ComboFix 10-03-06.08 -  07.03.2010  19:56:27.6.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1251.7.1049.18.3327.2816 [GMT 3:00]
Running from: c:\documents and settings\\ \ComboFix.exe
Command switches used :: c:\documents and settings\\ \CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: PC Tools Firewall Plus *disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
.

(((((((((((((((((((((((((   Files Created from 2010-02-07 to 2010-03-07  )))))))))))))))))))))))))))))))
.

2010-03-07 12:13 . 2010-03-07 13:44	--------	d-----w-	C:\quickkiller
2010-03-07 09:03 . 2010-03-07 09:03	--------	d-----w-	c:\program files\MSXML 4.0
2010-03-07 09:00 . 2010-03-07 09:06	--------	d-----w-	c:\windows\ie8updates
2010-03-07 08:59 . 2008-04-15 12:00	221184	----a-w-	c:\windows\system32\wmpns.dll
2010-03-07 08:52 . 2009-12-21 19:08	594432	-c----w-	c:\windows\system32\dllcache\msfeeds.dll
2010-03-07 08:52 . 2009-12-21 19:08	1985536	-c----w-	c:\windows\system32\dllcache\iertutil.dll
2010-03-07 08:52 . 2009-12-21 19:08	246272	-c----w-	c:\windows\system32\dllcache\ieproxy.dll
2010-03-07 08:52 . 2009-12-21 19:08	12800	-c----w-	c:\windows\system32\dllcache\xpshims.dll
2010-03-07 08:52 . 2009-12-21 19:08	55296	-c----w-	c:\windows\system32\dllcache\msfeedsbs.dll
2010-03-07 08:52 . 2009-12-21 19:08	11070464	-c----w-	c:\windows\system32\dllcache\ieframe.dll
2010-03-07 08:46 . 2009-11-21 16:03	471552	-c----w-	c:\windows\system32\dllcache\aclayers.dll
2010-03-07 08:43 . 2009-10-15 16:33	81920	-c----w-	c:\windows\system32\dllcache\fontsub.dll
2010-03-07 08:43 . 2009-10-15 16:33	119808	-c----w-	c:\windows\system32\dllcache\t2embed.dll
2010-03-07 08:30 . 2009-06-21 21:48	153088	-c----w-	c:\windows\system32\dllcache\triedit.dll
2010-03-07 08:29 . 2009-07-10 13:28	1315328	-c----w-	c:\windows\system32\dllcache\msoe.dll
2010-03-07 08:18 . 2009-07-31 04:35	1172480	-c----w-	c:\windows\system32\dllcache\msxml3.dll
2010-03-07 08:18 . 2008-05-01 14:37	331776	-c----w-	c:\windows\system32\dllcache\msadce.dll
2010-03-07 08:17 . 2008-04-11 19:06	691712	-c----w-	c:\windows\system32\dllcache\inetcomm.dll
2010-03-07 08:16 . 2008-06-14 17:35	272512	-c----w-	c:\windows\system32\dllcache\bthport.sys
2010-03-07 08:16 . 2008-06-14 17:35	272512	------w-	c:\windows\system32\drivers\bthport.sys
2010-03-07 08:15 . 2008-05-08 14:02	203136	-c----w-	c:\windows\system32\dllcache\rmcast.sys
