ComboFix 08-12-24.01 - iliya 2008-12-25 18:41:02.1 - NTFSx86
Microsoft Windows Vista Ultimate   6.0.6001.1.1251.1.1049.18.3582.2168 [GMT 2:00]
Running from: c:\users\iliya\Desktop\ComboFix.exe
 * Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\programdata\VistaLib32.dll

----- BITS: Possible infected sites -----

hxxp://bar.export.yandex.ru
.
(((((((((((((((((((((((((   Files Created from 2008-11-25 to 2008-12-25  )))))))))))))))))))))))))))))))
.

2008-12-25 17:37 . 2008-12-25 17:37	<DIR>	d--------	c:\users\All Users\Malwarebytes
2008-12-25 17:37 . 2008-12-25 17:37	<DIR>	d--------	c:\programdata\Malwarebytes
2008-12-25 17:37 . 2008-12-25 17:37	<DIR>	d--------	c:\program files\Malwarebytes' Anti-Malware
2008-12-25 17:37 . 2008-12-03 19:52	38,496	--a------	c:\windows\System32\drivers\mbamswissarmy.sys
2008-12-25 17:37 . 2008-12-03 19:52	15,504	--a------	c:\windows\System32\drivers\mbam.sys
2008-12-23 18:49 . 2008-12-23 18:57	<DIR>	d--------	C:\antivir
2008-12-23 18:47 . 2008-12-23 18:48	<DIR>	dr-------	c:\users\iliya\Searches
2008-12-23 17:00 . 2008-12-23 17:10	<DIR>	d--------	c:\users\iliya\DoctorWeb
2008-12-22 18:15 . 2008-12-23 20:52	39	--a------	c:\windows\vbaddin.ini
2008-12-22 18:14 . 2008-12-22 18:14	162	--a------	c:\windows\ODBC.INI
2008-12-22 17:52 . 2008-12-22 17:52	<DIR>	d--------	c:\program files\Microsoft Works
2008-12-22 17:51 . 2008-12-22 17:51	<DIR>	d--------	c:\windows\PCHEALTH
2008-12-22 17:51 . 2008-12-22 17:51	<DIR>	d--------	c:\program files\Microsoft.NET
2008-12-22 17:49 . 2008-12-22 17:49	<DIR>	d--------	c:\program files\Microsoft Visual Studio 8
2008-12-22 17:40 . 2008-12-22 17:40	<DIR>	dr-h-----	C:\MSOCache
2008-12-21 14:02 . 2008-05-10 05:35	885,248	--a------	c:\windows\System32\RacEngn.dll
2008-12-21 14:02 . 2008-05-10 00:22	9,127	--a------	c:\windows\System32\RacUR.xml
2008-12-21 14:02 . 2008-05-10 00:22	153	--a------	c:\windows\System32\RacUREx.xml
2008-12-20 19:00 . 2008-12-20 19:01	<DIR>	d--------	c:\users\iliya\AIMP2
2008-12-20 18:54 . 2008-09-03 05:59	468,992	--a------	c:\windows\System32\newdev.dll
2008-12-20 18:54 . 2008-09-03 05:58	74,752	--a------	c:\windows\System32\newdev.exe
2008-12-20 18:27 . 2008-03-16 18:02	193,832	--a------	c:\windows\System32\NeroBurnRights.cpl
2008-12-20 18:26 . 2008-12-20 18:26	<DIR>	d--------	c:\program files\Common Files\Nero
2008-12-20 18:26 . 2008-02-28 13:26	3,036,456	--a------	c:\windows\System32\BCGCBPRO860u80.dll
2008-12-20 18:26 . 2006-03-17 11:45	1,757,184	--a------	c:\windows\System32\imagX7.dll
2008-12-20 18:26 . 2006-03-17 11:45	802,816	--a------	c:\windows\System32\imagXRA7.dll
2008-12-20 18:26 . 2006-03-17 11:45	497,296	--a------	c:\windows\System32\imagXpr7.dll
