ComboFix 08-12-14.03 -  2008-12-15  0:27:56.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1251.1.1049.18.2046.1414 [GMT 2:00]
Running from: c:\documents and settings\\ \ComboFix.exe
Command switches used :: c:\documents and settings\\ \WindowsXP-KB310994-SP2-Pro-BootDisk-RUS.exe
 * Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\\Application Data\inst.exe
c:\windows\system32\drivers\atmapi.sys

.
(((((((((((((((((((((((((   Files Created from 2008-11-14 to 2008-12-14  )))))))))))))))))))))))))))))))
.

2008-12-14 22:39 . 2008-12-14 22:39	<DIR>	d----c---	c:\program files\Malwarebytes' Anti-Malware
2008-12-14 22:39 . 2008-12-14 22:39	<DIR>	d----c---	c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-14 22:39 . 2008-12-14 22:39	<DIR>	d----c---	c:\documents and settings\\Application Data\Malwarebytes
2008-12-14 22:39 . 2008-12-14 22:38	410,984	--a--c---	c:\windows\system32\deploytk.dll
2008-12-14 22:39 . 2008-12-03 19:52	38,496	--a--c---	c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-14 22:39 . 2008-12-03 19:52	15,504	--a--c---	c:\windows\system32\drivers\mbam.sys
2008-12-13 13:06 . 2008-12-13 13:06	664	--a--c---	c:\windows\system32\d3d9caps.dat
2008-12-12 20:34 . 2008-04-15 14:00	33,280	--a--c---	c:\windows\system32\rundll32.exe
2008-12-12 16:26 . 2008-12-14 23:32	<DIR>	dr-h-c---	c:\documents and settings\\Recent
2008-12-12 16:26 . 2008-12-14 23:32	<DIR>	dr-h-c---	c:\documents and settings\\Recent
2008-12-12 14:32 . 2008-04-15 14:00	26,624	--a--c---	c:\windows\system32\rundll32 advpack.dll,launchinfsectionex ie7int.inf,afteruserstart,,4,n
2008-12-12 14:32 . 2008-04-15 14:00	26,624	--a--c---	c:\windows\system32\{22bf413b-c6d2-4d91-82a9-a0f997ba588c}
2008-12-12 07:55 . 2008-12-12 07:55	579,072	--a--c---	c:\windows\system32\dllcache\user32.dll
2008-12-12 07:55 . 2008-12-12 07:55	65,024	--a--c---	c:\windows\system32\r33.es
2008-12-12 07:55 . 2008-12-12 07:55	64,512	--a--c---	c:\windows\system32\eop.e
2008-12-12 07:55 . 2008-12-12 07:55	32,768	--a--c---	c:\windows\system32\zed.pa
2008-12-12 07:55 . 2008-12-12 07:55	32,768	--a--c---	c:\windows\system32\kj.je
2008-12-12 07:55 . 2008-12-12 07:55	21,504	--a--c---	c:\windows\system32\v1.e2
2008-12-10 08:10 . 2008-12-10 08:10	<DIR>	d----c---	c:\program files\Hanami
2008-12-09 23:03 . 2008-12-09 23:03	<DIR>	d----c---	c:\program files\CursorXP
2008-12-09 22:58 . 2008-12-09 22:58	<DIR>	d----c---	c:\program files\Snow for Windows
2008-12-09 22:58 . 1999-12-17 10:13	86,016	--a--c---	c:\windows\unvise32.exe
2008-12-09 15:05 . 2008-12-09 15:10	<DIR>	d----c---	c:\program files\QIP Infium
2008-12-08 15:37 . 2008-12-08 15:38	<DIR>	d----c---	c:\program files\YouTube FLV to AVI converter Pro
2008-12-08 15:35 . 2008-12-08 17:50	237,568	--a--c---	c:\windows\system32\rmc_rtspdl.dll
2008-12-08 15:35 . 2008-12-08 17:50	156,672	--a--c---	c:\windows\system32\rmc_fixasf.exe
2008-12-08 15:33 . 2008-12-08 17:50	323,584	--a--c---	c:\windows\system32\AUDIOGENIE2.DLL
2008-12-08 15:31 . 2008-12-08 15:31	<DIR>	d----c---	c:\windows\Replay Media Catcher