2010-03-07 08:15 . 2008-04-21 21:15	218624	-c----w-	c:\windows\system32\dllcache\wordpad.exe
2010-03-06 19:03 . 2009-08-06 16:24	44768	----a-w-	c:\windows\system32\wups2.dll
2010-03-06 18:53 . 2010-03-07 12:10	--------	d-----w-	C:\KK
2010-03-06 18:51 . 2009-12-31 16:50	353792	-c----w-	c:\windows\system32\dllcache\srv.sys
2010-03-06 18:47 . 2009-12-04 18:22	455424	-c----w-	c:\windows\system32\dllcache\mrxsmb.sys
2010-03-06 18:46 . 2008-10-15 16:37	337408	-c----w-	c:\windows\system32\dllcache\netapi32.dll
2010-03-06 18:34 . 2010-03-06 18:34	--------	d-----w-	c:\program files\Belarc
2010-03-06 18:34 . 2008-02-27 09:49	3840	----a-w-	c:\windows\system32\drivers\BANTExt.sys
2010-03-06 16:47 . 2010-03-06 16:47	--------	d-----w-	c:\documents and settings\\Application Data\Malwarebytes
2010-03-06 16:47 . 2010-01-07 13:07	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-06 16:47 . 2010-03-06 16:47	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-03-06 16:47 . 2010-03-06 16:47	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-06 16:47 . 2010-01-07 13:07	19160	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-03-06 08:02 . 2010-03-06 08:02	76288	----a-w-	c:\windows\system32\X7lm36W.exe
2010-03-06 07:05 . 2010-03-06 07:05	--------	d-sh--w-	c:\windows\system32\config\systemprofile\IETldCache
2010-03-06 07:03 . 2010-03-07 10:05	11264	----a-w-	c:\windows\system32\drivers\uze4mtyx.sys
2010-03-06 06:55 . 2010-03-06 06:55	--------	d-sh--w-	c:\documents and settings\\IECompatCache
2010-03-06 06:54 . 2010-03-06 06:54	--------	d-sh--w-	c:\documents and settings\\PrivacIE
2010-03-06 06:54 . 2010-03-06 06:54	--------	d-sh--w-	c:\documents and settings\LocalService\IETldCache
2010-03-06 06:54 . 2010-03-06 06:54	--------	d-sh--w-	c:\documents and settings\\IETldCache
2010-03-06 06:51 . 2010-03-06 06:53	--------	dc-h--w-	c:\windows\ie8
2010-03-05 18:17 . 2010-03-05 18:17	--------	d-----w-	c:\program files\Common Files\wm
2010-03-05 16:36 . 2010-03-05 16:36	--------	d-----w-	c:\documents and settings\\DoctorWeb
2010-03-05 16:09 . 2010-03-05 16:09	--------	d-----w-	c:\program files\Trend Micro
2010-03-05 15:56 . 2010-03-05 15:56	--------	d-----w-	c:\documents and settings\\Local Settings\Application Data\Help
2010-03-05 15:52 . 2010-03-06 08:41	--------	d-----w-	C:\avz4
2010-03-05 14:41 . 2010-03-05 14:41	--------	d--h--w-	c:\windows\PIF