2008-12-20 18:26 . 2006-03-17 14:49	368,640	--a------	c:\windows\System32\TwnLib4.dll
2008-12-20 18:26 . 2006-03-17 11:45	258,048	--a------	c:\windows\System32\imagXR7.dll
2008-12-20 18:26 . 2008-02-28 13:25	206,120	--a------	c:\windows\System32\BCGCBProResRUS.nls
2008-12-20 18:26 . 2008-02-28 13:26	33,576	--a------	c:\windows\System32\BCGPOleAcc.dll
2008-12-20 18:03 . 2008-10-02 03:32	1,383,424	--a------	c:\windows\System32\mshtml.tlb
2008-12-20 14:22 . 2008-12-20 14:22	<DIR>	d--------	c:\program files\Skype(41)
2008-12-19 16:32 . 2008-12-23 19:50	<DIR>	d--------	c:\program files\Auslogics
2008-12-14 18:23 . 2008-12-14 18:23	<DIR>	d--------	c:\program files\Gadwin Systems
2008-12-13 20:17 . 2007-07-20 01:55	233,888	--a------	c:\windows\System32\DreamScene.dll
2008-12-13 20:16 . 2008-07-12 08:18	3,851,784	--a------	c:\windows\System32\D3DX9_39.dll
2008-12-13 20:15 . 2008-12-13 20:15	<DIR>	d--------	c:\program files\BitLocker
2008-12-13 20:15 . 2007-02-22 04:26	1,171,848	--a------	c:\windows\System32\SecureKeyBackupCPL.dll
2008-12-13 20:15 . 2006-12-21 02:58	711	--a------	c:\windows\System32\CPSOKBTasks.xml
2008-12-13 20:13 . 2008-08-17 12:33	678,408	--a------	c:\windows\System32\gpprefcl.dll
2008-12-13 19:30 . 2008-12-13 19:30	<DIR>	d--------	c:\users\All Users\Activision
2008-12-13 19:30 . 2008-12-13 19:30	<DIR>	d--------	c:\programdata\Activision
2008-12-13 19:08 . 2008-12-13 19:08	<DIR>	d--------	c:\program files\Activision
2008-12-13 18:49 . 2008-12-13 18:49	<DIR>	d--------	c:\windows\System32\xlive
2008-12-13 18:49 . 2007-03-12 16:42	3,495,784	--a------	c:\windows\System32\d3dx9_33.dll
2008-12-13 18:49 . 2007-04-04 18:53	81,768	--a------	c:\windows\System32\xinput1_3.dll
2008-12-13 13:40 . 2008-12-13 13:40	0	--ah-----	c:\windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-12-13 13:38 . 2008-12-13 13:38	<DIR>	d--------	c:\users\iliya\winrar
2008-12-13 13:35 . 2008-12-13 13:35	<DIR>	d--------	c:\users\iliya\Radio
2008-12-13 12:10 . 2008-12-13 12:10	<DIR>	d--------	c:\program files\Rip Vinyl
2008-12-13 03:01 . 2008-12-13 03:01	<DIR>	d--------	c:\program files\MSXML 4.0
2008-12-12 23:19 . 2008-12-12 23:19	<DIR>	d--------	c:\program files\Common Files\snpstd3
2008-12-12 23:19 . 2007-10-12 16:43	270,336	--a------	c:\windows\tsnpstd3.exe
2008-12-12 23:19 . 2007-07-23 18:04	155,648	--a------	c:\windows\System32\rsnpstd3.dll
2008-12-12 23:19 . 2006-07-03 10:31	94,208	--a------	c:\windows\amcap.exe
2008-12-12 23:19 . 2005-11-23 13:55	53,248	--a------	c:\windows\csnpstd3.dll
2008-12-12 23:19 . 2007-07-11 16:09	20,480	--a------	c:\windows\FixCamera.exe
2008-12-12 23:15 . 2008-12-12 23:15	56	--ah-----	c:\users\All Users\ezsidmv.dat