2008-12-08 15:31 . 2008-12-08 17:57	<DIR>	d----c---	c:\program files\Replay Media Catcher
2008-12-07 15:25 . 2008-12-07 15:25	<DIR>	d----c---	c:\documents and settings\All Users\Application Data\USBSRService
2008-12-06 17:06 . 2008-12-06 17:06	<DIR>	d--h-c---	c:\windows\PIF
2008-12-06 15:13 . 2008-12-06 15:13	<DIR>	d----c---	c:\program files\CPU-Control
2008-12-06 15:13 . 2008-12-07 17:36	<DIR>	d----c---	c:\documents and settings\\Application Data\CPUControl
2008-12-05 19:00 . 2008-12-13 13:08	54,156	--ah-c---	c:\windows\QTFont.qfn
2008-12-05 19:00 . 2008-12-05 19:00	1,409	--a--c---	c:\windows\QTFont.for
2008-12-05 18:00 . 2008-12-05 18:26	<DIR>	d----c---	c:\program files\DAEMON Tools Pro
2008-12-05 08:48 . 2008-12-05 18:28	107,888	--a--c---	c:\windows\system32\CmdLineExt.dll
2008-12-05 07:56 . 2008-12-05 07:56	<DIR>	d----c---	c:\program files\Rockstar Games
2008-12-03 13:03 . 2008-12-03 13:03	<DIR>	d----c---	c:\program files\Punto Switcher
2008-12-01 14:01 . 2008-12-01 14:01	<DIR>	d----c---	c:\documents and settings\\DoctorWeb
2008-12-01 14:01 . 2008-12-01 14:01	<DIR>	d----c---	c:\documents and settings\\DoctorWeb
2008-12-01 06:43 . 2008-12-01 06:43	<DIR>	d----c---	c:\program files\MSBuild
2008-12-01 06:41 . 2008-12-01 06:41	<DIR>	d----c---	c:\windows\system32\XPSViewer
2008-12-01 06:41 . 2008-12-01 06:41	<DIR>	d----c---	c:\program files\Reference Assemblies
2008-12-01 06:40 . 2006-06-29 13:07	14,048	-----c---	c:\windows\system32\spmsg2.dll
2008-11-28 20:25 . 2008-11-28 20:25	<DIR>	d----c---	c:\documents and settings\\Application Data\Trident Software
2008-11-28 15:48 . 2008-11-28 15:48	<DIR>	d----c---	c:\documents and settings\2\Application Data\YarmapUK
2008-11-25 19:58 . 2008-11-25 19:58	<DIR>	d----c---	c:\windows\naevius_yt_1
2008-11-25 19:58 . 2008-11-25 20:04	<DIR>	d----c---	c:\program files\Naevius YouTube Converter
2008-11-24 07:41 . 2008-11-24 07:41	<DIR>	d----c---	c:\program files\Steinberg
2008-11-23 22:23 . 2008-12-13 01:36	14	--a--c---	c:\windows\popcinfo.dat
2008-11-16 21:07 . 2008-11-16 21:07	<DIR>	d----c---	c:\windows\system32\AGEIA
2008-11-16 21:07 . 2008-11-16 21:07	<DIR>	d----c---	c:\program files\AGEIA Technologies
2008-11-16 21:06 . 2008-10-07 13:33	201,157	--a--c---	c:\windows\system32\nvapps.nvb
2008-11-16 05:27 . 2008-10-10 04:52	4,379,984	--a--c---	c:\windows\system32\D3DX9_40.dll
2008-11-16 05:27 . 2008-10-10 04:52	2,036,576	--a--c---	c:\windows\system32\D3DCompiler_40.dll
2008-11-16 05:27 . 2008-10-27 10:04	514,384	--a--c---	c:\windows\system32\XAudio2_3.dll
2008-11-16 05:27 . 2008-10-10 04:52	452,440	--a--c---	c:\windows\system32\d3dx10_40.dll
2008-11-16 05:27 . 2008-10-27 10:04	235,856	--a--c---	c:\windows\system32\xactengine3_3.dll
2008-11-16 05:27 . 2008-10-27 10:04	70,992	--a--c---	c:\windows\system32\XAPOFX1_2.dll
2008-11-16 05:27 . 2008-10-27 10:04	23,376	--a--c---	c:\windows\system32\X3DAudio1_5.dll
2008-11-14 15:30 . 2008-11-14 15:30	<DIR>	d----c---	c:\documents and settings\All Users\Application Data\Fugazo
2008-11-14 14:00 . 2008-11-14 14:00	<DIR>	d----c---	c:\documents and settings\2\Application Data\My Games

