ComboFix 10-03-05.03 -  06.03.2010  13:54:32.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1251.7.1049.18.3327.2843 [GMT 3:00]
Running from: c:\documents and settings\\ \ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: PC Tools Firewall Plus *disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common Files\keylog.txt
c:\recycler\S-1-5-21-0243936033-3052116371-381863308-1811
c:\recycler\S-1-5-21-1839162477-1984642271-695963228-3696
c:\recycler\S-1-5-21-2030712423-7757527510-143358610-2967
c:\recycler\S-1-5-21-2074271168-5944268001-975941107-6284
c:\recycler\S-1-5-21-2426803186-1321165933-166347598-5148
c:\recycler\S-1-5-21-2757937696-4206686373-525632289-7017
c:\recycler\S-1-5-21-2905220113-3771559440-814764635-4365
c:\recycler\S-1-5-21-3138314658-3492141702-376189354-1860
c:\recycler\S-1-5-21-3226155025-9407162783-018331022-9513
c:\recycler\S-1-5-21-3302049983-8051157105-434963071-2240
c:\recycler\S-1-5-21-3376395891-4051096309-623620502-5689
c:\recycler\S-1-5-21-3573479138-3747270840-296276700-9803
c:\recycler\S-1-5-21-3828201421-2673722094-305190745-7212
c:\recycler\S-1-5-21-3862884790-9223988847-745193231-9123
c:\recycler\S-1-5-21-4021705099-4908526894-978215152-6756
c:\recycler\S-1-5-21-4922577570-0192057058-090542055-8832
c:\recycler\S-1-5-21-5898903572-9024787923-366890678-3163
c:\recycler\S-1-5-21-5971349519-1715659907-743416969-0451
c:\recycler\S-1-5-21-7312830911-1441278495-355500568-7629
c:\recycler\S-1-5-21-7701547855-5132973934-854177864-7072
c:\recycler\S-1-5-21-8762464729-0980325178-173365210-1315
c:\recycler\S-1-5-21-9567876881-4198136958-334721237-3727
c:\windows\logfile32.txt
c:\windows\system32\06.exe
c:\windows\system32\14.exe
c:\windows\system32\16.exe
c:\windows\system32\23.exe
c:\windows\system32\25.exe
c:\windows\system32\34.exe
c:\windows\system32\37.exe
c:\windows\system32\43.exe
c:\windows\system32\47.exe
c:\windows\system32\48.exe
c:\windows\system32\53.exe
c:\windows\system32\56.exe
c:\windows\system32\57.exe
c:\windows\system32\63.exe
c:\windows\system32\65.exe
c:\windows\system32\67.exe
c:\windows\system32\72.exe
c:\windows\system32\ssRibbons.scr
c:\windows\system32\tmp19.tmp

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FCI


(((((((((((((((((((((((((   Files Created from 2010-02-06 to 2010-03-06  )))))))))))))))))))))))))))))))
.

