WinBlueSoft - crying for help

Oh great, it's the first time I get virus and it's new one.

I did everything you said but I still don't have connection.

Okay, post a new Hijack This log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:24:24, on 23.6.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\DOCUME~1\Kordic\LOCALS~1\Temp\bcle.exe
C:\DOCUME~1\Kordic\LOCALS~1\Temp\rhlni.exe
C:\Program Files\Mozilla Firefox\firefox.exe
\Arhitekt-397a7d\c\MGtools\analyse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ba/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5757
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Win32 Firewall] C:\DOCUME~1\Kordic\LOCALS~1\Temp\298.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Win32 Firewall] C:\DOCUME~1\Kordic\LOCALS~1\Temp\298.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-583907252-1202660629-682003330-1003\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Kordic')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Bluetooth.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: I&zvoz u Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Istraživanje - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=29223
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

--
End of file - 6894 bytes

if it means anything....I'm able to connect to your page through Firefox but only your page. IE and Opera are not working.

Hello.

• Open HijackThis
  
• Choose "Do a system scan only"
  
• Check the boxes in front of these lines:
  
  
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5757
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
  O4 - HKLM\..\Run: [Win32 Firewall] C:\DOCUME~1\Kordic\LOCALS~1\Temp\298.exe
  O4 - HKCU\..\Run: [Win32 Firewall] C:\DOCUME~1\Kordic\LOCALS~1\Temp\298.exe
  O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
  
  
  
• Press "Fix Checked"
  
• Close Hijack This.
  

Can you run an MBAM scan again?

Malwarebytes' Anti-Malware 1.38
Database version: 2283
Windows 5.1.2600 Service Pack 2

23.6.2009 22:05:28
mbam-log-2009-06-23 (22-05-23).txt

Scan type: Quick Scan
Objects scanned: 97392
Time elapsed: 3 minute(s), 16 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 11
Folders Infected: 0
Files Infected: 9

Memory Processes Infected:
C:\Documents and Settings\Kordic\Local Settings\Temp\bcle.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Kordic\Local Settings\Temp\rhlni.exe (Trojan.Downloader) -> No action taken.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Backdoor.Bot) -> No action taken.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{5864cb14-1664-4ecb-bea0-f37208407bfa}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.225,85.255.112.199 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{e70f942a-4cc0-4075-bfa4-274b1f4f1211}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.225,85.255.112.199 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{5864cb14-1664-4ecb-bea0-f37208407bfa}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.225,85.255.112.199 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{e70f942a-4cc0-4075-bfa4-274b1f4f1211}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.225,85.255.112.199 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{5864cb14-1664-4ecb-bea0-f37208407bfa}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.225,85.255.112.199 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{e70f942a-4cc0-4075-bfa4-274b1f4f1211}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.225,85.255.112.199 -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Kordic\Local Settings\Temp\bcle.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Kordic\Local Settings\Temp\rhlni.exe (Trojan.Downloader) -> No action taken.
c:\RECYCLER\s-1-5-21-1708502002-5774778955-212626128-2853\rundll32.exe (Trojan.Dropper) -> No action taken.
c:\program files\outlook express\wab.exe.tmp (Trojan.Downloader) -> No action taken.
c:\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job (Trojan.FakeAlert) -> No action taken.
c:\WINDOWS\Temp\tempo-2191406.tmp (Trojan.DNSChanger) -> No action taken.
c:\WINDOWS\Temp\tempo-2192734.tmp (Trojan.DNSChanger) -> No action taken.
c:\WINDOWS\system32\MSIVXanxylksdotehtivyfxonkdirapuhpqwb.dll (Trojan.Agent) -> No action taken.
c:\WINDOWS\system32\MSIVXdjlnmplwnabwqwaihtirhrivrjkxgokl.dll (Trojan.Agent) -> No action taken.

Are you removing these? every MBAM log you've given us says no action taken. The items found need to be removed, because something is regenerating the infection.

I made new scan every time.

Yes, but did you remove everything it found?

God I feel stupid now. I'm so sorry, I don't know anything about these things so I didn't do anything but scanned. :ashamed:

here's the list now..

Malwarebytes' Anti-Malware 1.38
Database version: 2283
Windows 5.1.2600 Service Pack 2

23.6.2009 22:20:01
mbam-log-2009-06-23 (22-20-01).txt

Scan type: Quick Scan
Objects scanned: 97404
Time elapsed: 1 minute(s), 26 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 11
Folders Infected: 0
Files Infected: 9

Memory Processes Infected:
C:\Documents and Settings\Kordic\Local Settings\Temp\bcle.exe (Trojan.Agent) -> Unloaded process successfully.
C:\Documents and Settings\Kordic\Local Settings\Temp\rhlni.exe (Trojan.Downloader) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Backdoor.Bot) -> Delete on reboot.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{5864cb14-1664-4ecb-bea0-f37208407bfa}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.225,85.255.112.199 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{e70f942a-4cc0-4075-bfa4-274b1f4f1211}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.225,85.255.112.199 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{5864cb14-1664-4ecb-bea0-f37208407bfa}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.225,85.255.112.199 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{e70f942a-4cc0-4075-bfa4-274b1f4f1211}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.225,85.255.112.199 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{5864cb14-1664-4ecb-bea0-f37208407bfa}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.225,85.255.112.199 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{e70f942a-4cc0-4075-bfa4-274b1f4f1211}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.225,85.255.112.199 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Kordic\Local Settings\Temp\bcle.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kordic\Local Settings\Temp\rhlni.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\RECYCLER\s-1-5-21-1708502002-5774778955-212626128-2853\rundll32.exe (Trojan.Dropper) -> Delete on reboot.
c:\program files\outlook express\wab.exe.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\tempo-2191406.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\tempo-2192734.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MSIVXanxylksdotehtivyfxonkdirapuhpqwb.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MSIVXdjlnmplwnabwqwaihtirhrivrjkxgokl.dll (Trojan.Agent) -> Quarantined and deleted successfully.

Hmm.
First, please let MBAM reboot when it needs to, and then when back in normal mode, open MBAM again.
Go into the update tab, and check for the latest updates, once you have the latest updates, please run a new scan.

I did the update and scanned it twice....this is what is left :

Malwarebytes' Anti-Malware 1.38
Database version: 2326
Windows 5.1.2600 Service Pack 2

23.6.2009 23:36:30
mbam-log-2009-06-23 (23-36-27).txt

Scan type: Quick Scan
Objects scanned: 99191
Time elapsed: 3 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 5
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

No action taken again.
Please remove the items found.

I keep removing them, rebooting but they are there again.

I'm doing scans, removing, rebooting all the time but there are always something left.

I already tried that dds, it's not working...just bunch of letters.

