdata09.sqm
2008-02-05 18:01 . 2008-02-05 18:01 244 --ah----- C:\sqmnoopt09.sqm
2008-02-04 18:14 . 2008-02-04 18:14 268 --ah----- C:\sqmdata08.sqm
2008-02-04 18:14 . 2008-02-04 18:14 244 --ah----- C:\sqmnoopt08.sqm
2008-02-04 16:01 . 2008-02-04 16:01 268 --ah----- C:\sqmdata07.sqm
2008-02-04 16:01 . 2008-02-04 16:01 244 --ah----- C:\sqmnoopt07.sqm
2008-02-04 15:52 . 2008-02-04 15:52 268 --ah----- C:\sqmdata06.sqm
2008-02-04 15:52 . 2008-02-04 15:52 244 --ah----- C:\sqmnoopt06.sqm
2008-02-03 22:07 . 2008-02-03 22:07 268 --ah----- C:\sqmdata05.sqm
2008-02-03 22:07 . 2008-02-03 22:07 244 --ah----- C:\sqmnoopt05.sqm
2008-02-03 17:01 . 2008-02-03 19:30 <DIR> d-------- C:\Documents and Settings\drakkana\Application Data\Uniblue
2008-02-03 16:52 . 2008-02-03 16:52 <DIR> d-------- C:\WINDOWS\Sun
2008-02-03 15:03 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-03 15:02 . 2008-02-03 15:03 <DIR> d-------- C:\Program Files\Java
2008-02-03 15:00 . 2008-02-03 15:00 <DIR> d-------- C:\Program Files\Common Files\Java
2008-02-03 12:25 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-02-03 12:25 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-02-03 12:25 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-02-03 12:15 . 2008-02-03 12:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-03 12:04 . 2008-02-03 12:04 268 --ah----- C:\sqmdata04.sqm
2008-02-03 12:04 . 2008-02-03 12:04 244 --ah----- C:\sqmnoopt04.sqm
2008-02-03 11:57 . 2008-02-03 11:57 268 --ah----- C:\sqmdata03.sqm
2008-02-03 11:57 . 2008-02-03 11:57 244 --ah----- C:\sqmnoopt03.sqm
2008-02-03 11:38 . 2008-02-03 11:38 <DIR> d-------- C:\Program Files\SiS Monitor
2008-02-03 11:38 . 1997-11-03 21:10 277,776 --a------ C:\WINDOWS\system32\MSVCRT.1
2008-02-03 11:38 . 1999-03-31 09:55 11,200 --a------ C:\WINDOWS\system32\drivers\SiSMon.sys
2008-02-03 11:35 . 2008-02-03 11:35 <DIR> d-------- C:\Program Files\SiS7012
2008-02-03 11:35 . 2002-11-04 09:39 814,277 -ra------ C:\WINDOWS\system32\drivers\sis7012.sys
2008-02-03 11:34 . 2008-02-03 11:34 <DIR> d-------- C:\Program Files\IC Card Reader Driver v1.8e2
2008-02-03 11:34 . 2008-02-03 11:33 724,992 --a------ C:\WINDOWS\iun6002.exe
2008-02-03 11:32 . 2008-02-03 11:32 <DIR> d-------- C:\Program Files\SiSLan
2008-02-03 11:31 . 2008-02-03 11:31 <DIR> d-------- C:\WINDOWS\OPTIONS
2008-02-03 11:24 . 2008-02-03 11:24 <DIR> d-------- C:\NVIDIA
2008-02-03 11:24 . 2008-02-03 11:24 26 --a------ C:\WINDOWS\tsctv.ini
2008-02-03 01:41 . 2008-02-03 01:41 268 --ah----- C:\sqmdata02.sqm
2008-02-03 01:41 . 2008-02-03 01:41 244 --ah----- C:\sqmnoopt02.sqm
2008-02-03 00:12 . 2008-02-03 00:12 <DIR> d-------- C:\Documents and Settings\drakkana\Application Data\vlc
2008-02-03 00:09 . 2008-02-05 15:22 <DIR> d-------- C:\Documents and Settings\drakkana\Application Data\dvdcss
2008-02-02 23:58 . 2008-02-02 23:58 <DIR> d-------- C:\Program Files\X2CD
2008-02-02 23:58 . 2008-02-02 23:58 <DIR> d-------- C:\Program Files\VideoLAN
2008-02-02 20:25 . 2008-02-02 20:25 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-02-02 20:23 . 2008-02-02 20:23 268 --ah----- C:\sqmdata01.sqm
2008-02-02 20:23 . 2008-02-02 20:23 244 --ah----- C:\sqmnoopt01.sqm
2008-02-02 20:19 . 2008-02-02 20:19 268 --ah----- C:\sqmdata00.sqm
2008-02-02 20:19 . 2008-02-02 20:19 244 --ah----- C:\sqmnoopt00.sqm
2008-02-02 19:50 . 2007-10-11 01:49 6,065,664 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-02-02 19:50 . 2007-07-01 05:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-02-02 19:50 . 2007-07-01 05:36 1,118,208 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-02-02 19:50 . 2007-10-11 01:49 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-02-02 19:50 . 2007-10-11 01:49 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-02-02 19:50 . 2007-10-11 01:49 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-02-02 19:50 . 2007-10-11 01:49 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-02-02 19:50 . 2007-10-11 01:49 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-02-02 19:50 . 2007-10-10 12:59 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-02 19:48 . 2008-02-02 19:50 <DIR> d-------- C:\WINDOWS\system32\el-gr
2008-02-02 19:44 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2008-02-02 19:25 . 2003-02-28 18:26 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2008-02-02 19:25 . 2003-02-28 18:26 46,352 --a------ C:\WINDOWS\setdebug.exe
2008-02-02 19:25 . 2003-02-28 16:54 7,315 --a------ C:\WINDOWS\system32\javasup.vxd
2008-02-02 19:25 . 2003-02-28 16:35 6,550 --a------ C:\WINDOWS\jautoexp.dat
2008-02-02 19:25 . 2003-02-28 16:38 113 --a------ C:\WINDOWS\system32\zonedon.reg
2008-02-02 19:25 . 2003-02-28 16:38 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2008-02-02 19:22 . 2006-08-21 11:14 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2008-02-02 19:22 . 2006-08-21 11:14 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2008-02-02 19:22 . 2006-08-21 14:27 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2008-02-02 19:21 . 2008-02-03 16:37 <DIR> d-------- C:\Program Files\uTorrent
2008-02-02 19:21 . 2008-02-07 22:59 <DIR> d-------- C:\Documents and Settings\drakkana\Application Data\uTorrent
2008-02-02 19:05 . 2008-02-02 19:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-02-02 18:33 . 2008-02-02 18:33 <DIR> d-------- C:\Documents and Settings\drakkana\Contacts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-07 20:42 --------- d-----w C:\Documents and Settings\drakkana\Application Data\mIRC
2008-02-06 13:00 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-02 15:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-02 15:04 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-02-02 14:30 31 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg
2008-02-02 14:30 --------- d-----w C:\Program Files\SAGEM
2008-02-02 14:21 --------- d-----w C:\Program Files\SYMANTEC ANTIVIRUS CORPORATE EDITION v10.1.6.6000 - ARNiSO
2008-02-02 14:17 --------- d-----w C:\Program Files\DAEMON Tools
2008-02-02 14:15 682,232 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-02-02 14:12 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-02-02 14:11 --------- d-----w C:\Program Files\Microsoft.NET
2008-02-02 14:07 --------- d-----w C:\Program Files\Microsoft IntelliType Pro
2008-02-02 14:07 --------- d-----w C:\Program Files\Microsoft IntelliPoint
2008-02-02 12:49 --------- d-----w C:\Program Files\microsoft frontpage
2008-02-02 12:48 558,142 ----a-w C:\WINDOWS\java\Packages\HJJD7N57.ZIP
2008-02-02 12:48 155,995 ----a-w C:\WINDOWS\java\Packages\AL3J9ZBJ.ZIP
2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-04 06:45 15360]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29 165784]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"HTpatch"="C:\WINDOWS\htpatch.exe" [2002-10-30 11:40 28672]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 12:15 106496]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 11:12 90112]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 04:19 69632]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 10:51 172032]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2004-06-03 10:50 204800]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 17:38 52840]
"vptray"="C:\PROGRA~1\SAV\VPTray.exe" [2007-03-14 19:49 125632]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-16 00:54 37376]
"Ad-Watch"="C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 02:36 81920]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-09-04 06:45 15360]