2010-03-06 08:02 . 2010-03-06 08:02	76288	----a-w-	c:\windows\system32\X7lm36W.exe
2010-03-06 07:05 . 2010-03-06 07:05	--------	d-sh--w-	c:\windows\system32\config\systemprofile\IETldCache
2010-03-06 07:03 . 2010-03-06 07:03	11264	----a-w-	c:\windows\system32\drivers\uze4mtyx.sys
2010-03-06 06:55 . 2010-03-06 06:55	--------	d-sh--w-	c:\documents and settings\\IECompatCache
2010-03-06 06:54 . 2010-03-06 06:54	--------	d-sh--w-	c:\documents and settings\\PrivacIE
2010-03-06 06:54 . 2010-03-06 06:54	--------	d-sh--w-	c:\documents and settings\LocalService\IETldCache
2010-03-06 06:54 . 2010-03-06 06:54	--------	d-sh--w-	c:\documents and settings\\IETldCache
2010-03-06 06:51 . 2010-03-06 06:53	--------	dc-h--w-	c:\windows\ie8
2010-03-05 20:34 . 2010-03-05 20:34	76288	----a-w-	c:\windows\system32\AUOXfHo.exe
2010-03-05 19:18 . 2010-03-05 19:18	80896	----a-w-	c:\windows\system32\YP4R4NY.exe
2010-03-05 19:08 . 2010-03-05 19:08	80896	----a-w-	c:\windows\system32\oExFN6N.exe
2010-03-05 19:05 . 2010-03-05 19:05	80896	----a-w-	c:\windows\system32\LCWfFco.exe
2010-03-05 19:00 . 2010-03-05 19:00	80896	----a-w-	c:\windows\system32\eDe7YoF.exe
2010-03-05 18:17 . 2010-03-05 18:17	80896	----a-w-	c:\windows\system32\jEnpBBK.exe
2010-03-05 18:17 . 2010-03-05 18:17	--------	d-----w-	c:\program files\Common Files\wm
2010-03-05 16:36 . 2010-03-05 16:36	--------	d-----w-	c:\documents and settings\\DoctorWeb
2010-03-05 16:09 . 2010-03-05 16:09	--------	d-----w-	c:\program files\Trend Micro
2010-03-05 15:56 . 2010-03-05 15:56	--------	d-----w-	c:\documents and settings\\Local Settings\Application Data\Help
2010-03-05 15:52 . 2010-03-06 08:41	--------	d-----w-	C:\avz4
2010-03-05 14:41 . 2010-03-05 14:41	--------	d--h--w-	c:\windows\PIF
2010-03-05 13:55 . 2010-03-05 13:55	--------	d-----w-	c:\documents and settings\\Application Data\PCToolsFirewallPlus
2010-03-05 13:53 . 2009-11-23 10:54	88040	----a-w-	c:\windows\system32\drivers\PCTAppEvent.sys
2010-03-05 13:53 . 2009-11-09 08:20	207792	----a-w-	c:\windows\system32\drivers\PCTCore.sys
2010-03-05 13:53 . 2010-01-07 09:40	233136	----a-w-	c:\windows\system32\drivers\pctgntdi.sys
2010-03-05 13:53 . 2010-03-06 10:58	--------	d---a-w-	c:\documents and settings\All Users\Application Data\TEMP
2010-03-05 13:53 . 2010-03-05 13:53	--------	d-----w-	c:\program files\Common Files\PC Tools
2010-03-05 13:53 . 2010-01-12 06:34	70664	----a-w-	c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2010-03-05 13:53 . 2010-01-07 08:35	58816	----a-w-	c:\windows\system32\drivers\pctNdis.sys
2010-03-05 13:53 . 2010-01-07 08:35	32680	----a-w-	c:\windows\system32\drivers\pctNdis-DNS.sys
2010-03-05 13:53 . 2010-01-13 05:59	115216	----a-w-	c:\windows\system32\drivers\pctplfw.sys
2010-03-05 13:53 . 2010-03-05 13:55	--------	d-----w-	c:\program files\PC Tools Firewall Plus
2010-03-04 08:37 . 2010-03-04 08:37	--------	d-----w-	c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters Inc
2010-03-04 08:32 . 2010-03-04 08:34	--------	d-----w-	c:\documents and settings\\Application Data\GetRightToGo
2010-03-04 06:58 . 2008-04-15 12:00	98304	----a-w-	c:\windows\system32\msir3jp.dll
2010-03-04 06:58 . 2008-04-15 12:00	838144	----a-w-	c:\windows\system32\chtbrkr.dll
2010-03-04 06:58 . 2008-04-15 12:00	70656	----a-w-	c:\windows\system32\korwbrkr.dll
2010-03-04 06:58 . 2008-04-15 12:00	1677824	----a-w-	c:\windows\system32\chsbrkr.dll
2010-03-04 06:58 . 2008-04-15 12:00	6144	----a-w-	c:\windows\system32\kbd101a.dll
2010-03-04 06:58 . 2008-04-15 12:00	9216	----a-w-	c:\windows\system32\kbdnecAT.dll