Try Combofix again even though Nod32 is active.

ComboFix 09-06-23.01 - Kordic 24.06.2009 19:10.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3071.2647 [GMT 2:00]
Running from: c:\documents and settings\Kordic\Desktop\Combo-Fix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-1708502002-5774778955-212626128-2853
c:\recycler\S-1-5-21-1708502002-5774778955-212626128-2853\Desktop.ini
c:\windows\10039noz-a-viru5900.exe
c:\windows\104489irus1zf5.dll
c:\windows\10526ha9kt5ol7zd.exe
c:\windows\105999ormz9d.ocx
c:\windows\1112h5c9tozl2fa.bin
c:\windows\1126downloa5ez2954.ocx
c:\windows\112a59ealz662.cpl
c:\windows\11373tr95z20.dll
c:\windows\11fct5izf693.ocx
c:\windows\11z29vi9usa5.bin
c:\windows\121zd5wnload9r1137.bin
c:\windows\12204tr9z5e.exe
c:\windows\12713troz995.ocx
c:\windows\12994zroj165.bin
c:\windows\12z10sp5mbo97b7.ocx
c:\windows\13146zir5s569.exe
c:\windows\139495roj27z.ocx
c:\windows\1402z5r595.exe
c:\windows\141359py4ez5.exe
c:\windows\1489zspy58a.dll
c:\windows\1529ddzare930.dll
c:\windows\15303spambz98d.bin
c:\windows\15309n9z-a-virus5ce.dll
c:\windows\155839roj2z.exe
c:\windows\1558595t-azvirus142.cpl
c:\windows\15595hac5toolz27.cpl
c:\windows\15995zirus39d.cpl
c:\windows\15c9stez52887.ocx
c:\windows\16325not-z-virus39a.cpl
c:\windows\16589wo5m194z.ocx
c:\windows\16832zo9-a-viru5450.dll
c:\windows\16955spy3ze.cpl
c:\windows\169z4spy558.cpl
c:\windows\16z59spamb9t5ae.dll
c:\windows\17512szy9b0.bin
c:\windows\175519ozm4155.ocx
c:\windows\175519ozm759.bin
c:\windows\18026hack95ol485z.ocx
c:\windows\182445a9ktool10z.dll
c:\windows\184575roj3z9.dll
c:\windows\1854th9eat16687z.bin
c:\windows\18659not-a9zirus7f7.cpl
c:\windows\18z49not-a-v9rus4f45.cpl
c:\windows\19174trojze5.exe
c:\windows\192569ozm174.dll
c:\windows\19deback5ooz2379.exe
c:\windows\19efsparse25z2.dll
c:\windows\19f7backdoo51388z.cpl
c:\windows\1a6es9arze150.bin
c:\windows\1b88addwa95z611.ocx
c:\windows\1c2695r12z9.bin
c:\windows\1ca7downlo5dez28379.exe
c:\windows\1d8za9dwar5540.bin
c:\windows\1e59downl9azer602.exe
c:\windows\1fd0thie915z35.ocx
c:\windows\20795wor565z9.exe
c:\windows\208z1wo9m7a45.cpl
c:\windows\20z0download5r1949.cpl
c:\windows\213e59arsez087.bin
c:\windows\21839spy5c9z.ocx
c:\windows\21891troz519.cpl
c:\windows\2245hac9t5oza0.bin
c:\windows\225spy5zre9541.bin
c:\windows\22889h5ckzoo9153.bin
c:\windows\2322s9yware29z35.cpl
c:\windows\23253t5zj9e.exe
c:\windows\23305h9cktool54z.ocx
c:\windows\23478v9ru583z.dll
c:\windows\23559spy71z.dll
c:\windows\23631vir9sz5.dll
c:\windows\23z5virus779.ocx
c:\windows\23z65hacktoo5947.ocx
c:\windows\244ha9ktozl1155.exe
c:\windows\2495zw9rm314.cpl
c:\windows\24ath95at77z6.cpl
c:\windows\24e95ir47z.dll
c:\windows\25154spy4ez9.dll
c:\windows\25508not-a-vzr9saf.dll
c:\windows\25511worm597z.exe
c:\windows\25530hazkt5ol1b9.dll
c:\windows\25622sp539fz.dll
c:\windows\25794szambotc5.ocx
c:\windows\2599vi5294z.cpl
c:\windows\259fdoznloader1308.dll
c:\windows\25a0sp59sez18.ocx
c:\windows\26127hacktoz599b.exe
c:\windows\2631zh5ckto9l189.exe
c:\windows\26545szy98.dll
c:\windows\265a9ddwaz53255.bin
c:\windows\26613sp5zbot194.cpl
c:\windows\26d5spyw9re265z.exe
c:\windows\26z84not-a-vir9s55e.bin
c:\windows\2748395ojzb4.cpl
c:\windows\276z6s59562.ocx
c:\windows\279fdownl5adzr2749.cpl
c:\windows\27afszar9e1895.exe
c:\windows\27za9dware2252.cpl
c:\windows\2840thie9125z.bin
c:\windows\28588trzj1549.bin
c:\windows\287015orm3z19.exe
c:\windows\28771no95a-vizus1ed.dll
c:\windows\290dbazkdoor2539.exe
c:\windows\29265zirus3549.cpl
c:\windows\29662tzoj5f9.dll
c:\windows\2976t5rezt1915.bin
c:\windows\29900spy9z5.ocx
c:\windows\29955zor93d7.cpl
c:\windows\29988hackt9zl590.exe
c:\windows\29a7tz5ef9185.cpl
c:\windows\2ac4szars51970.exe
c:\windows\2bbfstza5189.cpl
c:\windows\2d5azpyw9re1236.cpl
c:\windows\2d9b5hreaz9028.exe
c:\windows\2dz69pyware2751.exe
c:\windows\2z129w5rm19e.bin
c:\windows\2z2asparse1559.dll
c:\windows\2z315spam59t5f0.exe
c:\windows\2z6895rus53f.exe
c:\windows\30028ha9ktozl7345.ocx
c:\windows\3008495zm7ad.bin
c:\windows\3064ziru91575.bin
c:\windows\31443zot-5-vir9s2ab.bin
c:\windows\3169downloader1z05.bin
c:\windows\31798hacktoo544z.bin
c:\windows\317z9roj33e5.bin
c:\windows\31858w9rm6d5z.dll
c:\windows\31c5sp9rsez960.bin
c:\windows\32155v5ruz9c9.exe
c:\windows\32335ir9z11e.dll
c:\windows\326bac5do9r3140z.exe
c:\windows\32977notza-viru54c9.exe
c:\windows\3512zpy95b.cpl
c:\windows\3524tr591dz.cpl
c:\windows\353ethz5980.exe
c:\windows\354adownloa9er1162z.cpl
c:\windows\35absp5waze1968.ocx
c:\windows\36c3sp9rsz530.dll
c:\windows\3796backdozr5720.bin
c:\windows\3846z5oj9c3.dll
c:\windows\38505ackt9olz0a.dll
c:\windows\39394virus15z.cpl
c:\windows\39536hac5tool773z.exe
c:\windows\39z3b5ckdoor20549.ocx
c:\windows\3a8adow5l9ader281z.bin
c:\windows\3a9dthie53929z.ocx
c:\windows\3bdz9p5rse115.exe
c:\windows\3bf4zhr5at4591.dll
c:\windows\3bz8b9ckdoor2578.dll
c:\windows\3c62tzief5494.cpl
c:\windows\3c90viz5555.cpl
c:\windows\3df7downl95zer2228.bin
c:\windows\3dz7steal19585.bin
c:\windows\3z3645ro9583.ocx
c:\windows\4011s9z4eb5.dll
c:\windows\40e45tezl459.bin
c:\windows\4154thz9f2815.cpl
c:\windows\41zdbackdoo91125.bin
c:\windows\42869acz5ool555.exe
c:\windows\4372thrz5t24292.bin
c:\windows\4492ztea955.exe
c:\windows\45d1spa9se1z56.exe
c:\windows\45zespyw9re554.exe
c:\windows\45zfs9arse1563.ocx