C:\Documents and Settings\drakkana\Start Menu\¨¦¨α££«\„΅΅ε¤©\
Reboot.exe [2002-08-20 08:26:48 432128]

C:\Documents and Settings\All Users\Start Menu\¨¦¨α££«\„΅΅ε¤©\
DSLMON.lnk - C:\Program Files\SAGEM\CONN-X SAGEM Fast 800\dslmon.exe [2008-02-02 16:30:14 839680]

R2 Reporting;Reporting Agents;"C:\Program Files\Common Files\Symantec Shared\Reporting Agents\Win32\ReporterSvc.exe" [2007-03-14 15:09]
R2 SiSMon;sismon;C:\WINDOWS\system32\drivers\sismon.sys [1999-03-31 09:55]
R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2006-05-04 18:50]
R3 SiS7012;Service for AC'97 Sample Driver (WDM);C:\WINDOWS\system32\drivers\sis7012.sys [2002-11-04 09:39]
R3 usbstor;Πρόγραμμα οδήγησης μαζικής αποθήκευσης USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2006-03-02 19:25]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-03 17:26:57 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-02-03 14:59:30 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-08 12:43:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HTpatch = C:\WINDOWS\htpatch.exe?ows\CurrentVersion\Run???\???/??[?????? [?? [???????????????????[???[?L???? [$??????[????????????S??[????????m??[$??~????(?????:~???~??????:~???~???[????????d???b6?[%??[?? [d???"??[A??[???[??:~Z??[?3?[?3?[????st.I???????[????d???0=?[?K?[

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-08 12:43:55
ComboFix-quarantined-files.txt 2008-02-08 10:43:40
.
2008-02-03 20:08:36 --- E O F ---

Hi drakkana

I'm not seeing anything malicous in the logs. Try disabling all your Security programs and changing the resolution before re-enabling them.

If your not sure how to disable them then double-check against the list found >>>HERE<<<

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.

• The program will then begin downloading the latest definition files.
• Once the files have been downloaded click on NEXT
• Locate the Scan Settings button & configure to:
  • Scan using the following Anti-Virus database:
    • Extended
  • Scan Options:
    • Scan Archives
    • Scan Mail Bases
• Click OK & have it scan My Computer
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

* Turn off the real time scanner of any existing antivirus program while performing the online scan

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.

there is a bit of a problem...in how to disable the protection of my antiwirus.. you see.. my antivirus is Symantec Antivirus Server 10.1.6.6000 and it is not on the list of the link you gave me.. Could you tell me how to disable it...?

I'm not familiar with Symantec Antivirus Server but I will ask around. In the meantime right-click on the Symantec Antivirus Server icon in the system tray and see if you have 'Disable Auto-Protect' or something similar.

NOTE: If this program is protecting other computers on a network then make sure they are all offline before you disable it.

OK I've found how to disable auto-protect from my symantec antivirus..so i followed your instructions..and run the kaspersky online scan.. and here are the results..
by the way..i have a serious infection trouble..which maybe the kaspersky will show in it's log..i have posted that infection in this post --> http://www.daniweb.com/forums/thread109343.html

If you know anything about this infection please respond either to my thread above..or tell me if the kasperky log shows anything about this and what could i do to resolve this issue...That's my main issue at this time...