2010-03-04 06:58 . 2008-04-15 12:00	7680	----a-w-	c:\windows\system32\kbdnecNT.dll
2010-03-04 06:58 . 2008-04-15 12:00	7168	----a-w-	c:\windows\system32\kbdnec95.dll
2010-03-04 06:58 . 2008-04-15 12:00	6656	----a-w-	c:\windows\system32\c_is2022.dll
2010-03-04 06:57 . 2008-04-15 12:00	76288	----a-w-	c:\windows\system32\uniime.dll
2010-03-04 06:57 . 2008-04-15 12:00	811064	----a-w-	c:\windows\system32\imjp81k.dll
2010-03-04 06:30 . 2008-04-15 12:00	7168	----a-w-	c:\windows\system32\kbdibm02.dll
2010-03-04 06:30 . 2008-04-15 12:00	7168	----a-w-	c:\windows\system32\f3ahvoas.dll
2010-03-04 06:30 . 2008-04-15 12:00	6656	----a-w-	c:\windows\system32\kbdlk41a.dll
2010-03-04 06:30 . 2008-04-15 12:00	6144	----a-w-	c:\windows\system32\kbdlk41j.dll
2010-03-04 06:30 . 2008-04-15 12:00	6144	----a-w-	c:\windows\system32\kbdax2.dll
2010-03-04 06:30 . 2008-04-15 12:00	6144	----a-w-	c:\windows\system32\kbd106n.dll
2010-03-04 06:30 . 2008-04-15 12:00	6144	----a-w-	c:\windows\system32\kbd101.dll
2010-03-04 06:30 . 2008-04-15 12:00	218112	----a-w-	c:\windows\system32\c_g18030.dll
2010-02-25 11:37 . 2010-02-25 11:40	--------	d-----w-	c:\windows\SxsCaPendDel
2010-02-25 11:36 . 2010-02-25 11:36	--------	d-----w-	c:\program files\NVIDIA Corporation
2010-02-25 11:35 . 2010-02-25 11:36	--------	d--h--w-	c:\windows\msdownld.tmp
2010-02-25 11:34 . 2010-02-25 11:34	--------	d-----w-	c:\program files\Common Files\BioWare
2010-02-24 13:44 . 2010-03-04 10:16	--------	d-----w-	c:\documents and settings\\Application Data\vlc
2010-02-24 13:43 . 2010-02-24 13:43	--------	d-----w-	c:\program files\VideoLAN
2010-02-19 17:19 . 2010-02-19 17:19	--------	d-----w-	c:\documents and settings\\Local Settings\Application Data\Identities
2010-02-15 13:54 . 2001-08-18 03:36	8704	----a-w-	c:\windows\system32\kbdjpn.dll
2010-02-15 13:54 . 2001-08-18 03:36	8192	----a-w-	c:\windows\system32\kbdkor.dll
2010-02-15 13:54 . 2001-08-17 19:55	6144	----a-w-	c:\windows\system32\kbd101c.dll
2010-02-15 13:54 . 2001-08-17 19:55	5632	----a-w-	c:\windows\system32\kbd103.dll
2010-02-15 13:54 . 2008-04-25 15:37	6144	----a-w-	c:\windows\system32\kbd106.dll
2010-02-15 13:54 . 2001-08-17 19:55	6144	----a-w-	c:\windows\system32\kbd101b.dll
2010-02-14 20:41 . 2010-02-15 07:16	--------	d-----w-	c:\documents and settings\\Local Settings\Application Data\Yandex
2010-02-14 20:41 . 2010-02-15 07:16	--------	d-----w-	c:\documents and settings\\Application Data\Yandex
2010-02-14 20:40 . 2010-02-14 20:42	--------	d-----w-	c:\program files\DAEMON Tools Lite
2010-02-14 20:40 . 2010-02-15 07:50	--------	d-----w-	c:\documents and settings\\Application Data\DAEMON Tools Lite
2010-02-14 20:40 . 2010-02-14 20:40	--------	d-----w-	c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2010-02-13 16:21 . 2010-02-13 16:22	--------	d-----w-	c:\documents and settings\\Local Settings\Application Data\Temp
2010-02-13 16:21 . 2010-02-14 20:41	--------	d-----w-	c:\documents and settings\\Local Settings\Application Data\Google
2010-02-06 09:29 . 2010-03-05 13:01	--------	d-----w-	C:\
2010-02-05 13:44 . 2009-11-25 08:19	56816	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2010-02-05 13:44 . 2009-03-30 06:33	96104	----a-w-	c:\windows\system32\drivers\avipbb.sys
2010-02-05 13:44 . 2009-02-13 08:29	22360	----a-w-	c:\windows\system32\drivers\avgntmgr.sys
2010-02-05 13:44 . 2009-02-13 08:17	45416	----a-w-	c:\windows\system32\drivers\avgntdd.sys
2010-02-05 13:44 . 2010-02-05 13:44	--------	d-----w-	c:\program files\Avira
2010-02-05 13:44 . 2010-02-05 13:44	--------	d-----w-	c:\documents and settings\All Users\Application Data\Avira