c:\windows\46795pz1f.ocx
c:\windows\4756not-a-vzr955ed.ocx
c:\windows\4791addwa5e1z98.exe
c:\windows\4904tzoj541.cpl
c:\windows\4b6vir2955z.cpl
c:\windows\4d5cspyzar955.exe
c:\windows\4d92backdoor15z5.bin
c:\windows\4ec4ad5z9re2553.cpl
c:\windows\4zdathr5at19363.exe
c:\windows\5050z9ief1607.ocx
c:\windows\50z3threa956653.ocx
c:\windows\50zbackd5or24859.ocx
c:\windows\5119worm539z.exe
c:\windows\5141vi5us3z39.exe
c:\windows\51441notza-virus52d9.ocx
c:\windows\515s59mbot71z.bin
c:\windows\51918virzs3359.dll
c:\windows\521ezpar9e2399.ocx
c:\windows\52207spz6b9.ocx
c:\windows\5255ztroj9bc.exe
c:\windows\526faddwaze2189.bin
c:\windows\52afback5o9rz91.dll
c:\windows\530z9ot5a-virus85.cpl
c:\windows\53d0addzare987.bin
c:\windows\54245pa9ze2038.bin
c:\windows\54dzthre9t14531.ocx
c:\windows\55055spy5z89.bin
c:\windows\5525sz59bot577.exe
c:\windows\5579zp9496.cpl
c:\windows\55999zacktool5ad.dll
c:\windows\55efvi989z.dll
c:\windows\561zvirus955.dll
c:\windows\569dthrezt91989.ocx
c:\windows\56e5spy9arez9395.dll
c:\windows\574virus55z9.exe
c:\windows\5757baczdoor2953.dll
c:\windows\57bcthie924z1.bin
c:\windows\5859downlozder1949.exe
c:\windows\585dspyw9re1148z.exe
c:\windows\58761zacktool94f.cpl
c:\windows\58c85h9eat27430z.dll
c:\windows\58ddsp9wzr51711.ocx
c:\windows\594athzef905.dll
c:\windows\5980v5rz676.ocx
c:\windows\5984stezl27599.dll
c:\windows\5a7czhrea920455.cpl
c:\windows\5aa8v9r2895z.exe
c:\windows\5ac7thr9atz225.exe
c:\windows\5b5bazdw9re1754.cpl
c:\windows\5b9zhief4959.exe
c:\windows\5bd4dow5lzade92689.dll
c:\windows\5c009pywzre1445.dll
c:\windows\5c9bz9dware316.dll
c:\windows\5d59stealz092.dll
c:\windows\5d94downl9azer1935.exe
c:\windows\5e5aszar9e2863.cpl
c:\windows\5e89zwnloader767.bin
c:\windows\5fe095ief195z.ocx
c:\windows\5feeb5ckdoz9432.cpl
c:\windows\5z1virus8e9.ocx
c:\windows\5z2995dware573.cpl
c:\windows\5z8f95ief180.bin
c:\windows\5z90a59ware2032.cpl
c:\windows\5zbf9teal2116.exe
c:\windows\5zbs9yware2498.exe
c:\windows\60935hie92z59.ocx
c:\windows\60bdthr5az7459.bin
c:\windows\61795ackdoorz51.cpl
c:\windows\617e5hz9f592.exe
c:\windows\6415not-a-v9rus2z8.exe
c:\windows\6589stza93009.bin
c:\windows\6596spy5ze.bin
c:\windows\65e4t9reaz7686.exe
c:\windows\661zspy6529.exe
c:\windows\66f2downlzad9r5129.ocx
c:\windows\66f5sp9r5e2z81.bin
c:\windows\6783zhreat88595.cpl
c:\windows\6868st9alz757.ocx
c:\windows\6895zroj988.ocx
c:\windows\695es5eal1395z.ocx
c:\windows\6995bazkdoor2446.bin
c:\windows\69azback59or2851.cpl
c:\windows\6a27back95orz67.dll
c:\windows\6a52add9aze1575.bin
c:\windows\6bfddow95oader108z.dll
c:\windows\6ed9adzware5421.bin
c:\windows\6z74th9eat2759.exe
c:\windows\6z795pyware2877.dll
c:\windows\711spazs975.bin
c:\windows\7145noz-a-virus950.dll
c:\windows\7145zot-a-viru9d.ocx
c:\windows\7151downlozder59.exe
c:\windows\7215adz9are2453.dll
c:\windows\727bthzef509.cpl
c:\windows\72f9d5wnz9ader337.ocx
c:\windows\730fszar5e2396.exe
c:\windows\74aev9r2z285.dll
c:\windows\7506szyware2259.bin
c:\windows\755a9dware5999z.exe
c:\windows\755e5ownload9r19z0.bin
c:\windows\7570thrzat32957.ocx
c:\windows\759astezl3205.ocx
c:\windows\75z4h9ckt5ol19c.ocx
c:\windows\76725ormz98.cpl
c:\windows\769dd5wnzoader865.cpl
c:\windows\77a2s59zare1231.ocx
c:\windows\7915zpars93223.bin
c:\windows\792fsp5rz9452.bin
c:\windows\793zworm5865.ocx
c:\windows\794cadd5are32z59.dll
c:\windows\79509zy3bc.cpl
c:\windows\7951vzr1942.cpl
c:\windows\79595z95e9.bin
c:\windows\795bsp9rsz5751.bin
c:\windows\795bv5rz605.exe
c:\windows\798fvzr9405.dll
c:\windows\798z5hreat12460.exe
c:\windows\79d8a5dzare9238.bin
c:\windows\7ab6zackdo9r535.ocx
c:\windows\7c09ba5kdzor4439.dll
c:\windows\7ccb9ackzoor1785.exe
c:\windows\7cccdzwnlo9der585.bin
c:\windows\7d6asp59se266z.exe
c:\windows\7d8cvirz759.dll
c:\windows\7z725hre9t535.exe
c:\windows\7zc9spyware10495.bin
c:\windows\7zebadd9are1035.cpl
c:\windows\807spywaz5719.ocx
c:\windows\8950not-a-zirus745.dll
c:\windows\90570t5oj35z.cpl
c:\windows\91328not-azvi5us3e3.exe
c:\windows\913z3vi5us5d9.cpl
c:\windows\91b5ackdozr2921.bin
c:\windows\92b9s5zware1287.cpl
c:\windows\93469tro545z.dll
c:\windows\9365spamzo558f.exe
c:\windows\937bth5efz39.exe
c:\windows\93z6th5eat8678.cpl
c:\windows\9407hzc9tool6b05.ocx
c:\windows\9411notz5-virus261.exe
c:\windows\94169rojz5c5.ocx
c:\windows\94355zacktool42e.bin
c:\windows\94586za5ktool563.cpl
c:\windows\9555ztroj67b.dll
c:\windows\9574noz-a9virus3ce.bin
c:\windows\95865zacktool138.exe
c:\windows\9589steal396z.exe
c:\windows\95dd9wnlzader17.cpl
c:\windows\95z8vir9s755.bin
c:\windows\9676wo5m1fz.ocx
c:\windows\9696sz5mbot68.ocx
c:\windows\972cbazkdoor1965.ocx
c:\windows\9753steal30z.cpl
c:\windows\97591not-a5virzs511.exe
c:\windows\97z4downloader5366.cpl
c:\windows\97z5vir957.cpl