Kaspersky log :


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, February 17, 2008 6:53:32 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 17/02/2008
Kaspersky Anti-Virus database records: 570048
-------------------------------------------------------------------------------


Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true


Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\


Scan Statistics:
Total number of scanned objects: 55693
Number of viruses found: 5
Number of infected objects: 28
Number of suspicious objects: 0
Duration of the scan process: 01:22:31


Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked    skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked    skipped
C:\Documents and Settings\All Users\Application Data\Nero\Nero8\Nero BackItUp\Cache\NeroBackItUpScheduler3.log  Object is locked    skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat    Object is locked    skipped
C:\Documents and Settings\drakkana\Application Data\Mozilla\Firefox\Profiles\9eicgqed.default\cert8.db  Object is locked    skipped
C:\Documents and Settings\drakkana\Application Data\Mozilla\Firefox\Profiles\9eicgqed.default\formhistory.dat   Object is locked    skipped
C:\Documents and Settings\drakkana\Application Data\Mozilla\Firefox\Profiles\9eicgqed.default\history.dat   Object is locked    skipped
C:\Documents and Settings\drakkana\Application Data\Mozilla\Firefox\Profiles\9eicgqed.default\key3.db   Object is locked    skipped
C:\Documents and Settings\drakkana\Application Data\Mozilla\Firefox\Profiles\9eicgqed.default\parent.lock   Object is locked    skipped
C:\Documents and Settings\drakkana\Application Data\Mozilla\Firefox\Profiles\9eicgqed.default\search.sqlite Object is locked    skipped
C:\Documents and Settings\drakkana\Application Data\Mozilla\Firefox\Profiles\9eicgqed.default\urlclassifier2.sqlite Object is locked    skipped
C:\Documents and Settings\drakkana\Cookies\index.dat    Object is locked    skipped
C:\Documents and Settings\drakkana\Local Settings\Application Data\Ahead\Nero Home\bl.db    Object is locked    skipped
C:\Documents and Settings\drakkana\Local Settings\Application Data\Ahead\Nero Home\is2.db   Object is locked    skipped
C:\Documents and Settings\drakkana\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat  Object is locked    skipped
C:\Documents and Settings\drakkana\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat   Object is locked    skipped
C:\Documents and Settings\drakkana\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG   Object is locked    skipped
C:\Documents and Settings\drakkana\Local Settings\Application Data\Mozilla\Firefox\Profiles\9eicgqed.default\Cache\_CACHE_001_  Object is locked    skipped
C:\Documents and Settings\drakkana\Local Settings\Application Data\Mozilla\Firefox\Profiles\9eicgqed.default\Cache\_CACHE_002_  Object is locked    skipped
C:\Documents and Settings\drakkana\Local Settings\Application Data\Mozilla\Firefox\Profiles\9eicgqed.default\Cache\_CACHE_003_  Object is locked    skipped
C:\Documents and Settings\drakkana\Local Settings\Application Data\Mozilla\Firefox\Profiles\9eicgqed.default\Cache\_CACHE_MAP_  Object is locked    skipped
C:\Documents and Settings\drakkana\Local Settings\History\History.IE5\index.dat Object is locked    skipped
C:\Documents and Settings\drakkana\Local Settings\History\History.IE5\MSHist012008021720080218\index.dat    Object is locked    skipped
C:\Documents and Settings\drakkana\Local Settings\Temp\NERO14399\Toolbar.exe    Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm   skipped
C:\Documents and Settings\drakkana\Local Settings\Temporary Internet files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat    Object is locked    skipped
C:\Documents and Settings\drakkana\Local Settings\Temporary Internet files\Content.IE5\index.dat    Object is locked    skipped
C:\Documents and Settings\drakkana\NTUSER.DAT   Object is locked    skipped
C:\Documents and Settings\drakkana\ntuser.dat.LOG   Object is locked    skipped
C:\Documents and Settings\drakkana\Τα έγγραφά μου\Downloads\Nero 8 Ultra Edition 8.2.8.0+Keymaker\Nero-8.2.8.0_eng_trial.exe/Toolbar.exe    Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm   skipped
C:\Documents and Settings\drakkana\Τα έγγραφά μου\Downloads\Nero 8 Ultra Edition 8.2.8.0+Keymaker\Nero-8.2.8.0_eng_trial.exe    7-Zip: infected - 1 skipped
C:\Documents and Settings\drakkana\Τα έγγραφά μου\Ληφθέντα αρχεία\Kante to Windows XP Professional  Original\Kante to Windows XP Professional  Original\keyfinder.exe/data.rar/xpkey.exe    Infected: not-a-virus:PSWTool.Win32.RAS.a   skipped
C:\Documents and Settings\drakkana\Τα έγγραφά μου\Ληφθέντα αρχεία\Kante to Windows XP Professional  Original\Kante to Windows XP Professional  Original\keyfinder.exe/data.rar/officekey.exe    Infected: not-a-virus:PSWTool.Win32.RAS.a   skipped
C:\Documents and Settings\drakkana\Τα έγγραφά μου\Ληφθέντα αρχεία\Kante to Windows XP Professional  Original\Kante to Windows XP Professional  Original\keyfinder.exe/data.rar  Infected: not-a-virus:PSWTool.Win32.RAS.a   skipped
C:\Documents and Settings\drakkana\Τα έγγραφά μου\Ληφθέντα αρχεία\Kante to Windows XP Professional  Original\Kante to Windows XP Professional  Original\keyfinder.exe   RarSFX: infected - 3    skipped
C:\Documents and Settings\drakkana\Τα έγγραφά μου\Ληφθέντα αρχεία\Kante to Windows XP Professional  Original.rar/Kante to Windows XP Professional  Original/keyfinder.exe/data.rar/xpkey.exe    Infected: not-a-virus:PSWTool.Win32.RAS.a   skipped
C:\Documents and Settings\drakkana\Τα έγγραφά μου\Ληφθέντα αρχεία\Kante to Windows XP Professional  Original.rar/Kante to Windows XP Professional  Original/keyfinder.exe/data.rar/officekey.exe    Infected: not-a-virus:PSWTool.Win32.RAS.a   skipped
C:\Documents and Settings\drakkana\Τα έγγραφά μου\Ληφθέντα αρχεία\Kante to Windows XP Professional  Original.rar/Kante to Windows XP Professional  Original/keyfinder.exe/data.rar  Infected: not-a-virus:PSWTool.Win32.RAS.a   skipped
C:\Documents and Settings\drakkana\Τα έγγραφά μου\Ληφθέντα αρχεία\Kante to Windows XP Professional  Original.rar/Kante to Windows XP Professional  Original/keyfinder.exe   Infected: not-a-virus:PSWTool.Win32.RAS.a   skipped
C:\Documents and Settings\drakkana\Τα έγγραφά μου\Ληφθέντα αρχεία\Kante to Windows XP Professional  Original.rar    RAR: infected - 4   skipped
C:\Documents and Settings\LocalService\Cookies\index.dat    Object is locked    skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat   Object is locked    skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG   Object is locked    skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked    skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet files\Content.IE5\index.dat    Object is locked    skipped