2010-03-05 13:55 . 2010-03-05 13:55	--------	d-----w-	c:\documents and settings\\Application Data\PCToolsFirewallPlus
2010-03-05 13:53 . 2009-11-23 10:54	88040	----a-w-	c:\windows\system32\drivers\PCTAppEvent.sys
2010-03-05 13:53 . 2009-11-09 08:20	207792	----a-w-	c:\windows\system32\drivers\PCTCore.sys
2010-03-05 13:53 . 2010-01-07 09:40	233136	----a-w-	c:\windows\system32\drivers\pctgntdi.sys
2010-03-05 13:53 . 2010-03-07 17:00	--------	d---a-w-	c:\documents and settings\All Users\Application Data\TEMP
2010-03-05 13:53 . 2010-03-05 13:53	--------	d-----w-	c:\program files\Common Files\PC Tools
2010-03-05 13:53 . 2010-01-12 06:34	70664	----a-w-	c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2010-03-05 13:53 . 2010-01-07 08:35	58816	----a-w-	c:\windows\system32\drivers\pctNdis.sys
2010-03-05 13:53 . 2010-01-07 08:35	32680	----a-w-	c:\windows\system32\drivers\pctNdis-DNS.sys
2010-03-05 13:53 . 2010-01-13 05:59	115216	----a-w-	c:\windows\system32\drivers\pctplfw.sys
2010-03-05 13:53 . 2010-03-05 13:55	--------	d-----w-	c:\program files\PC Tools Firewall Plus
2010-03-04 08:37 . 2010-03-04 08:37	--------	d-----w-	c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters Inc
2010-03-04 08:32 . 2010-03-04 08:34	--------	d-----w-	c:\documents and settings\\Application Data\GetRightToGo
2010-03-04 06:58 . 2008-04-15 12:00	98304	----a-w-	c:\windows\system32\msir3jp.dll
2010-03-04 06:58 . 2008-04-15 12:00	838144	----a-w-	c:\windows\system32\chtbrkr.dll
2010-03-04 06:58 . 2008-04-15 12:00	70656	----a-w-	c:\windows\system32\korwbrkr.dll
2010-03-04 06:58 . 2008-04-15 12:00	1677824	----a-w-	c:\windows\system32\chsbrkr.dll
2010-03-04 06:58 . 2008-04-15 12:00	6144	----a-w-	c:\windows\system32\kbd101a.dll
2010-03-04 06:58 . 2008-04-15 12:00	9216	----a-w-	c:\windows\system32\kbdnecAT.dll
2010-03-04 06:58 . 2008-04-15 12:00	7680	----a-w-	c:\windows\system32\kbdnecNT.dll
2010-03-04 06:58 . 2008-04-15 12:00	7168	----a-w-	c:\windows\system32\kbdnec95.dll
2010-03-04 06:58 . 2008-04-15 12:00	6656	----a-w-	c:\windows\system32\c_is2022.dll
2010-03-04 06:57 . 2008-04-15 12:00	76288	----a-w-	c:\windows\system32\uniime.dll
2010-03-04 06:57 . 2008-04-15 12:00	811064	----a-w-	c:\windows\system32\imjp81k.dll
2010-03-04 06:30 . 2008-04-15 12:00	7168	----a-w-	c:\windows\system32\kbdibm02.dll
2010-03-04 06:30 . 2008-04-15 12:00	7168	----a-w-	c:\windows\system32\f3ahvoas.dll