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-14 22:29	944,160	-csha-w	c:\windows\system32\drivers\fidbox2.dat
2008-12-14 22:29	33,428,000	-csha-w	c:\windows\system32\drivers\fidbox.dat
2008-12-14 20:38	---------	dc--a-w	c:\program files\Java
2008-12-14 19:19	---------	dc----w	c:\documents and settings\\Application Data\uTorrent
2008-12-14 18:14	---------	dc----w	c:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-12-14 17:51	97,448	-csha-w	c:\windows\system32\drivers\fidbox2.idx
2008-12-14 17:51	472,796	-csha-w	c:\windows\system32\drivers\fidbox.idx
2008-12-12 19:17	---------	dc----w	c:\program files\Common Files\Wise Installation Wizard
2008-12-12 16:41	---------	dc--a-w	c:\documents and settings\All Users\Application Data\TEMP
2008-12-12 12:52	579,072	----a-w	c:\windows\system32\user32.DLL
2008-12-12 06:02	---------	dc--a-w	c:\program files\VistaDriveIcon
2008-12-10 15:19	---------	dc----w	c:\documents and settings\2\Application Data\dvdcss
2008-12-09 17:42	---------	dc----w	c:\program files\QIP
2008-12-09 12:44	---------	dc----w	c:\documents and settings\\Application Data\dvdcss
2008-12-06 09:35	---------	dc----w	c:\documents and settings\2\Application Data\uTorrent
2008-12-05 06:02	---------	dc-h--w	c:\program files\InstallShield Installation Information
2008-11-29 17:24	---------	dc----w	c:\program files\Eastegger
2008-11-29 14:16	---------	dc----w	c:\program files\SUPER
2008-11-25 21:23	---------	dc----w	c:\program files\The KMPlayer
2008-11-23 13:20	---------	dc----w	c:\program files\  NevoSoft
2008-11-21 05:08	---------	dc----w	c:\program files\VLC
2008-11-16 03:35	---------	dc----w	c:\program files\CCleaner
2008-11-10 16:18	---------	dc----w	c:\program files\Alawar.ru
2008-11-05 16:54	---------	dc----w	c:\program files\Opera
2008-11-03 17:56	---------	dc--a-w	c:\program files\Common Files\InstallShield
2008-11-03 17:29	---------	dc----w	c:\program files\Trident Software
2008-11-03 17:29	---------	dc----w	c:\documents and settings\2\Application Data\Trident Software
2008-11-01 15:04	---------	dc----w	c:\documents and settings\\Application Data\Skype
2008-11-01 14:53	---------	dc----w	c:\program files\Skype
2008-11-01 14:53	---------	dc----w	c:\program files\Common Files\Skype
2008-11-01 14:53	---------	dc----w	c:\documents and settings\All Users\Application Data\Skype
2008-10-29 17:40	---------	dc----w	c:\documents and settings\\Application Data\teamspeak2
2008-10-28 15:41	14,303,392	-c--a-w	c:\windows\system32\xlive.dll
2008-10-28 15:41	13,643,936	-c--a-w	c:\windows\system32\xlivefnt.dll
2008-10-28 14:44	---------	dc----w	c:\program files\DAEMON Tools Lite
2008-10-26 16:03	---------	dc----w	c:\documents and settings\\Application Data\vlc
2008-10-25 08:49	---------	dc----w	c:\program files\K-Lite Codec Pack
2008-10-25 08:47	98,304	-c--a-w	c:\windows\system32\qttask.exe
2008-10-25 08:46	---------	dc----w	c:\program files\ACE Mega CoDecS Pack
2008-10-24 18:07	---------	dc--a-w	c:\program files\Analog Devices
2008-10-24 14:31	9,216	-c--a-w	c:\windows\system32\drivers\FStarForce.sys
2008-10-20 08:44	---------	dc----w	c:\documents and settings\\Application Data\AccurateRip
2008-10-20 08:43	---------	dc----w	c:\program files\Exact Audio Copy
2008-10-18 14:55	---------	dc----w	c:\documents and settings\2\Application Data\URSoft
2008-10-18 07:23	---------	dc----w	c:\program files\WinTuning XP
2008-10-15 03:31	---------	dc----w	c:\program files\Ashampoo Photo Optimizer 2
2008-10-02 08:07	453,152	-c--a-w	c:\windows\system32\nvuninst.exe
2008-09-27 11:52	306,432	-c--a-w	c:\windows\system32\TuneUpDefragService.exe
2008-09-16 00:14	3,596,288	-c--a-w	c:\windows\system32\qt-dx331.dll
2008-09-16 00:12	81,920	-c--a-w	c:\windows\system32\dpl100.dll