C:\Documents and Settings\LocalService\NTUSER.DAT   Object is locked    skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG   Object is locked    skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked    skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked    skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked    skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked    skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT  Object is locked    skipped
C:\Program Files\Common Files\Symantec Shared\Reporting Agents\Win32\ReporterSvc.log    Object is locked    skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log   Object is locked    skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log    Object is locked    skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log   Object is locked    skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log   Object is locked    skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked    skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log   Object is locked    skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log  Object is locked    skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log   Object is locked    skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log   Object is locked    skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log   Object is locked    skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMNot.log    Object is locked    skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMReg.log    Object is locked    skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMRSt.log    Object is locked    skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log   Object is locked    skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log    Object is locked    skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log    Object is locked    skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log   Object is locked    skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log    Object is locked    skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked    skipped
C:\Program Files\mIRC\mirc.exe  Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped
C:\Program Files\Nero\Nero8\Nero BackItUp\BIU1.txt  Object is locked    skipped
C:\Program Files\SAV\SAVRT\0094NAV~.TMP Object is locked    skipped
C:\System Volume Information\MountPointManagerRemoteDatabase    Object is locked    skipped
C:\System Volume Information\_restore{1C53D95C-FF2C-4018-8415-28007609B260}\RP21\A0004514.exe   Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped
C:\System Volume Information\_restore{1C53D95C-FF2C-4018-8415-28007609B260}\RP23\A0004532.exe/stream/data0001/stream/data0014   Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped
C:\System Volume Information\_restore{1C53D95C-FF2C-4018-8415-28007609B260}\RP23\A0004532.exe/stream/data0001/stream    Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped
C:\System Volume Information\_restore{1C53D95C-FF2C-4018-8415-28007609B260}\RP23\A0004532.exe/stream/data0001   Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped
C:\System Volume Information\_restore{1C53D95C-FF2C-4018-8415-28007609B260}\RP23\A0004532.exe/stream    Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped
C:\System Volume Information\_restore{1C53D95C-FF2C-4018-8415-28007609B260}\RP23\A0004532.exe   NSIS: infected - 4  skipped
C:\System Volume Information\_restore{1C53D95C-FF2C-4018-8415-28007609B260}\RP23\A0004534.exe/stream/data0001/stream/data0014   Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped
C:\System Volume Information\_restore{1C53D95C-FF2C-4018-8415-28007609B260}\RP23\A0004534.exe/stream/data0001/stream    Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped
C:\System Volume Information\_restore{1C53D95C-FF2C-4018-8415-28007609B260}\RP23\A0004534.exe/stream/data0001   Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped
C:\System Volume Information\_restore{1C53D95C-FF2C-4018-8415-28007609B260}\RP23\A0004534.exe/stream    Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped
C:\System Volume Information\_restore{1C53D95C-FF2C-4018-8415-28007609B260}\RP23\A0004534.exe   NSIS: infected - 4  skipped
C:\System Volume Information\_restore{1C53D95C-FF2C-4018-8415-28007609B260}\RP28\A0005612.exe/data0000.cab/svch0st.exe  Infected: Backdoor.Win32.Rbot.dsp   skipped
C:\System Volume Information\_restore{1C53D95C-FF2C-4018-8415-28007609B260}\RP28\A0005612.exe/data0000.cab  Infected: Backdoor.Win32.Rbot.dsp   skipped
C:\System Volume Information\_restore{1C53D95C-FF2C-4018-8415-28007609B260}\RP28\A0005612.exe   Rsrc-Package: infected - 2  skipped
C:\System Volume Information\_restore{1C53D95C-FF2C-4018-8415-28007609B260}\RP54\A0007113.exe   Infected: Backdoor.Win32.IRCBot.bhw skipped
C:\System Volume Information\_restore{1C53D95C-FF2C-4018-8415-28007609B260}\RP66\change.log Object is locked    skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked    skipped
C:\WINDOWS\SchedLgU.Txt Object is locked    skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{8786E4E6-F291-473B-B756-9F40F28B8A46}.bin   Object is locked    skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked    skipped
C:\WINDOWS\Sti_Trace.log    Object is locked    skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked    skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked    skipped
C:\WINDOWS\system32\config\default  Object is locked    skipped
C:\WINDOWS\system32\config\default.LOG  Object is locked    skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked    skipped
C:\WINDOWS\system32\config\SAM  Object is locked    skipped
C:\WINDOWS\system32\config\SAM.LOG  Object is locked    skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked    skipped
C:\WINDOWS\system32\config\SECURITY Object is locked    skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked    skipped
C:\WINDOWS\system32\config\software Object is locked    skipped
C:\WINDOWS\system32\config\software.LOG Object is locked    skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked    skipped
C:\WINDOWS\system32\config\system   Object is locked    skipped
C:\WINDOWS\system32\config\system.LOG   Object is locked    skipped
C:\WINDOWS\system32\drivers\sptd.sys    Object is locked    skipped
C:\WINDOWS\system32\h323log.txt Object is locked    skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR    Object is locked    skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP    Object is locked    skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER  Object is locked    skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked    skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked    skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked    skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP  Object is locked    skipped
C:\WINDOWS\wiadebug.log Object is locked    skipped
C:\WINDOWS\wiaservc.log Object is locked    skipped
C:\WINDOWS\WindowsUpdate.log    Object is locked    skipped
D:\System Volume Information\MountPointManagerRemoteDatabase    Object is locked    skipped
D:\System Volume Information\_restore{1C53D95C-FF2C-4018-8415-28007609B260}\RP66\change.log Object is locked    skipped


Scan process completed.