c:\windows\97z99spambot5ab.dll
c:\windows\9959tzoj545.cpl
c:\windows\9acz5ir1164.dll
c:\windows\9b9thzef1945.ocx
c:\windows\9ccezteal1785.bin
c:\windows\9z041vi5us1df.ocx
c:\windows\9z7espyware30755.exe
c:\windows\9z8thre5925139.bin
c:\windows\abczte5l359.dll
c:\windows\aff5ackdozr19349.bin
c:\windows\b9zv5r3177.exe
c:\windows\c15addwar92094z.cpl
c:\windows\e1z5hief17519.cpl
c:\windows\f6bvi9z556.cpl
c:\windows\fbs9azs52715.bin
c:\windows\kb913800.exe
c:\windows\system32\10045not-a-vi5us9dbz.exe
c:\windows\system32\105359irzs19d.cpl
c:\windows\system32\105bdowzloa9er2253.dll
c:\windows\system32\1077stza52589.exe
c:\windows\system32\10799vzrus2a5.dll
c:\windows\system32\10955szy792.bin
c:\windows\system32\1099hac9tool5bez.bin
c:\windows\system32\10afzp59are2290.dll
c:\windows\system32\11370ha9ktzol556.bin
c:\windows\system32\117zste952824.exe
c:\windows\system32\11z58not-9-virus14c.cpl
c:\windows\system32\12026wor9za5.ocx
c:\windows\system32\12583not-a9viruz423.bin
c:\windows\system32\1272spa5bot49z.dll
c:\windows\system32\13799zro5218.exe
c:\windows\system32\13853wozm3a59.dll
c:\windows\system32\1401z9pyd5.ocx
c:\windows\system32\140cthzef9538.ocx
c:\windows\system32\1412vi5u9z6f.ocx
c:\windows\system32\14557troz69c5.ocx
c:\windows\system32\146019ir5s655z.dll
c:\windows\system32\1486s5zmb9t37.ocx
c:\windows\system32\15290not-azvirus4ad.bin
c:\windows\system32\15316zirus359.exe
c:\windows\system32\1539spazse189.bin
c:\windows\system32\15420hackz95l7e.cpl
c:\windows\system32\15529woz9788.bin
c:\windows\system32\15541tr59z1e.dll
c:\windows\system32\15546trojz9.dll
c:\windows\system32\156z6h9cktool389.cpl
c:\windows\system32\1583hacktzol3a59.bin
c:\windows\system32\1588vz59243.exe
c:\windows\system32\15acspyza5e24609.bin
c:\windows\system32\15b9spyzare5290.bin
c:\windows\system32\15dsparze2549.ocx
c:\windows\system32\15vir954z.bin
c:\windows\system32\16057s9y5zc.bin
c:\windows\system32\16850viruz489.exe
c:\windows\system32\17124zpambot4589.dll
c:\windows\system32\17329wo5m96ez.dll
c:\windows\system32\173z9hacktoo96295.ocx
c:\windows\system32\174579zamb5teb.exe
c:\windows\system32\175dsteal2z9.cpl
c:\windows\system32\185bzpar9e138.cpl
c:\windows\system32\187259roz1b1.cpl
c:\windows\system32\18b3b9ckdoorz155.bin
c:\windows\system32\18z03spambo52db9.cpl
c:\windows\system32\191559orm1e6z.ocx
c:\windows\system32\19518zorm40e.ocx
c:\windows\system32\19550wozm586.bin
c:\windows\system32\19775spam95t2za.bin
c:\windows\system32\19841not-a-9irus58z.exe
c:\windows\system32\19z239acktool33e5.ocx
c:\windows\system32\19z28spambot1295.cpl
c:\windows\system32\19zc5hr9at11367.exe
c:\windows\system32\1a9bdownlz5der2460.cpl
c:\windows\system32\1ab25pa9se19z2.exe
c:\windows\system32\1c859ownlza5er574.ocx
c:\windows\system32\1d95spzware1960.dll
c:\windows\system32\1z107not-a-59rus622.bin
c:\windows\system32\1z2d9wnloader15935.exe
c:\windows\system32\1z617vi9us457.dll
c:\windows\system32\1z9dvir2514.bin
c:\windows\system32\1za2spa9se13995.bin
c:\windows\system32\20511hzcktoo9530.ocx
c:\windows\system32\205509ormz8d.ocx
c:\windows\system32\2066s5yware25z99.exe
c:\windows\system32\20z5995rm5e1.bin
c:\windows\system32\21412hzckto5l956.bin
c:\windows\system32\21523t9z56b8.dll
c:\windows\system32\2163ad5wa9e3250z.cpl
c:\windows\system32\2174szy3559.ocx
c:\windows\system32\21f6szyware4159.dll
c:\windows\system32\21z475orm96.dll
c:\windows\system32\22092virus4f5z.exe
c:\windows\system32\220zthi5f997.cpl
c:\windows\system32\22983ha5ktool6z5.cpl
c:\windows\system32\229cspyzar91556.exe
c:\windows\system32\233355a9kzool2b5.exe
c:\windows\system32\23820spyzb59.exe
c:\windows\system32\23968wo5m7zc.exe
c:\windows\system32\23973virusz529.exe
c:\windows\system32\239fthr5zt16153.ocx
c:\windows\system32\23d8addwz953187.cpl
c:\windows\system32\23e49iz5081.bin
c:\windows\system32\24059wozm954.dll
c:\windows\system32\247z1viru53379.ocx
c:\windows\system32\24910not-az5irus648.exe
c:\windows\system32\2493t5ief6z6.exe
c:\windows\system32\24b9th5zf9570.cpl
c:\windows\system32\24d3s9eal1z65.dll
c:\windows\system32\2508addware295z.dll
c:\windows\system32\25239wzrm2c59.dll
c:\windows\system32\25500wzrm439.ocx
c:\windows\system32\25703spz9bot319.bin
c:\windows\system32\25992not-a-vzrus5459.bin
c:\windows\system32\25998sp5z7d9.exe
c:\windows\system32\25b5sparsz9795.exe
c:\windows\system32\2627no5-azvirus539.exe
c:\windows\system32\263259i5uszfd.bin
c:\windows\system32\26579hacktool7z9.bin
c:\windows\system32\27441ha9k5zol14a.ocx
c:\windows\system32\27859ir245z.ocx
c:\windows\system32\27878n5z-a-virus91f.cpl
c:\windows\system32\278a9iz975.bin
c:\windows\system32\284125iruz9a.cpl
c:\windows\system32\28575zpy559.ocx
c:\windows\system32\2869z5a9ktool3d8.ocx