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-06 10:59 . 2010-02-03 06:48	--------	d-----w-	c:\documents and settings\\Application Data\uTorrent
2010-03-06 10:10 . 2009-11-20 09:13	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-03-06 07:20 . 2010-02-02 17:00	--------	d-----w-	c:\program files\Mozilla Thunderbird
2010-03-05 16:27 . 2010-01-07 21:09	1	----a-w-	c:\documents and settings\\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-03-04 10:05 . 2010-02-02 18:48	--------	d-----w-	c:\documents and settings\\Application Data\Download Master
2010-03-04 06:59 . 2009-11-20 09:21	26640	----a-w-	c:\documents and settings\\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-28 18:03 . 2010-01-27 13:36	--------	d-----w-	c:\program files\DOSBox-0.72
2010-02-25 11:37 . 2009-11-23 15:16	--------	d-----w-	c:\program files\Common Files\Wise Installation Wizard
2010-02-25 11:37 . 2009-11-23 15:17	--------	d-----w-	c:\program files\AGEIA Technologies
2010-02-24 14:02 . 2010-02-03 06:50	--------	d-----w-	c:\program files\uTorrent
2010-02-14 20:40 . 2009-11-20 09:08	691696	----a-w-	c:\windows\system32\drivers\sptd.sys
2010-02-07 18:57 . 2009-11-20 09:45	--------	d-----w-	c:\documents and settings\\Application Data\Winamp
2010-02-07 18:48 . 2009-11-20 09:45	--------	d-----w-	c:\program files\Winamp
2010-02-05 13:27 . 2008-04-25 14:41	1597952	----a-w-	c:\windows\explorer.exe
2010-02-03 07:40 . 2008-04-15 12:00	14336	----a-w-	c:\windows\system32\svchost.exe
2010-02-03 06:43 . 2010-02-03 06:27	--------	d-----w-	c:\documents and settings\\Application Data\DC++
2010-02-03 06:27 . 2010-02-03 06:24	--------	d-----w-	c:\program files\DC++
2010-02-03 06:19 . 2010-02-02 18:48	--------	d-----w-	c:\program files\Download Master
2010-02-02 17:00 . 2010-02-02 17:00	--------	d-----w-	c:\documents and settings\\Application Data\Thunderbird
2010-02-02 16:47 . 2010-02-02 16:47	0	----a-w-	c:\windows\nsreg.dat
2010-01-27 13:35 . 2010-01-27 13:35	--------	d-----w-	c:\program files\7-Zip
2010-01-18 12:45 . 2010-01-18 12:45	--------	d-----w-	c:\program files\OpenAL
2010-01-18 12:45 . 2009-11-23 14:19	109080	----a-w-	c:\windows\system32\OpenAL32.dll
2010-01-18 12:45 . 2009-11-23 14:19	444952	----a-w-	c:\windows\system32\wrap_oal.dll
2010-01-07 21:08 . 2010-01-07 21:08	--------	d-----w-	c:\documents and settings\\Application Data\OpenOffice.org
2010-01-07 21:07 . 2010-01-07 21:07	--------	d-----w-	c:\program files\JRE
2010-01-07 21:07 . 2010-01-07 21:07	--------	d-----w-	c:\program files\OpenOffice.org 3
2010-01-07 21:07 . 2009-11-20 09:08	--------	d-----w-	c:\program files\Java
2009-12-08 14:04 . 2009-12-08 14:04	316816	----a-w-	c:\windows\system32\appdrvrem01.exe
2009-12-08 14:04 . 2009-12-08 14:04	3033200	----a-w-	c:\windows\system32\drivers\appdrv01.sys
.