Download MsnCleaner_eng.zip but don't use it yet.

• Now reboot into Safe Mode
• Double-click MsnCleaner_eng.exe to run it.
• Click the Analyze button.
• A report will be created once after you finish scan.
• If it finds an infection, click the Deleted button.
• Now, please reboot back to normal mode.
• Please post the contents of C:\MsnCleaner.txt in a reply to this post.

Post a new HijackThis log

- Logfile MSNCleaner 1.5.5 by www.forospyware.com
- Created Logfile: 17/2/2008 on 10:40:16 μμ
- Operative System: Windows XP
- Boot mode: Safe mode
_________________________________________

Detected files: 1
Deleted file: 1
Undeleted Files: 0

C:\WINDOWS\nsreg.dat <--- Deleted

Host file Restored

AND THE HIJACK LOG :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:48:59 μμ, on 17/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SAV\DefWatch.exe
C:\WINDOWS\system32\CBA\pds.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Common Files\Symantec Shared\Reporting Agents\Win32\ReporterSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\SAV\Rtvscan.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SAV\VPTray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\SAGEM\CONN-X SAGEM Fast 800\dslmon.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\mIRC\mirc.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Συνδέσεις
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Βοηθός εισόδου του Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SAV\VPTray.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [uoxhotgmr] C:\WINDOWS\system32\uoxhotgmr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\RunServices: [uoxhotgmr] C:\WINDOWS\system32\uoxhotgmr.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9CE5DDF0-EC01-4D7D-BAA0-7A8B9DEF9930}: NameServer = 195.170.0.1 195.170.2.2
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\SAV\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\CBA\pds.exe
O23 - Service: Print Spooler Service (iwgoa8oi) - Unknown owner - C:\WINDOWS\system32\uoxhotgmr.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Reporting Agents (Reporting) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Reporting Agents\Win32\ReporterSvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\SAV\Rtvscan.exe

--
End of file - 9665 bytes

Delete your copy of ComboFix and download an updated version from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\system32\uoxhotgmr.exe
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uoxhotgmr"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"uoxhotgmr"=-
Driver::
iwgoa8oi

Save this asCFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at"C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Please post "C:\ComboFix.txt" along with a new HijackThis log and an update on system behaviour

First of all.. you didn't specify when i should run the combofix.exe so I am gonna ask you first if i did it at the right time..
I first created the CFScript.txt and dragged it on the Combofix.exe (both saved on my desktop)..And after that i run the combofix.exe..
Right??

So.. here are the results..

ComboFix 08-02-18.1 - drakkana 2008-02-18 15:16:51.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1253.1.1032.18.217 [GMT 2:00]
Running from: C:\Documents and Settings\drakkana\Επιφάνεια εργασίας\ComboFix.exe
Command switches used :: C:\Documents and Settings\drakkana\Επιφάνεια εργασίας\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\uoxhotgmr.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

hxxp://au.download.windowsupdate.cυj
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_IWGOA8OI
-------\iwgoa8oi

((((((((((((((((((((((((( Files Created from 2008-01-18 to 2008-02-18 )))))))))))))))))))))))))))))))
.

