Another Win32:Trojan-Gen

Hey guys

My avast recently picked up some Trojan-gens on the on access protection control. So I decided to do a full system scan and it has found a few more.

I also ran a spyware scan and found entries like “Microsoft security center.overide / disable” etc.

Anyway, it seems that my Windows Security Center has been disabled completely, and when I go to turn it back on it says “Windows Security Center can’t be started”. I tried turning the firewall back on manually but the turn on icon was grayed out.

Windows defender also deleted “SpySheriff” which I believe is a fake spyware program, however, I have not had any pop ups except from that of Avast On Protection Control.

I have attached my log file from today, displaying where the viruses are located and what they are called.

Does anybody have any idea how I can get my windows security center to work again and how to completely eliminate the Trojan-gen?

Thanks all for the help

EDIT: I have deleted the files from the chest by accident, sorry I didnt realise this was a bad thing :frowning:
EDIT 2: Just found this:

if you're using avast anti-virus there is a bug in the program for win32 trojan. It appears to be a false positive. Try AVG anti-virus or norton instead.

is this true or not?

Additional Information:

OS: Vista Home Premium x64bit
Avast Version: 4.7 Home Edition
VPS File Version: 000714-3

Text from log file:

09/02/2007 18:51:32 SYSTEM 1696 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: C:\Users\Stu\AppData\Local\Microsoft\Messenger\[email address removed]\SharingMetadata\Logs\Dfsr00005.log (C:\Users\Stu\AppData\Local\Microsoft\Messenger\[email address removed]\SharingMetadata\Logs\Dfsr00005.log) returning error, 00000005. 10/02/2007 22:02:22 SYSTEM 1660 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: C:\Users\Stu\AppData\Local\Temp\~DF123B.tmp (C:\Users\Stu\AppData\Local\Temp\~DF123B.tmp) returning error, 00000005. 18/02/2007 12:59:58 SYSTEM 1924 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\gwdppru.exe" file. 18/02/2007 13:00:20 SYSTEM 1924 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\fdpxssak.exe" file. 18/02/2007 13:00:32 SYSTEM 1924 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KVUDFTCP\ndnwtuhrrb[1].htm" file. 18/02/2007 13:00:38 SYSTEM 1924 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\eadyjxv.exe" file. 18/02/2007 13:00:44 SYSTEM 1924 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SS1SIHF5\lrnkl[1].htm" file. 18/02/2007 13:00:55 SYSTEM 1924 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\xalslpf.exe" file. 18/02/2007 13:01:07 SYSTEM 1924 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CHM3M4RZ\pzfsrbhie[1].htm" file. 18/02/2007 13:01:17 SYSTEM 1924 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\balbwjfo.exe" file. 18/02/2007 13:01:17 SYSTEM 1924 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\ekaitu.exe" file. 18/02/2007 13:01:20 SYSTEM 1924 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\frqiq.exe" file. 18/02/2007 13:01:21 SYSTEM 1924 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\ibffue.exe" file. 18/02/2007 13:01:22 SYSTEM 1924 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\sxpdoth.exe" file. 18/02/2007 13:01:24 SYSTEM 1924 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\balbwjfo.exe" file. 18/02/2007 13:03:02 SYSTEM 1924 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\vhtso.exe" file. 18/02/2007 15:51:34 Stu 1328 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CHM3M4RZ\fyrfbraxu[1].txt" file. 18/02/2007 15:56:50 Stu 1328 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CHM3M4RZ\xunfavdlx[1].htm" file. 18/02/2007 15:56:54 Stu 1328 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KVUDFTCP\cvffp[1].txt" file. 18/02/2007 15:56:55 Stu 1328 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KVUDFTCP\ntdnjku[1].htm" file. 18/02/2007 15:56:57 Stu 1328 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R284FFYG\zlnxhr[1].txt" file. 18/02/2007 15:57:01 Stu 1328 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SS1SIHF5\dwdynoscct[1].htm" file. 18/02/2007 15:57:04 Stu 1328 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SS1SIHF5\uxyroof[1].txt" file.