2010-03-04 06:30 . 2008-04-15 12:00	6656	----a-w-	c:\windows\system32\kbdlk41a.dll
2010-03-04 06:30 . 2008-04-15 12:00	6144	----a-w-	c:\windows\system32\kbdlk41j.dll
2010-03-04 06:30 . 2008-04-15 12:00	6144	----a-w-	c:\windows\system32\kbdax2.dll
2010-03-04 06:30 . 2008-04-15 12:00	6144	----a-w-	c:\windows\system32\kbd106n.dll
2010-03-04 06:30 . 2008-04-15 12:00	6144	----a-w-	c:\windows\system32\kbd101.dll
2010-03-04 06:30 . 2008-04-15 12:00	218112	----a-w-	c:\windows\system32\c_g18030.dll
2010-02-25 11:37 . 2010-02-25 11:40	--------	d-----w-	c:\windows\SxsCaPendDel
2010-02-25 11:36 . 2010-02-25 11:36	--------	d-----w-	c:\program files\NVIDIA Corporation
2010-02-25 11:35 . 2010-02-25 11:36	--------	d--h--w-	c:\windows\msdownld.tmp
2010-02-25 11:34 . 2010-02-25 11:34	--------	d-----w-	c:\program files\Common Files\BioWare
2010-02-24 13:44 . 2010-03-04 10:16	--------	d-----w-	c:\documents and settings\\Application Data\vlc
2010-02-24 13:43 . 2010-02-24 13:43	--------	d-----w-	c:\program files\VideoLAN
2010-02-19 17:19 . 2010-02-19 17:19	--------	d-----w-	c:\documents and settings\\Local Settings\Application Data\Identities
2010-02-15 13:54 . 2001-08-18 03:36	8704	----a-w-	c:\windows\system32\kbdjpn.dll
2010-02-15 13:54 . 2001-08-18 03:36	8192	----a-w-	c:\windows\system32\kbdkor.dll
2010-02-15 13:54 . 2001-08-17 19:55	6144	----a-w-	c:\windows\system32\kbd101c.dll
2010-02-15 13:54 . 2001-08-17 19:55	5632	----a-w-	c:\windows\system32\kbd103.dll
2010-02-15 13:54 . 2008-04-25 15:37	6144	----a-w-	c:\windows\system32\kbd106.dll
2010-02-15 13:54 . 2001-08-17 19:55	6144	----a-w-	c:\windows\system32\kbd101b.dll
2010-02-14 20:41 . 2010-02-15 07:16	--------	d-----w-	c:\documents and settings\\Local Settings\Application Data\Yandex
2010-02-14 20:41 . 2010-02-15 07:16	--------	d-----w-	c:\documents and settings\\Application Data\Yandex
2010-02-14 20:40 . 2010-02-15 07:50	--------	d-----w-	c:\documents and settings\\Application Data\DAEMON Tools Lite
2010-02-14 20:40 . 2010-02-14 20:40	--------	d-----w-	c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2010-02-13 16:21 . 2010-02-13 16:22	--------	d-----w-	c:\documents and settings\\Local Settings\Application Data\Temp
2010-02-13 16:21 . 2010-02-14 20:41	--------	d-----w-	c:\documents and settings\\Local Settings\Application Data\Google
2010-02-06 09:29 . 2010-03-05 13:01	--------	d-----w-	C:\