2008-02-18 14:42 . 2008-02-18 14:42 <DIR> d-------- C:\VundoFix Backups
2008-02-17 15:47 . 2008-02-17 15:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-02-17 15:45 . 2008-02-17 15:45 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-02-17 15:40 . 2008-01-22 14:42 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-02-17 15:39 . 2008-02-17 15:41 <DIR> d-------- C:\Program Files\ATI Technologies
2008-02-17 13:21 . 2008-02-17 13:21 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-17 13:21 . 2008-02-17 13:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-17 02:06 . 2008-02-17 02:06 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-02-16 20:34 . 2007-01-04 13:01 61,536 -ra------ C:\WINDOWS\system32\drivers\sea1bus.sys
2008-02-16 20:34 . 2007-01-04 13:01 5,872 -ra------ C:\WINDOWS\system32\drivers\sea1whnt.sys
2008-02-16 20:34 . 2007-01-04 13:01 5,872 -ra------ C:\WINDOWS\system32\drivers\sea1wh.sys
2008-02-16 20:32 . 2008-02-16 20:32 <DIR> d-------- C:\Program Files\Disc2Phone
2008-02-16 20:09 . 2008-02-16 20:09 <DIR> d-------- C:\WINDOWS\system32\URTTEMP
2008-02-16 11:47 . 2008-02-16 21:37 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-02-15 22:17 . 2008-02-15 22:17 <DIR> d-------- C:\Documents and Settings\drakkana\Application Data\Nero
2008-02-15 22:13 . 2008-02-15 22:13 <DIR> d-------- C:\Program Files\Nero
2008-02-15 22:13 . 2008-02-15 22:15 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-02-15 22:13 . 2008-02-15 22:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-02-14 15:30 . 2008-02-14 15:30 <DIR> d-------- C:\Program Files\C-Media 3D Audio
2008-02-14 15:30 . 2000-10-20 12:28 765,952 --a------ C:\WINDOWS\system\crlds3d.dll
2008-02-14 15:30 . 2001-11-23 06:08 712,704 --a------ C:\WINDOWS\system32\Audio3D.dll
2008-02-14 15:30 . 2002-09-30 14:24 417,999 --a------ C:\WINDOWS\system32\drivers\cmuda.sys
2008-02-14 15:30 . 2002-08-12 13:18 380,928 --a------ C:\WINDOWS\system\cmicnfg.cpl
2008-02-14 15:30 . 2002-09-30 11:02 49,152 --a------ C:\WINDOWS\system32\cmuda.dll
2008-02-14 15:30 . 2002-08-01 07:54 28,672 --a------ C:\WINDOWS\system32\udaprop.dll
2008-02-14 14:31 . 2008-02-14 14:21 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-14 14:31 . 2008-02-14 14:31 3,458 --a------ C:\WINDOWS\unins000.dat
2008-02-14 14:19 . 2008-02-16 20:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-14 13:56 . 2008-02-14 13:56 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-14 13:56 . 2008-02-14 13:56 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-13 20:02 . 2008-02-13 20:02 268 --ah----- C:\sqmdata19.sqm
2008-02-13 20:02 . 2008-02-13 20:02 244 --ah----- C:\sqmnoopt19.sqm
2008-02-13 00:25 . 2008-02-13 00:25 268 --ah----- C:\sqmdata18.sqm
2008-02-13 00:25 . 2008-02-13 00:25 244 --ah----- C:\sqmnoopt18.sqm
2008-02-12 16:57 . 2008-02-12 16:57 268 --ah----- C:\sqmdata17.sqm
2008-02-12 16:57 . 2008-02-12 16:57 244 --ah----- C:\sqmnoopt17.sqm
2008-02-10 16:40 . 2008-02-10 16:40 25 --a------ C:\WINDOWS\cdplayer.ini
2008-02-10 16:37 . 2008-02-10 16:37 <DIR> d-------- C:\Program Files\Real
2008-02-10 16:37 . 2008-02-10 16:37 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-02-10 16:37 . 2008-02-10 16:37 <DIR> d-------- C:\Program Files\Common Files\Real
2008-02-10 16:36 . 2008-02-10 16:36 <DIR> d-------- C:\Program Files\Google
2008-02-10 14:54 . 2008-02-12 12:14 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-02-10 14:42 . 2008-02-14 14:03 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-02-10 12:11 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-02-10 12:11 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-02-09 13:11 . 2008-02-09 13:11 268 --ah----- C:\sqmdata16.sqm
2008-02-09 13:11 . 2008-02-09 13:11 244 --ah----- C:\sqmnoopt16.sqm
2008-02-08 12:39 . 2008-02-08 12:39 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-08 12:21 . 2008-02-08 12:21 268 --ah----- C:\sqmdata15.sqm
2008-02-08 12:21 . 2008-02-08 12:21 244 --ah----- C:\sqmnoopt15.sqm
2008-02-08 12:18 . 2008-02-08 12:18 268 --ah----- C:\sqmdata14.sqm
2008-02-08 12:18 . 2008-02-08 12:18 244 --ah----- C:\sqmnoopt14.sqm
2008-02-07 21:53 . 2008-02-07 21:53 268 --ah----- C:\sqmdata13.sqm
2008-02-07 21:53 . 2008-02-07 21:53 244 --ah----- C:\sqmnoopt13.sqm
2008-02-07 14:24 . 2008-02-15 23:00 <DIR> d-------- C:\Program Files\DC++
2008-02-06 15:16 . 2008-02-06 15:16 268 --ah----- C:\sqmdata12.sqm
2008-02-06 15:16 . 2008-02-06 15:16 244 --ah----- C:\sqmnoopt12.sqm
2008-02-06 15:06 . 2008-02-06 15:06 <DIR> d-------- C:\Documents and Settings\All Users\SonicStage
2008-02-06 15:03 . 2008-02-06 15:03 268 --ah----- C:\sqmdata11.sqm
2008-02-06 15:03 . 2008-02-06 15:03 244 --ah----- C:\sqmnoopt11.sqm
2008-02-06 15:02 . 2008-02-06 15:02 <DIR> d-------- C:\Program Files\Sony Corporation
2008-02-06 15:02 . 2001-09-13 02:15 90,112 --------- C:\WINDOWS\snymsico.dll
2008-02-06 15:02 . 2002-08-08 15:51 38,951 --------- C:\WINDOWS\system32\drivers\NETMDUSB.sys
2008-02-06 15:02 . 2005-10-31 10:46 36,679 --------- C:\WINDOWS\system32\drivers\NETMD052.sys
2008-02-06 15:02 . 2003-11-10 12:31 36,232 --------- C:\WINDOWS\system32\drivers\NETMD033.sys
2008-02-06 15:02 . 2003-04-01 18:55 35,319 --------- C:\WINDOWS\system32\drivers\NETMD031.sys
2008-02-06 15:02 . 2001-08-31 15:07 27,255 --------- C:\WINDOWS\system32\drivers\NWWMUSB.sys
2008-02-06 15:02 . 2002-09-11 10:20 11,510 --------- C:\WINDOWS\system32\drivers\VMCUSB.sys
2008-02-06 15:01 . 2008-02-06 15:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Corporation
2008-02-06 15:01 . 2005-09-08 10:22 765,952 --a------ C:\WINDOWS\system32\CDDBUISony.dll
2008-02-06 15:01 . 2005-10-11 21:46 598,016 --a------ C:\WINDOWS\system32\CDDBControlSony.dll
2008-02-06 15:01 . 2005-09-08 10:09 565,248 --a------ C:\WINDOWS\system32\CddbMusicIDSony.dll
2008-02-06 15:01 . 2005-09-08 10:21 73,728 --a------ C:\WINDOWS\system32\CddbLinkSony.dll
2008-02-06 15:00 . 2008-02-06 15:02 <DIR> d-------- C:\Program Files\Sony
2008-02-06 14:59 . 2008-02-06 15:02 <DIR> d-------- C:\Program Files\Common Files\Sony Shared
2008-02-06 14:59 . 2008-02-06 15:06 <DIR> d-------- C:\Documents and Settings\drakkana\Application Data\Sony Corporation
2008-02-05 23:49 . 2008-02-05 23:49 268 --ah----- C:\sqmdata10.sqm
2008-02-05 23:49 . 2008-02-05 23:49 244 --ah----- C:\sqmnoopt10.sqm
2008-02-05 18:01 . 2008-02-05 18:01 268 --ah----- C:\sqmdata09.sqm
2008-02-05 18:01 . 2008-02-05 18:01 244 --ah----- C:\sqmnoopt09.sqm
2008-02-04 18:14 . 2008-02-04 18:14 268 --ah----- C:\sqmdata08.sqm
2008-02-04 18:14 . 2008-02-04 18:14 244 --ah----- C:\sqmnoopt08.sqm
2008-02-04 16:01 . 2008-02-04 16:01 268 --ah----- C:\sqmdata07.sqm
2008-02-04 16:01 . 2008-02-04 16:01 244 --ah----- C:\sqmnoopt07.sqm
2008-02-04 15:52 . 2008-02-04 15:52 268 --ah----- C:\sqmdata06.sqm
2008-02-04 15:52 . 2008-02-04 15:52 244 --ah----- C:\sqmnoopt06.sqm
2008-02-03 22:07 . 2008-02-18 15:18 268 --ah----- C:\sqmdata05.sqm
2008-02-03 22:07 . 2008-02-18 15:18 244 --ah----- C:\sqmnoopt05.sqm
2008-02-03 17:01 . 2008-02-03 19:30 <DIR> d-------- C:\Documents and Settings\drakkana\Application Data\Uniblue
2008-02-03 16:52 . 2008-02-03 16:52 <DIR> d-------- C:\WINDOWS\Sun
2008-02-03 15:03 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-03 15:02 . 2008-02-03 15:03 <DIR> d-------- C:\Program Files\Java
2008-02-03 15:00 . 2008-02-03 15:00 <DIR> d-------- C:\Program Files\Common Files\Java
2008-02-03 12:25 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-02-03 12:25 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-02-03 12:25 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-02-03 12:15 . 2008-02-03 12:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-03 12:04 . 2008-02-18 03:54 268 --ah----- C:\sqmdata04.sqm
2008-02-03 12:04 . 2008-02-18 03:54 244 --ah----- C:\sqmnoopt04.sqm
2008-02-03 11:57 . 2008-02-17 22:34 244 --ah----- C:\sqmnoopt03.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-18 12:43 --------- d-----w C:\Documents and Settings\drakkana\Application Data\mIRC
2008-02-06 13:00 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-02 15:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-02 15:04 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-02-02 14:30 31 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg
2008-02-02 14:30 --------- d-----w C:\Program Files\SAGEM
2008-02-02 14:21 --------- d-----w C:\Program Files\SYMANTEC ANTIVIRUS CORPORATE EDITION v10.1.6.6000 - ARNiSO
2008-02-02 14:17 --------- d-----w C:\Program Files\DAEMON Tools
2008-02-02 14:15 682,232 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-02-02 14:12 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-02-02 14:11 --------- d-----w C:\Program Files\Microsoft.NET
2008-02-02 14:07 --------- d-----w C:\Program Files\Microsoft IntelliType Pro
2008-02-02 14:07 --------- d-----w C:\Program Files\Microsoft IntelliPoint
2008-02-02 13:33 --------- d-----w C:\Documents and Settings\drakkana\Application Data\Φάκελος Αποστολής Share-to-Web
2008-02-02 12:49 --------- d-----w C:\Program Files\microsoft frontpage
2008-01-22 21:38 2,845,696 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-13 17:09 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2007-12-04 07:59 972,072 ----a-w C:\WINDOWS\UNRecode.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-04 06:45 15360]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29 165784]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-02-10 16:36 171448]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 19:10 1688872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 12:15 106496]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 04:19 69632]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 10:51 172032]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2004-06-03 10:50 204800]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 17:38 52840]
"vptray"="C:\PROGRA~1\SAV\VPTray.exe" [2007-03-14 19:49 125632]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-16 00:54 37376]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 02:36 81920]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-10 16:37 185896]
"Cmaudio"="cmicnfg.cpl" []
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
"Ad-Watch"="C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe" [2008-01-11 10:57 2684280]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-09-04 06:45 15360]