c:\windows\system32\287679orm45z.cpl
c:\windows\system32\290aba5kdozr740.cpl
c:\windows\system32\2911h5c9tool76z.dll
c:\windows\system32\2925ztroj955.exe
c:\windows\system32\292ddownl5adez490.cpl
c:\windows\system32\29383zor5cb.ocx
c:\windows\system32\29497tro51f1z.cpl
c:\windows\system32\29588hackt95l2ccz.cpl
c:\windows\system32\29728spamboz295.cpl
c:\windows\system32\297bs5y9arz1059.ocx
c:\windows\system32\29881notza-viru959b5.ocx
c:\windows\system32\29948s5azbot492.ocx
c:\windows\system32\29a5sparze1496.ocx
c:\windows\system32\2aa7dzwnloader94535.cpl
c:\windows\system32\2b4cs59alz146.exe
c:\windows\system32\2b9dthzeat5834.bin
c:\windows\system32\2c50doz59oader2443.bin
c:\windows\system32\2c61thi9fz152.dll
c:\windows\system32\2d9fa9d5are32z9.exe
c:\windows\system32\2fa8vi92z385.exe
c:\windows\system32\2z147spy59d.exe
c:\windows\system32\2z245vir9s4c1.dll
c:\windows\system32\2z3ast5al2989.dll
c:\windows\system32\2z409wor965d.exe
c:\windows\system32\2z599worm31b.exe
c:\windows\system32\2zeath9ef9885.ocx
c:\windows\system32\3025spamb5t290z.dll
c:\windows\system32\3062295yzd2.bin
c:\windows\system32\312559zeat28037.cpl
c:\windows\system32\31297sp951z.dll
c:\windows\system32\3134zir59436.exe
c:\windows\system32\313cdownloa5er3930z.cpl
c:\windows\system32\3195spzmbo925f.bin
c:\windows\system32\32179ack5ool6za.bin
c:\windows\system32\32553sp5zbo9508.exe
c:\windows\system32\3259zpy7bf.dll
c:\windows\system32\3292bzckdoo51366.ocx
c:\windows\system32\32bz5ddware29.ocx
c:\windows\system32\33zcvir5999.bin
c:\windows\system32\35629trzj6c2.dll
c:\windows\system32\3589dzwnl5ade91353.cpl
c:\windows\system32\36d55pars92464z.cpl
c:\windows\system32\3753do5nloade9232z.ocx
c:\windows\system32\375ddown9ozder2837.dll
c:\windows\system32\377dspzr5e18659.cpl
c:\windows\system32\3796sparse15z7.cpl
c:\windows\system32\3954downl9adzr1445.bin
c:\windows\system32\3967spy4d5z.ocx
c:\windows\system32\3a5db9ckdooz1759.ocx
c:\windows\system32\3a99steal31z25.dll
c:\windows\system32\3b9ba9dware85z.bin
c:\windows\system32\3c19t5rzat6972.dll
c:\windows\system32\3f1thzeat5952.dll
c:\windows\system32\3z015hack9ool6d5.exe
c:\windows\system32\3z3a9pywar52883.ocx
c:\windows\system32\3z553wor52aa9.bin
c:\windows\system32\3z79spyware715.exe
c:\windows\system32\3z7fth5e91028.ocx
c:\windows\system32\3z875ownload9r1975.exe
c:\windows\system32\404a5dzware16529.ocx
c:\windows\system32\40f29hizf29255.dll
c:\windows\system32\41ad9ackdoorz57.cpl
c:\windows\system32\41fesparz925.exe
c:\windows\system32\43zf59yware167.ocx
c:\windows\system32\458fdownloade9z689.dll
c:\windows\system32\45a3stz591695.dll
c:\windows\system32\46f0downz95der1916.ocx
c:\windows\system32\48z5backdoor2389.ocx
c:\windows\system32\4905tr5j59z.bin
c:\windows\system32\495zvir1347.ocx
c:\windows\system32\4989virus3e5z.dll
c:\windows\system32\499fdownlozde5470.cpl
c:\windows\system32\49b5th5e9t1z07.cpl
c:\windows\system32\49f6z5ckdoor2796.bin
c:\windows\system32\4e12zpy9are5646.cpl
c:\windows\system32\4e52s9yza5e2977.exe
c:\windows\system32\4f57z9i5f2494.dll
c:\windows\system32\4f91backdo5z1917.bin
c:\windows\system32\4z95spa9se2272.dll
c:\windows\system32\4za2backd9or27455.exe
c:\windows\system32\505fbz9kdoor2019.cpl
c:\windows\system32\5083t9ie5156z.ocx
c:\windows\system32\5095haz9too5747.exe
c:\windows\system32\50b8s9zal1686.dll
c:\windows\system32\518zvi53799.bin
c:\windows\system32\51cth5ef1489z.bin
c:\windows\system32\51fszarse1975.bin
c:\windows\system32\5205spy192z.bin
c:\windows\system32\520fspars92z70.ocx
c:\windows\system32\5237zorm6c9.bin
c:\windows\system32\5255vi95z.ocx
c:\windows\system32\525cv9z85.ocx
c:\windows\system32\52702virus2f9z.exe
c:\windows\system32\529hz5f3259.bin
c:\windows\system32\53vir925z.exe
c:\windows\system32\54z7vir9181.dll
c:\windows\system32\5523backdo9r1z39.exe
c:\windows\system32\55360hazkto9l736.bin
c:\windows\system32\555fthief980z.exe
c:\windows\system32\5579vzr1969.ocx
c:\windows\system32\55945spy9zf.exe
c:\windows\system32\5599v9rus750z.cpl
c:\windows\system32\559bzhreat11165.ocx
c:\windows\system32\55z8s9a5se1691.ocx
c:\windows\system32\56259ddwzre2149.dll
c:\windows\system32\56772v9ruz383.dll
c:\windows\system32\5691t95efz153.ocx
c:\windows\system32\56z9thief1995.bin
c:\windows\system32\57241troj9bcz.cpl
c:\windows\system32\5770s9yza5e3081.exe
c:\windows\system32\578baczdoor9255.cpl
c:\windows\system32\584fs9yw5re299z.cpl
c:\windows\system32\5928thzea915518.exe
c:\windows\system32\5934zspy446.bin
c:\windows\system32\5959trojz259.ocx
c:\windows\system32\597bsparsz9519.exe
c:\windows\system32\598fthi5z1863.cpl
c:\windows\system32\5a9b5iz719.bin
c:\windows\system32\5aedzackdoor28895.ocx
c:\windows\system32\5b51v59z01.dll
c:\windows\system32\5b55thiez28389.exe

