ComboFix 08-01-23.1C - Nedeljko 2008-01-25 15:54:29.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.36.1033.18.665 [GMT 1:00]
Running from: J:\ComboFix.exe
 * Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\dopfwrlmgf.dll
C:\WINDOWS\rs.txt
C:\WINDOWS\search_res.txt
C:\WINDOWS\system32\lsprst7.dll
C:\WINDOWS\system32\nsprs.dll
C:\WINDOWS\system32\serauth1.dll
C:\WINDOWS\system32\serauth2.dll
C:\WINDOWS\system32\ssprs.dll

----- BITS: Possible infected sites -----

hxxp://onsafepro.com
hxxp://77.91.228.186
hxxp://softworldnetwork.com
hxxp://77.91.227.194
.
(((((((((((((((((((((((((   Files Created from 2007-12-25 to 2008-01-25  )))))))))))))))))))))))))))))))
.

2008-01-25 15:52 . 2000-08-31 08:00	51,200	--a------	C:\WINDOWS\Nircmd.exe
2008-01-25 15:21 . 2004-08-03 23:10	19,328	--a------	C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2008-01-25 15:21 . 2004-08-03 23:10	19,328	--a--c---	C:\WINDOWS\system32\dllcache\wstcodec.sys
2008-01-25 15:21 . 2004-08-04 00:56	16,384	--a------	C:\WINDOWS\system32\ipsink.ax
2008-01-25 15:21 . 2004-08-04 00:56	16,384	--a--c---	C:\WINDOWS\system32\dllcache\ipsink.ax
2008-01-25 15:21 . 2004-08-03 23:10	15,360	--a------	C:\WINDOWS\system32\drivers\StreamIP.sys
2008-01-25 15:21 . 2004-08-03 23:10	15,360	--a--c---	C:\WINDOWS\system32\dllcache\streamip.sys
2008-01-25 15:21 . 2004-08-03 23:10	11,136	--a------	C:\WINDOWS\system32\drivers\SLIP.sys
2008-01-25 15:21 . 2004-08-03 23:10	11,136	--a--c---	C:\WINDOWS\system32\dllcache\slip.sys
2008-01-25 15:21 . 2004-08-03 23:10	10,880	--a------	C:\WINDOWS\system32\drivers\NdisIP.sys
2008-01-25 15:21 . 2004-08-03 23:10	10,880	--a--c---	C:\WINDOWS\system32\dllcache\ndisip.sys
2008-01-25 15:20 . 2008-01-25 15:20	<DIR>	d--------	C:\Program Files\IVT Corporation
2008-01-25 14:01 . 2008-01-25 14:01	85	--a------	C:\WINDOWS\wininit.ini
2008-01-18 09:44 . 2008-01-18 07:24	196,608	--a------	C:\WINDOWS\aslpmqk.dll
2008-01-18 09:44 . 2008-01-18 07:24	90,112	--a------	C:\WINDOWS\fknxwqf.exe
2008-01-17 08:29 . 2008-01-17 08:29	<DIR>	d--------	C:\Program Files\Common Files\Adobe
2008-01-17 08:27 . 2008-01-17 08:27	44,520	--a------	C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2007-12-28 12:51 . 2008-01-24 12:06	116	--a------	C:\WINDOWS\NeroDigital.ini
2007-12-28 12:19 . 2007-12-28 12:19	1,158	--a------	C:\WINDOWS\mozver.dat
2007-12-27 14:36 . 2007-12-27 14:36	<DIR>	d--------	C:\Program Files\Alwil Software
2007-12-27 14:36 . 2007-12-04 14:04	837,496	--a------	C:\WINDOWS\system32\aswBoot.exe
2007-12-27 14:36 . 2004-01-09 10:13	380,928	--a------	C:\WINDOWS\system32\actskin4.ocx
2007-12-27 14:36 . 2007-12-04 13:54	95,608	--a------	C:\WINDOWS\system32\AvastSS.scr
2007-12-27 14:36 . 2007-12-04 15:55	94,544	--a------	C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-27 14:36 . 2007-12-04 15:56	93,264	--a------	C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-27 14:36 . 2007-12-04 15:51	42,912	--a------	C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-27 14:36 . 2007-12-04 15:49	26,624	--a------	C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-27 14:36 . 2007-12-04 15:53	23,152	--a------	C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-27 12:53 . 2006-05-10 12:15	1,929,216	--a------	C:\WINDOWS\system32\cdintf250.dll
2007-12-27 12:53 . 2007-12-27 12:53	1,024	--a------	C:\WINDOWS\system32\clauth2.dll
2007-12-27 12:53 . 2007-12-27 12:53	1,024	--a------	C:\WINDOWS\system32\clauth1.dll
2007-12-27 12:53 . 2007-12-30 17:24	14	--a------	C:\WINDOWS\system32\ssprs.tgz
2007-12-27 12:53 . 2007-12-27 12:53	0	--a------	C:\WINDOWS\system32\nsprs.tgz
2007-12-27 12:52 . 2007-12-30 17:25	<DIR>	d--------	C:\Program Files\SPSS Evaluation
2007-12-27 12:52 . 2007-12-27 12:52	1,025	--a------	C:\WINDOWS\system32\sysprs7.tgz
2007-12-27 12:52 . 2007-12-27 12:52	1,025	--a------	C:\WINDOWS\system32\sysprs7.dll