2008-12-12 23:15 . 2008-12-12 23:15	56	--ah-----	c:\programdata\ezsidmv.dat
2008-12-12 23:13 . 2008-12-20 14:22	<DIR>	d--------	c:\users\All Users\Skype
2008-12-12 23:13 . 2008-12-20 14:22	<DIR>	d--------	c:\programdata\Skype
2008-12-12 23:13 . 2008-12-20 17:50	<DIR>	dr-------	c:\program files\Skype
2008-12-12 23:13 . 2008-12-20 17:50	<DIR>	d--------	c:\program files\Common Files\Skype
2008-12-12 20:49 . 2008-12-20 17:50	<DIR>	d--------	c:\program files\Yandex
2008-12-12 20:49 . 2008-12-12 20:49	<DIR>	d--------	c:\program files\Common Files\Yandex
2008-12-12 20:48 . 2008-12-12 20:49	<DIR>	d--------	c:\program files\DAEMON Tools Lite
2008-12-12 20:44 . 2008-12-12 20:44	717,296	--a------	c:\windows\System32\drivers\sptd.sys
2008-12-12 20:15 . 2006-10-26 19:56	32,592	--a------	c:\windows\System32\msonpmon.dll
2008-12-12 20:09 . 2008-12-24 06:36	<DIR>	d--------	c:\users\All Users\Microsoft Help
2008-12-12 20:09 . 2008-12-24 06:36	<DIR>	d--------	c:\programdata\Microsoft Help
2008-12-12 19:56 . 2008-12-20 18:27	<DIR>	d--------	c:\program files\Nero
2008-12-12 19:42 . 2008-12-12 19:42	<DIR>	d--------	c:\users\All Users\Real
2008-12-12 19:42 . 2008-12-12 19:42	<DIR>	d--------	c:\program files\K-Lite Codec Pack
2008-12-12 19:39 . 2008-12-12 19:40	<DIR>	d--------	c:\users\All Users\Adobe
2008-12-12 19:39 . 2008-12-12 19:39	<DIR>	d--------	c:\program files\Common Files\Adobe
2008-12-12 16:58 . 2008-12-12 16:58	<DIR>	d--------	c:\windows\System32\Macromed
2008-12-12 07:47 . 2008-12-11 21:53	<DIR>	d--------	c:\windows\Panther
2008-12-12 07:47 . 2008-12-12 07:47	<DIR>	d--hs----	C:\Boot
2008-12-12 07:47 . 2008-01-21 04:22	333,203	-rahs----	C:\bootmgr
2008-12-12 07:47 . 2008-04-14 18:51	171,136	-rahs----	C:\grldr
2008-12-12 07:47 . 2008-12-12 07:47	8,192	-ra-s----	C:\BOOTSECT.BAK
2008-12-12 07:03 . 2008-12-12 16:49	<DIR>	d--------	c:\program files\uTorrent
2008-12-11 23:47 . 2008-12-24 20:55	<DIR>	d--------	c:\users\All Users\Kaspersky Lab
2008-12-11 23:47 . 2008-12-24 20:55	<DIR>	d--------	c:\programdata\Kaspersky Lab
2008-12-11 23:47 . 2008-12-11 23:47	<DIR>	d--------	c:\program files\Kaspersky Lab
2008-12-11 23:47 . 2008-12-24 20:52	267,676,448	--ahs----	c:\windows\System32\drivers\fidbox.dat
2008-12-11 23:47 . 2008-12-24 20:52	1,416,464	--ahs----	c:\windows\System32\drivers\fidbox.idx
2008-12-11 23:47 . 2008-12-12 00:30	96,976	--a------	c:\windows\System32\drivers\klin.dat
2008-12-11 23:47 . 2008-12-12 00:30	87,855	--a------	c:\windows\System32\drivers\klick.dat
2008-12-11 23:10 . 2008-12-11 23:10	24,128	--a------	c:\windows\System32\emptyregdb.dat
2008-12-11 23:04 . 2008-12-11 23:04	<DIR>	d--------	c:\program files\stardock
2008-12-11 23:04 . 2008-12-11 23:04	<DIR>	d--------	c:\program files\paint.net