R2 Reporting;Reporting Agents;"C:\Program Files\Common Files\Symantec Shared\Reporting Agents\Win32\ReporterSvc.exe" [2007-03-14 15:09]
R2 SiSMon;sismon;C:\WINDOWS\system32\drivers\sismon.sys [1999-03-31 09:55]
R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2006-05-04 18:50]
R3 usbstor;Πρόγραμμα οδήγησης μαζικής αποθήκευσης USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2006-03-02 19:25]
S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);C:\WINDOWS\system32\DRIVERS\sea1bus.sys [2007-01-04 13:01]
S3 SiS7012;Service for AC'97 Sample Driver (WDM);C:\WINDOWS\system32\drivers\sis7012.sys [2002-11-04 09:39]
S3 usbscan;Πρόγραμμα οδήγησης σαρωτή USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]

*Newly Created Service* - AD-WATCH_REAL-TIME_SCANNER
.
Contents of the 'Scheduled Tasks' folder
"2008-02-03 17:26:57 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-02-03 14:59:30 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-18 15:21:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Ad-Watch Real-Time Scanner]
"ImagePath"="\??\C:\WINDOWS\system32\drivers\AWRTPD.sys"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\SAV\DefWatch.exe
C:\WINDOWS\system32\CBA\pds.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\SAV\Rtvscan.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\System32\imapi.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Completion time: 2008-02-18 15:25:24 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-18 13:25:14
ComboFix2.txt 2008-02-08 10:43:56
.
2008-02-17 13:56:40 --- E O F ---

And a new hijackthis log ..:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:30:00 μμ, on 18/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SAV\DefWatch.exe
C:\WINDOWS\system32\CBA\pds.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Common Files\Symantec Shared\Reporting Agents\Win32\ReporterSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SAV\Rtvscan.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SAV\VPTray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Συνδέσεις
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Βοηθός εισόδου του Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SAV\VPTray.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9CE5DDF0-EC01-4D7D-BAA0-7A8B9DEF9930}: NameServer = 195.170.0.1 195.170.2.2
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\SAV\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\CBA\pds.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Reporting Agents (Reporting) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Reporting Agents\Win32\ReporterSvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\SAV\Rtvscan.exe

--
End of file - 9141 bytes

Hi drakkana

Yes that was right, dropping CFScript onto ComboFix will run the tool using the script.