2008-09-16 00:11	683,520	-c--a-w	c:\windows\system32\divx.dll
2008-05-24 13:33	47,360	-c--a-w	c:\documents and settings\\Application Data\pcouffin.sys
2006-05-03 09:06	163,328	-csh--r	c:\windows\system32\flvDX.dll
2007-02-21 10:47	31,232	-csh--r	c:\windows\system32\msfDX.dll
2008-03-16 12:30	216,064	-csh--r	c:\windows\system32\nbDX.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-08-19 30208]
"VistaIcon"="c:\program files\VistaDriveIcon\VistaDrv.exe" [2008-04-15 26624]
"Punto Switcher"="c:\program files\Punto Switcher\punto.exe" [2008-10-16 735016]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"Tweak UI"="TWEAKUI.CPL" [2003-03-25 c:\windows\system32\tweakui.cpl]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2008-12-03 399504]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-08-19 30208]
"VistaIcon"="c:\program files\VistaDriveIcon\VistaDrv.exe" [2008-04-15 26624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IE7_011"="shell32" [X]
"ZZZZ2_FirstLogonSetting"="advpack.dll" [2008-08-19 c:\windows\system32\advpack.dll]
"IE7_012"="advpack.dll" [2008-08-19 c:\windows\system32\advpack.dll]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"DisableCurrentUserRun"= 0 (0x0)
"DisableCurrentUserRunOnce"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
"MaxRecentDocs"= 20 (0x14)
"NoCommonGroups"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
"NoViewOnDrive"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.iac2"= c:\progra~1\ACEMEG~1\SystemS\Intel\iac25_32.ax
"vidc.hfyu"= huffyuv.dll
"msacm.sl_anet"= c:\progra~1\ACEMEG~1\SystemS\sl_anet.acm
"msacm.divxa32"= divxa32.acm
"vidc.iyuv"= c:\progra~1\ACEMEG~1\SystemS\Intel\iyuv_32.dll
"vidc.yvu9"= c:\progra~1\ACEMEG~1\SystemS\Intel\Iyvu9_32.dll
"vidc.i420"= i420vfw.dll
"vidc.uyvy"= c:\progra~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
"vidc.yuy2"= c:\progra~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
"vidc.yvyu"= c:\progra~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
"msacm.msaudio1"= c:\progra~1\ACEMEG~1\SystemS\MICROS~1\msaud32.acm
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UpdatesOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

R3 FStarForce;FStarForce;c:\windows\system32\DRIVERS\FStarForce.sys [2008-10-28 9216]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2007-12-13 24592]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp

*Newly Created Service* - JAVAQUICKSTARTERSERVICE
*Newly Created Service* - PROCEXP90
*Newly Created Service* - WMIAPSRV
.
Contents of the 'Scheduled Tasks' folder

2008-12-12 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\ [2008-09-27 13:42]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-nwiz - nwiz.exe


.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.punksoftware.com/download?project=RocketDock&ver=1.3.5
IE: &  Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
.
.
------- File Associations -------
.
inifile="c:\windows\system32\notepad.exe" "%1"
txtfile="c:\windows\system32\notepad.exe" "%1"
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-15 00:29:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1024)
c:\windows\system32\SETUPAPI.dll
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
c:\windows\system32\klogon.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(1096)
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll
c:\windows\system32\setupapi.dll
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll
.
Completion time: 2008-12-15  0:29:41
ComboFix-quarantined-files.txt  2008-12-14 22:29:39

Pre-Run: 13489913856  
Post-Run: 13,496,262,656  

WindowsXP-KB310994-SP2-Pro-BootDisk-RUS.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional RU" /execute /fastdetect

259