2007-12-27 12:52 . 2007-12-30 17:24	219	--a------	C:\WINDOWS\system32\lsprst7.tgz
2007-12-27 12:52 . 2007-12-30 17:26	16	---h-----	C:\WINDOWS\system32\servdat.slm
2007-12-27 12:44 . 2007-12-27 12:44	<DIR>	d--------	C:\Program Files\7 Wonders
2007-12-27 12:42 . 2007-12-27 12:42	<DIR>	d--------	C:\Program Files\A4Tech
2007-12-27 12:30 . 2007-12-27 12:31	<DIR>	d--------	C:\WINDOWS\system32\IOSUBSYS
2007-12-27 12:20 . 2007-12-27 12:20	<DIR>	d--------	C:\Program Files\Yahoo!
2007-12-27 12:19 . 2007-12-27 12:19	<DIR>	d--------	C:\WINDOWS\Downloaded Installations
2007-12-27 12:19 . 2007-12-27 12:19	<DIR>	d--------	C:\Program Files\Common Files\ACD Systems
2007-12-27 12:19 . 2007-12-27 12:19	<DIR>	d--------	C:\Program Files\ACD Systems
2007-12-27 12:19 . 2007-12-27 12:19	10,368	--a------	C:\WINDOWS\system32\drivers\pfc.sys
2007-12-27 12:18 . 2007-12-27 12:18	<DIR>	d--------	C:\Program Files\XviD
2007-12-27 12:18 . 2007-12-27 12:18	<DIR>	d--------	C:\Program Files\Mv2Player
2007-12-27 12:18 . 2007-12-27 12:18	<DIR>	d--------	C:\Program Files\ffdshow
2007-12-27 12:18 . 2007-12-27 12:18	<DIR>	d--------	C:\Program Files\AC3Filter
2007-12-27 12:18 . 2004-05-25 16:06	417,792	--a------	C:\WINDOWS\system32\ac3filter.cpl
2007-12-27 12:17 . 2007-12-27 12:17	<DIR>	d--------	C:\Program Files\DivX
2007-12-27 12:17 . 2007-12-27 12:17	1,890	--ahs----	C:\WINDOWS\system32\KGyGaAvL.sys
2007-12-27 12:17 . 2007-12-27 12:17	56	-r-hs----	C:\WINDOWS\system32\C7225167DF.sys
2007-12-27 12:15 . 2007-12-27 12:15	<DIR>	d--------	C:\Program Files\Nero
2007-12-27 12:15 . 2007-12-27 12:30	<DIR>	d--------	C:\Program Files\Common Files\Ahead
2007-12-27 12:14 . 2007-12-27 12:14	<DIR>	d--------	C:\Program Files\Real
2007-12-27 12:14 . 2007-12-27 12:14	<DIR>	d--------	C:\Program Files\Common Files\xing shared
2007-12-27 12:14 . 2007-12-27 12:14	<DIR>	d--------	C:\Program Files\Common Files\Real
2007-12-27 12:14 . 2007-12-27 12:14	25	--a------	C:\WINDOWS\cdplayer.ini
2007-12-27 12:13 . 2007-12-27 12:13	<DIR>	d--------	C:\Program Files\Winamp
2007-12-27 12:11 . 2007-12-31 16:13	<DIR>	d--------	C:\Program Files\TuneUp Utilities 2007
2007-12-27 12:11 . 2007-03-29 04:42	29,704	--a------	C:\WINDOWS\system32\uxtuneup.dll
2007-12-27 12:10 . 2007-12-27 12:10	<DIR>	d--------	C:\Program Files\Common Files\Wise Installation Wizard
2007-12-27 12:09 . 2007-12-27 12:09	<DIR>	d--------	C:\Program Files\FarStone
2007-12-27 12:09 . 2007-12-27 12:09	5,501	--a------	C:\WINDOWS\system32\rtclcmg32.dll
2007-12-27 12:07 . 2004-08-03 23:08	26,496	--a--c---	C:\WINDOWS\system32\dllcache\usbstor.sys
2007-12-27 12:03 . 2007-12-27 12:03	<DIR>	d--------	C:\Program Files\Alcohol Soft
2007-12-27 12:03 . 2004-04-30 09:37	160,640	--a------	C:\WINDOWS\system32\drivers\a347bus.sys
2007-12-27 12:03 . 2004-04-30 09:33	5,248	--a------	C:\WINDOWS\system32\drivers\a347scsi.sys
2007-12-27 12:01 . 2001-08-17 14:59	3,072	--a------	C:\WINDOWS\system32\drivers\audstub.sys
2007-12-27 12:00 . 2006-02-22 04:30	2,636,672	--a------	C:\WINDOWS\system32\ati3duag.dll
2007-12-27 12:00 . 2006-02-22 04:46	1,505,792	--a------	C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-12-27 12:00 . 2006-02-22 04:46	1,505,792	--a--c---	C:\WINDOWS\system32\dllcache\ati2mtag.sys
2007-12-27 12:00 . 2001-08-17 14:28	907,456	--a------	C:\WINDOWS\system32\drivers\HCF_MSFT.sys
2007-12-27 12:00 . 2004-08-04 01:56	870,784	--a------	C:\WINDOWS\system32\ati3d1ag.dll
2007-12-27 12:00 . 2006-02-22 04:24	860,480	--a------	C:\WINDOWS\system32\ativvaxx.dll
2007-12-27 12:00 . 2006-02-22 04:04	258,048	--a------	C:\WINDOWS\system32\ati2cqag.dll
2007-12-27 12:00 . 2006-02-22 04:46	256,512	--a------	C:\WINDOWS\system32\ati2dvag.dll
2007-12-27 12:00 . 2004-08-03 23:59	57,472	--a------	C:\WINDOWS\system32\drivers\redbook.sys
2007-12-27 12:00 . 2007-12-27 12:00	0	--a------	C:\WINDOWS\nsreg.dat