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-07 17:01 . 2010-02-03 06:48	--------	d-----w-	c:\documents and settings\\Application Data\uTorrent
2010-03-07 11:01 . 2010-02-02 17:00	--------	d-----w-	c:\program files\Mozilla Thunderbird
2010-03-07 09:11 . 2008-04-15 12:00	84082	----a-w-	c:\windows\system32\perfc019.dat
2010-03-07 09:11 . 2008-04-15 12:00	484362	----a-w-	c:\windows\system32\perfh019.dat
2010-03-06 19:21 . 2009-11-20 09:21	26640	----a-w-	c:\documents and settings\\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-06 19:17 . 2010-03-06 19:17	--------	d-----w-	c:\program files\MSBuild
2010-03-06 19:17 . 2010-03-06 19:17	--------	d-----w-	c:\program files\Reference Assemblies
2010-03-06 16:44 . 2009-11-20 09:13	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-03-05 16:27 . 2010-01-07 21:09	1	----a-w-	c:\documents and settings\\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-03-04 10:05 . 2010-02-02 18:48	--------	d-----w-	c:\documents and settings\\Application Data\Download Master
2010-02-28 18:03 . 2010-01-27 13:36	--------	d-----w-	c:\program files\DOSBox-0.72
2010-02-25 11:37 . 2009-11-23 15:16	--------	d-----w-	c:\program files\Common Files\Wise Installation Wizard
2010-02-25 11:37 . 2009-11-23 15:17	--------	d-----w-	c:\program files\AGEIA Technologies
2010-02-24 14:02 . 2010-02-03 06:50	--------	d-----w-	c:\program files\uTorrent
2010-02-14 20:40 . 2009-11-20 09:08	691696	----a-w-	c:\windows\system32\drivers\sptd.sys
2010-02-07 18:57 . 2009-11-20 09:45	--------	d-----w-	c:\documents and settings\\Application Data\Winamp
2010-02-07 18:48 . 2009-11-20 09:45	--------	d-----w-	c:\program files\Winamp
2010-02-05 13:44 . 2010-02-05 13:44	--------	d-----w-	c:\program files\Avira
2010-02-05 13:44 . 2010-02-05 13:44	--------	d-----w-	c:\documents and settings\All Users\Application Data\Avira
2010-02-05 13:27 . 2008-04-25 14:41	1597952	----a-w-	c:\windows\explorer.exe
2010-02-03 07:40 . 2008-04-15 12:00	14336	------w-	c:\windows\system32\svchost.exe
2010-02-03 06:43 . 2010-02-03 06:27	--------	d-----w-	c:\documents and settings\\Application Data\DC++
2010-02-03 06:27 . 2010-02-03 06:24	--------	d-----w-	c:\program files\DC++
2010-02-03 06:19 . 2010-02-02 18:48	--------	d-----w-	c:\program files\Download Master
2010-02-02 17:00 . 2010-02-02 17:00	--------	d-----w-	c:\documents and settings\\Application Data\Thunderbird
2010-02-02 16:47 . 2010-02-02 16:47	0	----a-w-	c:\windows\nsreg.dat
2010-01-27 13:35 . 2010-01-27 13:35	--------	d-----w-	c:\program files\7-Zip
2010-01-18 12:45 . 2010-01-18 12:45	--------	d-----w-	c:\program files\OpenAL
2010-01-18 12:45 . 2009-11-23 14:19	109080	----a-w-	c:\windows\system32\OpenAL32.dll
2010-01-18 12:45 . 2009-11-23 14:19	444952	----a-w-	c:\windows\system32\wrap_oal.dll
2010-01-07 21:08 . 2010-01-07 21:08	--------	d-----w-	c:\documents and settings\\Application Data\OpenOffice.org
2010-01-07 21:07 . 2010-01-07 21:07	--------	d-----w-	c:\program files\JRE
2010-01-07 21:07 . 2010-01-07 21:07	--------	d-----w-	c:\program files\OpenOffice.org 3
2010-01-07 21:07 . 2009-11-20 09:08	--------	d-----w-	c:\program files\Java
2009-12-31 16:50 . 2008-04-15 12:00	353792	----a-w-	c:\windows\system32\drivers\srv.sys
2009-12-21 19:08 . 2008-04-25 14:42	916480	------w-	c:\windows\system32\wininet.dll
2009-12-17 07:42 . 2009-11-20 09:00	345088	----a-w-	c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2008-04-15 12:00	33280	----a-w-	c:\windows\system32\csrsrv.dll
2009-12-09 10:11 . 2008-04-23 16:42	2147328	------w-	c:\windows\system32\ntoskrnl.exe
2009-12-09 10:11 . 2008-04-25 18:37	2025984	------w-	c:\windows\system32\ntkrnlpa.exe
2009-12-08 14:04 . 2009-12-08 14:04	316816	----a-w-	c:\windows\system32\appdrvrem01.exe
2009-12-08 14:04 . 2009-12-08 14:04	3033200	----a-w-	c:\windows\system32\drivers\appdrv01.sys
.