------- Sigcheck -------

[-] 2008-04-23 . 99BD46C2C790E52363DD1021DDCA3E8F . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys

[-] 2008-04-25 . 7477564EC8AA190D95A7F3FBB6471F4F . 123904 . . [5.4.3790.5512] . . c:\windows\system32\wuauclt.exe

[-] 2008-04-25 . E506465BFB0821DC33077E29FD184E31 . 691200 . . [5.82] . . c:\windows\system32\comctl32.dll

[-] 2008-04-23 . 7668E176F08B158D7EF2A17D8EB2B8D3 . 2286592 . . [5.1.2600.5512] . . c:\windows\system32\ntoskrnl.exe

[-] 2008-04-25 . 371C41F777924F3EA3BFAD18C6A04502 . 584192 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll

[-] 2010-02-05 . A0F98BB46BEEAF2A94593FF9AB856A80 . 1597952 . . [6.00.2900.5512] . . c:\windows\explorer.exe

[-] 2008-04-25 . 1C079017E180FB9AB4B56AA8F896F708 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

[-] 2008-04-25 . 0CE07543B08FD1E209D99D504076102B . 17408 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe

[-] 2008-04-25 . 60D59D502589F1C0459FDDB5FC22B161 . 2165248 . . [5.1.2600.5512] . . c:\windows\system32\ntkrnlpa.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VistaIcon"="c:\program files\VistaDriveIcon\VistaDrv.exe" [2008-03-23 132096]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-02-24 319280]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-25 17408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"RTHDCPL"="RTHDCPL.EXE" [2008-12-09 18063872]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-15 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-15 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-15 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-15 455168]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2010-01-12 3168216]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-25 17408]
"VistaIcon"="c:\program files\VistaDriveIcon\VistaDrv.exe" [2008-03-23 132096]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMHelp"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMHelp"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"UpdatesOverride"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [20.11.2009 12:08 691696]
R1 appdrv01;Application Driver (01);c:\windows\system32\drivers\appdrv01.sys [08.12.2009 17:04 3033200]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [05.03.2010 16:53 233136]
R1 uze4mtyx;AVZ-RK Kernel Driver;c:\windows\system32\drivers\uze4mtyx.sys [06.03.2010 10:03 11264]
R2 AntiVirSchedulerService;Avira AntiVir ;c:\program files\Avira\AntiVir Desktop\sched.exe [05.02.2010 16:44 108289]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [05.03.2010 16:53 88040]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [05.03.2010 16:53 70664]
R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [05.03.2010 16:53 58816]
S2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc --> c:\windows\System32\appdrvrem01.exe svc [?]
S2 fqevsd;Windows Helper;c:\windows\system32\svchost.exe -k netsvcs [15.04.2008 15:00 14336]
S2 oimev;Config Monitor;c:\windows\system32\svchost.exe -k netsvcs [15.04.2008 15:00 14336]
S3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [05.03.2010 16:53 115216]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - SRSERVICE

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
oimev
fqevsd
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yandex.ru/
IE: &  Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE:     Download Master - c:\program files\Download Master\dmieall.htm
IE:    Download Master - c:\program files\Download Master\dmie.htm
IE:     DM - c:\program files\Download Master\remdown.htm
IE: {{8DAE90AD-4583-4977-9DD4-4360F7A45C74} - c:\program files\Download Master\dmaster.exe
FF - ProfilePath - c:\documents and settings\\Application Data\Mozilla\Firefox\Profiles\6xfdtm3z.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ru/
FF - plugin: c:\install\Adobe Reader\Reader\browser\nppdf32.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdm.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency",   1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug",            false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight",       2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize",       1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight",   25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight",     5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-userini - c:\windows\explorer.exe:userini.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-06 13:59
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys atapi.sys spwq.sys >>UNKNOWN [0x8A336938]<< 
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf763bf28
\Driver\ACPI -> ACPI.sys @ 0xf74a3cb8
\Driver\atapi -> sfsync02.sys @ 0xf7717d60
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e6686
 ParseProcedure -> ntoskrnl.exe @ 0x8057b6b9
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e6686
 ParseProcedure -> ntoskrnl.exe @ 0x8057b6b9
NDIS: Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf7b3abb0
 PacketIndicateHandler -> NDIS.sys @ 0xf7b47a21
 SendHandler -> NDIS.sys @ 0xf7b2587b
user & kernel MBR OK 

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\fqevsd]
"ServiceDll"="c:\windows\system32\cdbmq.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\oimev]
"ServiceDll"="c:\windows\system32\cdbmq.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1409082233-73586283-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ab,6c,29,b6,0f,a2,2c,42,8c,92,47,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ab,6c,29,b6,0f,a2,2c,42,8c,92,47,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1020)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\cscui.dll
c:\windows\system32\COMRes.dll

- - - - - - - > 'explorer.exe'(3496)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\MSVCP60.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\RTHDCPL.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2010-03-06  14:00:55 - machine was rebooted
ComboFix-quarantined-files.txt  2010-03-06 11:00

Pre-Run: 242379587584  
Post-Run: 242515996672  

- - End Of File - - 3370B733101CE589CC99E5A517F16468