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-25 14:20	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2007-12-27 10:55	---------	d-----w	C:\Program Files\Microsoft ActiveSync
2007-12-27 10:54	---------	d-----w	C:\Program Files\Microsoft.NET
2007-12-27 10:47	---------	d-----w	C:\Program Files\Common Files\ATI Technologies
2007-12-27 10:45	---------	d-----w	C:\Program Files\Common Files\InstallShield
2007-12-27 10:45	---------	d-----w	C:\Program Files\ATI Technologies
2007-12-27 10:37	---------	d-----w	C:\Program Files\SiSoftware
2007-12-27 10:30	---------	d-----w	C:\Program Files\AMD
2007-12-27 10:17	---------	d--h--w	C:\Program Files\Uninstall Information
2007-12-27 10:12	---------	d-----w	C:\Program Files\microsoft frontpage
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88}
{A61CB172-B1D5-4D96-81BD-C2018E36191B}

[HKEY_CLASSES_ROOT\clsid\{a61cb172-b1d5-4d96-81bd-c2018e36191b}]
[HKEY_CLASSES_ROOT\egodktf.ToolBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{052DA8EA-57F8-423A-BCE4-905FC4FCAF82}]
[HKEY_CLASSES_ROOT\egodktf.ToolBar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-01 07:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 01:06 1667584]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-04 17:21 2089808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="C:\WINDOWS\system32\nvraidservice.exe" [2004-06-11 04:15 83968]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41 45056]
"VirtualDrive"="C:\Program Files\FarStone\VirtualDrive\vdtask.exe" [2002-03-21 13:31 204800]
"vcdplayx"="C:\WINDOWS\vcdplayx.exe" [2002-03-18 16:31 57344]
"iKeyWorks"="C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe" [2005-04-14 05:35 73728]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-27 12:14 180269]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"aslpmqk"= {6B2471A7-2811-4566-9AD7-BF2822D52FEE} - C:\WINDOWS\aslpmqk.dll [2008-01-18 07:24 196608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SoundMan"=SOUNDMAN.EXE
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe

R1 cdawdm;CDAWDM;C:\WINDOWS\system32\DRIVERS\CDAWDM.sys [2002-01-24 15:25]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-09-01 07:00]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp

*Newly Created Service* - PROCEXP90 
.
Contents of the 'Scheduled Tasks' folder
"2007-12-27 11:11:22 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-25 15:55:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully 
hidden files: 0 

**************************************************************************
.
Completion time: 2008-01-25 15:56:18
ComboFix-quarantined-files.txt  2008-01-25 14:55:58