Delete the following Folder

C:\Documents and Settings\drakkana\Τα έγγραφά μου\Downloads\Nero 8 Ultra Edition 8.2.8.0+Keymaker

----------------------------------

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

-----------------------------------------------------------------

• Double-click

ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.If you use Firefox browser

• Click

Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser

• Click

Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

-----------------------------------------------------------------

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:

• Download the latest version of Java Runtime Environment (JRE) 6u4.
• Scroll down to where it says "The Java SE Runtime Environment (JRE) allows end-users to run Java applications".
• Click the "Download" button to the right.
• In the pull down menu next to Platform select Windows
• Check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement"
• Click Continue
• Click on the link to download Windows Offline Installation and save to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6u4-windowsi586-p.exe to install the newest version.

-----------------------------------------------------------------

• Please go to the following link ESET Online Scanner Link
• Tick the box YES, I accept the Terms Of Use
• Click the Start button
• Now click the Install button
• Click Start

  The scanner engine will initialise and update
  

• Do Not tick the box Remove found threats
• Click the Scan button

  The scan will now run, please be patient
  

• When the scan finishes click the Details tab
• Copy and paste the contents of the %ProgramFiles%\EsetOnlineScanner\log.txt back here.

-----------------------------

Please post %ProgramFiles%\EsetOnlineScanner\log.txt and a new HijackThis log along with an update on system behaviour

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=2885 (20080219)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=29265571bc7ec146a0131a06c5a478f9
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2008-02-19 01:42:43
# local_time=2008-02-19 03:42:43 )
# country="Greece"
# osver=5.1.2600 NT Service Pack 2
# scanned=202061
# found=3
# scan_time=2587
C:\Documents and Settings\drakkana\Τα έγγραφά μου\Ληφθέντα αρχεία\Kante to Windows XP Professional Original.rar probably a variant of Win32/TrojanDownloader.Agent trojan E3D7489E0F1A10398B9DA1DCD298FD24
C:\Documents and Settings\drakkana\Τα έγγραφά μου\Ληφθέντα αρχεία\Kante to Windows XP Professional Original.rar »RAR »Kante to Windows XP Professional Original\KeyGen.exe probably a variant of Win32/TrojanDownloader.Agent trojan 00000000000000000000000000000000
C:\Documents and Settings\drakkana\Τα έγγραφά μου\Ληφθέντα αρχεία\Kante to Windows XP Professional Original\Kante to Windows XP Professional Original\KeyGen.exe probably a variant of Win32/TrojanDownloader.Agent trojan D638DC0AE606AEC45EAF64AB43C93912

that was the eset log..
The hijackthis log :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:00:26 μμ, on 19/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SAV\DefWatch.exe
C:\WINDOWS\system32\CBA\pds.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SAV\VPTray.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\Symantec Shared\Reporting Agents\Win32\ReporterSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SAV\Rtvscan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\SAGEM\CONN-X SAGEM Fast 800\dslmon.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Συνδέσεις
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Βοηθός εισόδου του Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SAV\VPTray.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9CE5DDF0-EC01-4D7D-BAA0-7A8B9DEF9930}: NameServer = 195.170.0.1 195.170.2.2
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\SAV\DefWatch.exe
O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\CBA\pds.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Reporting Agents (Reporting) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Reporting Agents\Win32\ReporterSvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\SAV\Rtvscan.exe

--
End of file - 8719 bytes

Is there any sign of the trojan-vrus zip that i was sent from messenger? I have a thread about it..

No MSNCleaner dealt with that infection, your friend should get cleaned up too. Are you still having issues?

Delete the following

C:\Documents and Settings\drakkana\Τα έγγραφά μου\Ληφθέντα αρχεία\Kante to Windows XP Professional Original.rar
:\Documents and Settings\drakkana\Τα έγγραφά μου\Ληφθέντα αρχεία\Kante to Windows XP Professional Original\Kante to Windows XP Professional Original\KeyGen.exe

deleted them.. no sign of mislead yes?

deleted them.. no sign of mislead yes?

All gone.

Kindly follow these simple steps in order to keep your computer clean and secure:

1. 
   
2. UNINSTALL COMBOFIX
   This process will also perform some final cleanup steps
   Click Start > Run and type ComboFix /u

   
   

3. ANTIVIRUS SOFTWARE
   It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

   See this link for a listing of some online & their stand-alone antivirus programs:

   Virus, Spyware, and Malware Protection and Removal Resources

   It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

   
   

4. FIREWALL
   Without a firewall your computer is succeptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. A tutorial on Firewalls and a listing of some available ones can be found here.

   
   

5. Microsoft Windows Update
   Visit windowsupdate.com regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

   
   

6. SPYBOT - SEARCH & DESTROY
   Download and install Spybot - Search & Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with the program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here

   
   

7. AD-AWARE
   Download and install Ad-Aware. You should use this program to scan your computer on a regular basis just as you would an antivirus software in conjunction with Spybot. A tutorial on installing & using this product can be found here

Update all these programs regularly. Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically. Here are some additional utilities that will further enhance your safety.

• Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
• Firefox - Use this alternate browser. Whilst Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness.
• Sun's Java - It's much more secure than Microsoft's Java Virtual Machine.
• Google Toolbar - Get the free google toolbar to help stop pop up windows.
• CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
• ERUNT - A useful freeware utility for users of Windows 2000/XP. It's made up of two parts - ERUNT & NTREGOPT.

  ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry.

  NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.

• Winpatrol - Download and install the free version of Winpatrol.
  A tutorial for this product is located here:
  Using Winpatrol to protect your computer from malicious software

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein

After doing all these, your system will be optimised against future threats.

It's okay to delete the Hijack This folder in a couple weeks if everything is working okay.
Have a safe & happy computing day.

If there are no more issues please mark this thread as resolved.