------- Sigcheck -------

[-] 2008-04-25 . E506465BFB0821DC33077E29FD184E31 . 691200 . . [5.82] . . c:\windows\system32\comctl32.dll

[-] 2008-04-25 . 371C41F777924F3EA3BFAD18C6A04502 . 584192 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll

[-] 2010-02-05 . A0F98BB46BEEAF2A94593FF9AB856A80 . 1597952 . . [6.00.2900.5512] . . c:\windows\explorer.exe

[-] 2008-04-25 . 1C079017E180FB9AB4B56AA8F896F708 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

[-] 2008-04-25 . 0CE07543B08FD1E209D99D504076102B . 17408 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
.
(((((((((((((((((((((((((((((   SnapShot_2010-03-07_12.35.01   )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-07 08:22 . 2009-12-09 10:11	2190976              c:\windows\system32\dllcache\ntoskrnl.exe
- 2010-03-07 08:22 . 2009-08-04 19:59	2190976              c:\windows\system32\dllcache\ntoskrnl.exe
+ 2010-03-07 08:22 . 2009-12-09 10:11	2025984              c:\windows\system32\dllcache\ntkrpamp.exe
- 2010-03-07 08:22 . 2009-08-04 17:29	2025984              c:\windows\system32\dllcache\ntkrpamp.exe
+ 2009-02-10 16:09 . 2009-12-09 10:11	2067840              c:\windows\system32\dllcache\ntkrnlpa.exe
- 2009-02-10 16:09 . 2009-08-04 17:29	2067840              c:\windows\system32\dllcache\ntkrnlpa.exe
- 2010-03-07 08:22 . 2009-08-04 17:29	2147328              c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2010-03-07 08:22 . 2009-12-09 10:11	2147328              c:\windows\system32\dllcache\ntkrnlmp.exe
- 2010-03-07 08:22 . 2009-08-04 19:59	2190976              c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2010-03-07 08:22 . 2009-12-09 10:11	2190976              c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2010-03-07 08:22 . 2009-08-04 17:29	2025984              c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2010-03-07 08:22 . 2009-12-09 10:11	2025984              c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2009-02-10 16:09 . 2009-08-04 17:29	2067840              c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2009-02-10 16:09 . 2009-12-09 10:11	2067840              c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2010-03-07 08:22 . 2009-08-04 17:29	2147328              c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2010-03-07 08:22 . 2009-12-09 10:11	2147328              c:\windows\Driver Cache\i386\ntkrnlmp.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VistaIcon"="c:\program files\VistaDriveIcon\VistaDrv.exe" [2008-03-23 132096]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-02-24 319280]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-25 17408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"RTHDCPL"="RTHDCPL.EXE" [2008-12-09 18063872]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-15 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-15 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-15 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-15 455168]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2010-01-12 3168216]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-25 17408]
"VistaIcon"="c:\program files\VistaDriveIcon\VistaDrv.exe" [2008-03-23 132096]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMHelp"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"UpdatesOverride"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

R1 appdrv01;Application Driver (01);c:\windows\system32\drivers\appdrv01.sys [08.12.2009 17:04 3033200]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [05.03.2010 16:53 233136]
R1 uze4mtyx;AVZ-RK Kernel Driver;c:\windows\system32\drivers\uze4mtyx.sys [06.03.2010 10:03 11264]
R2 AntiVirSchedulerService;Avira AntiVir ;c:\program files\Avira\AntiVir Desktop\sched.exe [05.02.2010 16:44 108289]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [05.03.2010 16:53 88040]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [05.03.2010 16:53 70664]
R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [05.03.2010 16:53 58816]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [05.03.2010 16:53 115216]
S2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc --> c:\windows\System32\appdrvrem01.exe svc [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [20.11.2009 12:08 691696]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yandex.ru/
IE: &  Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE:     Download Master - c:\program files\Download Master\dmieall.htm
IE:    Download Master - c:\program files\Download Master\dmie.htm
IE:     DM - c:\program files\Download Master\remdown.htm
IE: {{8DAE90AD-4583-4977-9DD4-4360F7A45C74} - c:\program files\Download Master\dmaster.exe
FF - ProfilePath - c:\documents and settings\\Application Data\Mozilla\Firefox\Profiles\6xfdtm3z.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ru/
FF - plugin: c:\install\Adobe Reader\Reader\browser\nppdf32.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdm.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency",   1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug",            false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight",       2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize",       1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight",   25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight",     5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-07 20:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1409082233-73586283-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ab,6c,29,b6,0f,a2,2c,42,8c,92,47,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ab,6c,29,b6,0f,a2,2c,42,8c,92,47,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1004)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\cscui.dll
c:\windows\system32\COMRes.dll

- - - - - - - > 'explorer.exe'(4656)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\WININET.dll
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\MSVCP60.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\PC Tools Firewall Plus\FWService.exe
c:\windows\RTHDCPL.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Completion time: 2010-03-07  20:03:22 - machine was rebooted
ComboFix-quarantined-files.txt  2010-03-07 17:02
ComboFix2.txt  2010-03-07 15:22

Pre-Run: 259963740160  
Post-Run: 259933937664  

- - End Of File - - 04D73B67E20196BC52A3736EACCAF3A5