c:\windows\system32\5c109zief11835.dll
c:\windows\system32\5ca9add9aze1358.cpl
c:\windows\system32\5cbdbackd9zr178.exe
c:\windows\system32\5d85szars9875.cpl
c:\windows\system32\5d93thzef1189.cpl
c:\windows\system32\5defzackdo9r279.ocx
c:\windows\system32\5e4ad5za9e2091.bin
c:\windows\system32\5fbdvzr997.ocx
c:\windows\system32\5ff5addw9re185z.dll
c:\windows\system32\5fftzief1179.bin
c:\windows\system32\5z86v5rus54d9.bin
c:\windows\system32\5zbaspars91472.dll
c:\windows\system32\5zc9backdoor31485.dll
c:\windows\system32\5zfe5pyware3099.exe
c:\windows\system32\6179downlo5derz055.bin
c:\windows\system32\6219pz5f1.exe
c:\windows\system32\6237b5ck9zor2735.cpl
c:\windows\system32\6531a9dw5ze1888.ocx
c:\windows\system32\653bspywz9e651.bin
c:\windows\system32\65b5b9ckdozr2930.bin
c:\windows\system32\664fzhreat25097.bin
c:\windows\system32\6653spywarez895.cpl
c:\windows\system32\6685threa92351z.bin
c:\windows\system32\690b5ckdoor15z5.ocx
c:\windows\system32\6a5backdo5r123z9.exe
c:\windows\system32\6a9zthr95t26961.bin
c:\windows\system32\6bz759ckdoor2835.cpl
c:\windows\system32\6d4zspyware19735.exe
c:\windows\system32\6e17addwa951z75.bin
c:\windows\system32\6e1zspyware9555.bin
c:\windows\system32\6e67sp95zre1913.cpl
c:\windows\system32\6e90thr9at5z91.dll
c:\windows\system32\710edownlzade53196.cpl
c:\windows\system32\715t95j1c2z.dll
c:\windows\system32\727b9hzef2951.cpl
c:\windows\system32\72e8s9azse3259.bin
c:\windows\system32\73f0backdoz926935.cpl
c:\windows\system32\7523tr9j33cz.cpl
c:\windows\system32\755zt5ief139.bin
c:\windows\system32\757zspywar922575.dll
c:\windows\system32\7595zhief640.ocx
c:\windows\system32\75zfthr5at23995.ocx
c:\windows\system32\7695zor95de.ocx
c:\windows\system32\769zvir2258.ocx
c:\windows\system32\77f9zteal529.ocx
c:\windows\system32\789azir15059.bin
c:\windows\system32\7955b9ck5oor2783z.cpl
c:\windows\system32\7b94bzckdo952501.exe
c:\windows\system32\7cd1thr5atz983.cpl
c:\windows\system32\7d80spzware595.exe
c:\windows\system32\7de7spy9are35z3.cpl
c:\windows\system32\7e19downloazer2956.dll
c:\windows\system32\7f9zdownloa5er9105.exe
c:\windows\system32\7z3e9i51224.exe
c:\windows\system32\7z95spyw5r9363.ocx
c:\windows\system32\84419acktool5zb.ocx
c:\windows\system32\855spars91079z.ocx
c:\windows\system32\89espa5ze71.dll
c:\windows\system32\8e4zteal51469.dll
c:\windows\system32\8edt9re5t2z844.bin
c:\windows\system32\9053hacktool5a2z.cpl
c:\windows\system32\90965ozm76.ocx
c:\windows\system32\91480virzs3c15.exe
c:\windows\system32\914spyz5re9085.exe
c:\windows\system32\92038zroj5b85.exe
c:\windows\system32\92572z5rus73a.bin
c:\windows\system32\92574not5z-virus365.cpl
c:\windows\system32\9335ddzare2927.exe
c:\windows\system32\93445worz514.exe
c:\windows\system32\9393not-a-virus5f9z.ocx
c:\windows\system32\94300spazbot1aa5.ocx
c:\windows\system32\9583szambot1795.dll
c:\windows\system32\9594zteal2112.dll
c:\windows\system32\95zcthief19905.bin
c:\windows\system32\96267spambo52ez.ocx
c:\windows\system32\9690threa51905z.exe
c:\windows\system32\9723not-z-viru596d.cpl
c:\windows\system32\973z0troj25f5.dll
c:\windows\system32\97550spy761z.bin
c:\windows\system32\9789not-a-viruz425.bin
c:\windows\system32\97e8stezl534.dll
c:\windows\system32\9829nzt-a-95rus59.exe
c:\windows\system32\9853wo9m69fz.cpl
c:\windows\system32\9962ha5ktooz47e9.dll
c:\windows\system32\9cbspa5ze449.cpl
c:\windows\system32\9d4downloazer1951.bin
c:\windows\system32\9dz5spyware2026.ocx
c:\windows\system32\9e94stzal658.bin
c:\windows\system32\9z534hac5tool7c9.bin
c:\windows\system32\9z742spy7e15.cpl
c:\windows\system32\e90zhr59t8739.cpl
c:\windows\system32\e98szyware2541.exe
c:\windows\system32\f55tzief15995.cpl
c:\windows\system32\setup2.exe
c:\windows\system32\z1507worm9d5.cpl
c:\windows\system32\z191steal1559.cpl
c:\windows\system32\z265259ambot2f5.bin
c:\windows\system32\z2ebackdoor29155.exe
c:\windows\system32\z3755worm7c9.dll
c:\windows\system32\z42t5ief2996.dll
c:\windows\system32\z4599ackdo5r3015.dll
c:\windows\system32\z528addwar52049.cpl
c:\windows\system32\z5926tro5311.dll
c:\windows\system32\z66spy9are30565.dll
c:\windows\system32\z705backdoo91589.ocx
c:\windows\system32\z755spyware21169.dll
c:\windows\system32\z77f5hi9f224.bin
c:\windows\system32\z8550wor53099.bin
c:\windows\system32\z89b5ckdoor409.dll
c:\windows\system32\z936tr9j592.ocx
c:\windows\system32\z992sp5mbot26e.dll
c:\windows\system32\z9d5threat24598.bin
c:\windows\system32\zb29spa5se2722.ocx
c:\windows\system32\zb34st95l2149.bin
c:\windows\system32\zd5stea9539.bin
c:\windows\system32\zda9steal11425.exe
c:\windows\system32\zdccad95are430.ocx
c:\windows\system32\zdd35pywa9e1871.ocx
c:\windows\z099v5r3258.ocx
c:\windows\z1605tro91cc.bin
c:\windows\z19cbackd5or3197.cpl
c:\windows\z1b2threa55995.dll
c:\windows\z243threat199455.bin
c:\windows\z2579tro9146.exe
c:\windows\z25ca9dware2280.cpl
c:\windows\z2a1spyware9521.bin
c:\windows\z3952t5oj96e.ocx
c:\windows\z43edown5oader2991.bin
c:\windows\z49ft9rea519285.exe
c:\windows\z4dasparse5549.cpl
c:\windows\z514tro948d.dll
c:\windows\z51fspy9are2337.ocx
c:\windows\z529vir984.ocx
c:\windows\z54519pam5ot5f3.ocx
c:\windows\z6910ha5k9ool658.exe
c:\windows\z905vi5us1cf.exe
c:\windows\z925vi5140.cpl
c:\windows\z9513s9ambot145.exe
c:\windows\z983w9rm4d45.bin
c:\windows\z9970spy3b59.cpl
c:\windows\zaf5bac59oor1494.exe
c:\windows\zbc7thief2259.ocx
c:\windows\zc0s5arse2914.ocx
c:\windows\zf1as5eal2091.bin
c:\windows\zfb5vir19169.dll