Hi Stu007 - welcome to the forum. It looks like you’ve had a busy day.

For the Security Center try this:

Click start
Click run
Type services.msc and click OK
Scroll down to Security Center and double click it
Make sure Startup Type is Automatic
Reboot

In regard to the trojans you should scan with the following free programs

AVG AntiSpyware: http://free.grisoft.com/doc/20/lng/us/tpl/v5
A-Squared: http://www.emsisoft.it/it/software/free/
SuperAntiSpyware: http://www.superantispyware.com/

Let us know how this works and if you are symptom free after these addition scans. Also, do you have a third party firewall installed or do you rely on the Windows Firewall alone?

EDIT:

EDIT 2: Just found this:

Quote
if you’re using avast anti-virus there is a bug in the program for win32 trojan. It appears to be a false positive. Try AVG anti-virus or norton instead.

is this true or not?


All AVs have false positives from time to time. Avast! is no exception. Its because of this possibility that putting files into the chest, rather than deleting them, is the preferred course of action.

But stating that win32:trojan is an FP is painting with a pretty broad brush - it implies that all trojans detected by avast! are false positives and this simply isn’t the case.

Windows defender also deleted "SpySheriff" which I believe is a fake spyware program ...
That's exactly what is it.

Yes very busy day :slight_smile:

Yes I rely on the windows firewall alone.

Ok so I have tried the Security Center fix. It has worked partially, I can now access the security center. However, I still cannot turn the firewall on.

I will try those other programs now but the AVG Antispyware will not run because I have a 64 bit OS. I will try the other programs now.

I am also trying a system restore from a few days ago, see if this helps.

Ok so system restore works.

So far so good.

Firewall back and running.

Performing Virus deep scan on all drives, spyware scan also running.

Will report back soon.

I don’t know if either of these are 64bit compatible, SUPERantispyware - Spyware Terminator.

The Vista firewall, although it has outbound protection it isn’t set to rules checking so effectively it still allows outbound connection. So it may well be worth checking out the default Vista firewall settings and beef up the outbound protection. I have also heard that the Vista firewall isn’t that flexible or configurable, so you might consider a third party firewall.

Sorry I can’t be of more help on the vista side as I remain on XP Pro.

I haven’t found a good, free firewall for for Vista yet. Jetico has a beta version but in general Jetico is not very user friendly.

SuperAntispyware says it’s Vista compatible without specifying 32bit or 64bit, so I suppose both.

OK im half way through my system scan now.

It has found a Win32:Adware-gen

18/02/2007 19:10:39 Stu 4048 Sign of "Win32:Adware-gen. [Adw]" has been found in "E:\System Volume Information\_restore{E9C43D59-A40F-4ACE-A02F-7357906EACB5}\RP492\A0044197.exe" file.

I have selected move to chest, so I dont know if it has done anything yet.

This is after I performed a system restore.

Hi Stu007,

With the traces of spyware there. I would consider you read this:
http://forum.avast.com/index.php?topic=25179.0 and run this rogue remover,

polonus

thanks

nothing detected with rogue remover

Edit: Win32:Adware-gen now in virus vault. Will report back if it reoccurs.

After researching the items in your log it appears these four may have been trojan downloaders,

uxyroof
xunfavdlx
ntdnjku
dwdynoscct

while Prevx reports it is investigating some of the others, presumably based on suspicious activity on users’ computers.

Assuming all the downloaders have been removed you should just be in a verification/cleanup phase right now, so its not too surprising that you’re not finding much.

