Help needed

Hi all,
I cant get rid of this stupid program. I scanned all computer with NOD32, it found Win32/TrojanDownloader.Zlob.II trojan. I deleted it. I am attaching a screenshot. I just cant find out which program shows me this baloon popup. I had a look at RUN keys in registry (HKLM and HKCU). Of course, I checked STARTUP folder, but there were no shortcuts.. I tried "msconfig" tool but I didnt find any suspicious entries. Even, I tried killing programs via Task Manager but it didnt help me. I leave only windows programs (SYSTEM and explorer.exe and so on) running but it still appears in taskbar.
Could somebody help me? Is there anything else what should I check? I am attaching STARTUP list, if somebody experienced has a time to look at it.. thank you in advance..

---
I scanned computer in SAFE MODE...

 

Here is that startup list..

 

Looks like u may be infected with SpyAxe,

http://castlecops.com/a6430-SpyAxe_Symptoms_of_Infection_and_Cleanup.html



snowbound

 

Happend the same to me yesterday and i cleaned it with SpyBot it helped i think.

 

Looks like your PC has been infected by a Trojan that has sort of disguised itself as some sort of Trojan warning you about infections etc.

I just cant find out which program shows me this baloon popup.
Does this baloon pop up everytime you power up the PC ?

Even, I tried killing programs via Task Manager but it didnt help me.
No it wont Task Manager will only close it down but it will re-appear next time you boot up your PC again, you need to physically delete it.

I ams suggesting both these files are related, the one you deleted and this baloon one.

Try the following:>

C drive, Doc and settings, All Users, Start Menu, Progs and Startup. See if you see any thing suspicious in your startup menu and if so delete it.

Also I would do a full scan using Ewido, Spybot S&D and also Adaware SE.

Let me know how you go.

 

Thank you all! I ran scan with Spyware Doctor but since it was only trial version I couldn't remove it (there was SpyAXE, some other spyware programs and so on)... But it helped me because I found out which files are responsible for it. So I deleted them, removed registry entries from HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run. Damn I didn't know that Windows runs files from this location.... THANK YOU once again.. I made copies of all that files and I am going to send them to ESET for further analyse and possible detection added...

 

Download a trial version of Ewido and do a scan with that.