.
((((((((((((((((((((((((( Files Created from 2009-05-24 to 2009-06-24 )))))))))))))))))))))))))))))))
.

2009-06-23 20:12 . 2009-06-23 20:12 293 ----a-w- C:\MGlogs.zip
2009-06-23 20:12 . 2009-06-23 20:13 -------- d-----w- C:\MGtools
2009-06-22 20:16 . 2009-06-22 20:16 -------- d-----w- c:\documents and settings\Kordic\Application Data\Malwarebytes
2009-06-22 14:26 . 2009-06-22 14:26 -------- d-----w- c:\documents and settings\Kordic\Application Data\Winamp
2009-06-22 13:34 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-22 13:34 . 2009-06-22 13:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-22 13:34 . 2009-06-22 13:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-22 13:34 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-22 13:16 . 2009-06-22 13:16 -------- d-----w- c:\program files\Trend Micro
2009-06-22 13:16 . 2009-06-22 13:16 881976 ----a-w- C:\HJTInstall.exe
2009-06-22 12:56 . 2009-06-22 12:58 -------- d-----w- c:\documents and settings\Kordic\Application Data\GetRightToGo
2009-06-22 12:45 . 2009-06-22 12:45 -------- d-----w- c:\documents and settings\Kordic\Application Data\AVG7
2009-06-22 12:45 . 2009-06-22 12:45 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVG7
2009-06-22 12:45 . 2009-06-22 12:45 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-06-22 12:44 . 2009-06-22 17:23 -------- d-----w- c:\documents and settings\All Users\Application Data\avg7
2009-06-22 12:08 . 2008-03-03 16:21 568 ---ha-w- c:\windows\nod32fixtemdono.reg
2009-06-22 12:08 . 2008-03-03 12:25 5702 ---ha-w- c:\windows\nod32restoretemdono.reg
2009-06-22 12:05 . 2009-06-22 12:05 -------- d-----w- c:\program files\ESET
2009-06-22 06:15 . 2009-06-22 06:15 -------- d-----w- c:\documents and settings\Kordic\Application Data\Agnitum
2009-06-21 19:56 . 2009-06-22 12:05 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-06-18 10:59 . 2009-06-18 10:59 -------- d--h--w- c:\windows\system32\GroupPolicy
2009-06-18 10:49 . 2009-06-18 13:48 -------- d-----w- c:\documents and settings\Kordic\Local Settings\Application Data\Microsoft
2009-06-18 10:46 . 2009-06-18 10:46 -------- d-----w- c:\documents and settings\Kordic\Local Settings\Application Data\Identities
2009-06-18 10:45 . 2009-06-18 10:45 -------- d-----w- c:\documents and settings\Kordic\Bluetooth Software
2009-06-18 10:45 . 2009-06-18 10:45 -------- d-----w- c:\documents and settings\Kordic\Contacts
2009-06-18 10:45 . 2009-06-24 17:07 -------- d-s---w- c:\windows\Cookies
2009-06-18 10:45 . 2009-06-22 12:56 -------- d-----w- c:\documents and settings\Kordic
2009-06-17 18:32 . 2008-09-04 19:17 447752 ----a-w- c:\windows\system32\vp6vfw.dll
2009-06-17 18:32 . 2009-06-17 18:32 -------- d-----w- c:\program files\Microsoft WSE
2009-06-17 14:46 . 2009-06-17 14:46 -------- d-----w- c:\program files\PowerISO
2009-06-17 14:39 . 2009-06-17 14:39 685816 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-06-17 14:28 . 2009-06-17 14:28 51200 ----a-w- c:\windows\system32\lspcfm.dll
2009-06-17 14:02 . 2009-06-17 14:02 -------- d-----w- c:\program files\7-Zip
2009-06-17 13:52 . 2009-06-17 13:52 -------- d-----w- C:\hjsplit
2009-06-16 12:59 . 2003-11-04 13:10 69632 ----a-w- c:\windows\system32\lfgif13n.dll
2009-06-16 12:59 . 2004-05-14 14:53 462848 ----a-w- c:\windows\system32\ltkrn13n.dll
2009-06-16 12:59 . 2004-05-14 14:53 450560 ----a-w- c:\windows\system32\ltimg13n.dll
2009-06-16 12:59 . 2004-05-14 14:53 299008 ----a-w- c:\windows\system32\ltdis13n.dll
2009-06-16 12:59 . 2004-05-14 14:53 163840 ----a-w- c:\windows\system32\ltfil13n.dll
2009-06-16 12:59 . 2004-05-14 14:53 57344 ----a-w- c:\windows\system32\lfbmp13n.dll
2009-06-16 12:59 . 2004-05-14 14:53 401408 ----a-w- c:\windows\system32\lfcmp13n.dll
2009-06-16 12:59 . 2004-01-12 00:09 206336 ----a-w- c:\windows\system32\ltefx13n.dll
2009-06-14 21:12 . 2009-06-22 13:33 -------- d-----w- c:\program files\DNA
2009-06-14 21:12 . 2009-06-14 21:12 -------- d-----w- c:\program files\AskSearch
2009-06-04 12:27 . 2009-06-04 12:27 -------- d-----w- c:\program files\Google
2009-06-02 12:12 . 2004-07-14 10:54 676864 ----a-w- c:\windows\system32\drivers\hardlock.sys
2009-06-02 12:12 . 2009-06-02 12:12 6656 ----a-w- c:\windows\system32\haspvdd.dll
2009-06-02 12:12 . 2009-06-02 12:12 47616 ----a-w- c:\windows\system32\drivers\Haspnt.sys
2009-06-02 12:12 . 2009-06-02 12:12 383 ----a-w- c:\windows\system32\haspdos.sys
2009-06-02 12:12 . 2009-06-02 15:56 67712 ----a-w- c:\windows\system32\drivers\hl_mull.sys
2009-06-02 12:12 . 2009-06-02 15:56 57344 ----a-w- c:\windows\system32\drivers\wdreg.exe
2009-06-02 12:03 . 2009-06-02 12:24 -------- d-----w- c:\program files\AutoCAD 2005
2009-05-31 20:33 . 2009-05-31 20:33 -------- d-----w- c:\windows\system32\NtmsData
2009-05-30 22:28 . 2009-06-22 12:57 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-05-27 16:20 . 2009-05-27 16:20 -------- d-----w- c:\program files\Opera
2009-05-26 11:46 . 2009-05-26 11:46 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-05-26 11:37 . 2009-05-26 11:37 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-05-26 11:37 . 2009-05-26 11:37 -------- d-----w- c:\program files\NOS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-23 20:27 . 2009-05-15 11:12 -------- d-----w- c:\program files\DC++
2009-06-18 13:47 . 2008-06-25 13:36 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-18 08:15 . 2008-06-25 13:16 -------- d-----w- c:\program files\Windows Media Connect 2
2009-06-06 12:43 . 2009-04-29 16:10 -------- d-----w- c:\program files\OpenSource AVI Splitter
2009-06-06 12:43 . 2009-05-01 14:05 -------- d-----w- c:\program files\Boilsoft Video Splitter
2009-06-02 12:24 . 2008-06-26 08:03 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2009-06-02 12:24 . 2008-06-26 08:06 -------- d-----w- c:\program files\AnswerWorks 4.0
2009-06-02 12:03 . 2008-06-26 08:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk
2009-05-21 09:57 . 2009-05-21 09:57 -------- d-----w- c:\program files\Agnitum
2009-05-12 23:25 . 2009-05-12 23:25 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-12 23:25 . 2009-05-12 23:25 -------- d-----w- c:\program files\Java
2009-05-12 22:55 . 2009-05-12 22:55 -------- d-----w- c:\program files\FileZilla FTP Client
2009-05-05 13:14 . 2009-05-05 13:14 -------- d-----w- c:\program files\MSN Messenger
2009-04-30 22:34 . 2009-04-30 22:34 0 ----a-w- c:\windows\nsreg.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 230960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 167936]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 946176]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-11-06 177456]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-12 308632]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-03-15 323584]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-04-01 110080]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 230960]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 1443072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2008-10-5 10872]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-6 634941]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ekrn"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AutoCAD 2007\\acad.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"c:\\Program Files\\Outlook Express\\wab.exe"=
"c:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe"=
"c:\\WINDOWS\\system32\\netsh.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe"=
"c:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\jusched.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Documents and Settings\\Kordic\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe"=
"c:\\Program Files\\WinRAR\\WinRAR.exe"=
"c:\\Program Files\\WIDCOMM\\Bluetooth Software\\BTTray.exe"=
"c:\\Documents and Settings\\Kordic\\Contacts\\svchost.exe"=
"c:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\ccc.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Lib\\NMIndexStoreSvr.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\Common Files\\Autodesk Shared\\Service\\AdskScSrv.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\FileZilla FTP Client\\filezilla.exe"=
"c:\\Program Files\\PowerISO\\PowerISO.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"=
"c:\\Program Files\\Winamp\\winampa.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=
"c:\documents and settings\Kordic\Contacts\svchost.exe"=