Hi guys. I hope you can help me…

I got these 2 messages today
http://img483.imageshack.us/img483/6039/avasttp6.th.jpg

I dunno what to do, I run Spybot S&D and cleared infections but it is still here.
Im no expert so Im counting on you. :slight_smile:

Here`s my HijackThis log

Logfile of HijackThis v1.99.1
Scan saved at 17:17:51, on 19.2.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\Program Files\ProcessGuard\dcsuserprot.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Anti-Blaxx 1.18\Anti-Blaxx.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Avast4\ashDisp.exe
C:\Program Files\ProcessGuard\pgaccount.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\ProcessGuard\procguard.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\TEMP\winB88.tmp.exe
C:\Documents and Settings\Požnjsk\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: FCBHOBHO Class - {8B3868B4-EBA8-48FA-A19B-E1DFB99066FA} - D:\Audio-Video Programi\FlashCapture\fcbho.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM..\Run: [nod32kui] “C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM..\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx 1.18\Anti-Blaxx.exe
O4 - HKLM..\Run: [ATICCC] “C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” runtime -Delay
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [!1_pgaccount] “C:\Program Files\ProcessGuard\pgaccount.exe”
O4 - HKLM..\Run: [Zone Labs Client] “C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe”
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU..\Run: [H/PC Connection Agent] “C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE”
O4 - HKCU..\Run: [BlazeServoTool] “C:\Program Files\BlazeVideo\BlazeDVD4 Professional\MediaDetector.exe”
O4 - HKCU..\Run: [fa4d67d6.exe] C:\Documents and Settings\Požnjsk\Local Settings\Application Data\fa4d67d6.exe
O4 - HKCU..\Run: [Erts] “C:\PROGRA~1\YMBOLS~1\dvdplay.exe” -vt yazb
O4 - HKCU..\Run: [!1_ProcessGuard_Startup] “C:\Program Files\ProcessGuard\procguard.exe” -minimize
O4 - Startup: Konfabulator.lnk = C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Post Image to Blog - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5003
O8 - Extra context menu item: Save F&lash with FlashCapture - res://D:\Audio-Video Programi\FlashCapture\fciext.dll/FCIEXT.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Tag This Image - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5002
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5000
O8 - Extra context menu item: Upload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5001
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra ‘Tools’ menuitem: Create Mobile Favorite… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: FlashCapture - {753BBC4B-CC73-4fb8-A5B5-CA09C804C1DD} - D:\Audio-Video Programi\FlashCapture\fciext.dll
O9 - Extra button: @C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll,-115 - {BB8A8834-A0A1-4d70-A21A-72FF89AA737A} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O9 - Extra ‘Tools’ menuitem: ImageShack Toolbar - {BB8A8834-A0A1-4d70-A21A-72FF89AA737A} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD 2002\InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip..{B0240BFE-A0AD-46BB-85D9-B90F9571D4F7}: NameServer = 195.29.150.3 195.29.150.4
O20 - AppInit_DLLs: javaw.dll
O20 - Winlogon Notify: winosz32 - C:\WINDOWS\SYSTEM32\winosz32.dll
O20 - Winlogon Notify: winwim32 - winwim32.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: DiamondCS Process Guard Service v3.000 (DCSPGSRV) - DiamondCS - C:\Program Files\ProcessGuard\dcsuserprot.exe
O23 - Service: DriveCrypt Service (DriveCryptService) - Unknown owner - C:\Program Files\DriveCrypt\DcrServ.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PCAutoShutdown_Service - Unknown owner - C:\Program Files\PC Auto Shutdown\ShutdownService.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

First your JAVA is way out of date.
Ensure you have the latest version of JRE because older versions can be vulnerable to malware. First remove All Older Versions From Add/Remove Programs.
Then get the latest update from here http://www.java.com/en/download/index.jsp

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
Having two resident scanners installed is not recommended as rather than provide twice the protection it can cause conflicts that could leave you more vulnerable. Decision time.

Are you still using the gogle toolbar if not fix,
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)

What is this
C:\Program Files\Anti-Blaxx 1.18\Anti-Blaxx.exe

Suspect:
C:\WINDOWS\TEMP\winB88.tmp.exe

O4 - HKCU..\Run: [fa4d67d6.exe] C:\Documents and Settings\Požnjsk\Local Settings\Application Data\fa4d67d6.exe

I suggest you visit this on-line analysis and check out the unknown entries, did you install them, know them, google search the file names, etc.