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [20.2.2008 11:11 33800]
R3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\pukmnn.sys --> c:\windows\system32\drivers\pukmnn.sys [?]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [26.5.2009 13:37 33176]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\MSN Messenger\usnsvc.exe [19.1.2007 12:54 166768]
S4 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [20.2.2008 11:08 472320]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.ba/
IE: I&zvoz u Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-24 19:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(880)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-06-24 19:17
ComboFix-quarantined-files.txt 2009-06-24 17:16

Pre-Run: 90.126.815.232 bytes free
Post-Run: 90.154.123.264 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5
915

I'm afraid I have bad news.

Your system is infected with a polymorphic file infector called Sality. Sality is capable of infecting all the machine's executable files (.exe) and screensaver files (.scr). However, the problem is that the virus has a number of bugs in its code, and as a result, it may misinfect a proportion of executable files and therefore, the files are corrupted beyond repair. As of now, security experts suggest that a format and clean install, or destructive recovery if you have an OEM recovery partition, is the best way to clean the infection and it is the best and safest way to return the machine to its normal working state.

Backup all your documents and important items (personal data, work documents, etc) only. DO NOT backup any executable files (softwares) and screensavers (*.scr). It attempts to infect any accessed .exe or .scr files by appending itself to the executable.

Do not back up to another machine, as it may become compromised. Burn to DVD/CD, or to an external drive which has nothing else on it, and which you can format should it happen to become infected from the backups.

For more information, please see Here

Instructions how to format and reinstall Windows can be found Here

That explains everything