2008-12-11 23:04 . 2008-12-11 23:04	<DIR>	d--------	c:\program files\java
2008-12-11 23:00 . 2008-12-11 23:26	<DIR>	d--------	c:\users\All Users\Kaspersky Lab Setup Files
2008-12-11 23:00 . 2008-12-11 23:26	<DIR>	d--------	c:\programdata\Kaspersky Lab Setup Files
2008-12-11 22:37 . 2008-12-11 22:37	<DIR>	d--------	c:\users\All Users\ESET
2008-12-11 22:37 . 2008-12-11 22:37	<DIR>	d--------	c:\programdata\ESET
2008-12-11 22:37 . 2008-12-11 22:37	<DIR>	d--------	c:\program files\ESET
2008-12-11 22:29 . 2008-12-11 22:29	<DIR>	d--------	c:\users\All Users\ATI
2008-12-11 22:29 . 2008-12-11 22:29	<DIR>	d--------	c:\programdata\ATI
2008-12-11 22:24 . 2008-12-11 22:24	<DIR>	d--------	c:\program files\Common Files\ATI Technologies
2008-12-11 22:23 . 2007-06-15 03:28	3,107,788	--a------	c:\windows\System32\atiumdva.dat
2008-12-11 22:23 . 2007-06-15 03:52	344,064	--a------	c:\windows\System32\ATIDEMGX.dll
2008-12-11 22:23 . 2006-08-23 23:26	328,162	--a------	c:\windows\System32\drivers\ativcaxx.cpa
2008-12-11 22:23 . 2007-06-15 04:23	46,224	--a------	c:\windows\System32\drivers\ativvpxx.vp
2008-12-11 22:23 . 2007-05-03 19:52	11,557	--a------	c:\windows\atiogl.xml
2008-12-11 22:23 . 2007-03-22 15:56	2,096	--a------	c:\windows\System32\drivers\ativpkxx.vp
2008-12-11 22:23 . 2007-04-18 14:19	2,096	--a------	c:\windows\System32\drivers\ativokxx.vp
2008-12-11 22:23 . 2007-04-18 14:19	2,096	--a------	c:\windows\System32\drivers\ativdkxx.vp
2008-12-11 22:23 . 2006-08-23 23:26	929	--a------	c:\windows\System32\drivers\ativcaxx.vp
2008-12-11 22:21 . 2008-12-24 06:36	<DIR>	d--hs----	c:\windows\Installer
2008-12-11 22:20 . 2008-12-11 22:24	<DIR>	d--------	c:\program files\ATI Technologies
2008-12-11 22:20 . 2008-12-11 22:20	<DIR>	d--------	c:\program files\ATI
2008-12-11 22:17 . 2008-12-11 22:17	<DIR>	d--------	c:\windows\System32\RTCOM
2008-12-11 22:17 . 2008-12-11 22:17	<DIR>	d--------	c:\program files\Realtek
2008-12-11 22:17 . 2008-12-13 19:22	<DIR>	d--h-----	c:\program files\InstallShield Installation Information
2008-12-11 22:16 . 2008-12-11 22:16	<DIR>	d--------	c:\program files\Common Files\InstallShield
2008-12-11 22:16 . 2007-07-26 11:09	520,192	-r-------	c:\windows\RtlExUpd.dll
2008-12-11 22:16 . 2008-12-11 22:16	315,392	--a------	c:\windows\HideWin.exe
2008-12-11 22:15 . 2008-12-11 22:15	<DIR>	d--------	c:\program files\Intel
2008-12-11 22:15 . 2008-12-11 22:15	<DIR>	d--------	C:\Intel
2008-12-11 22:15 . 2007-07-26 16:15	53,248	--a------	c:\windows\System32\CSVer.dll
2008-12-11 22:14 . 2008-06-26 03:45	12,240,896	--a------	c:\windows\System32\NlsLexicons0007.dll
2008-12-11 22:14 . 2008-06-26 03:45	2,644,480	--a------	c:\windows\System32\NlsLexicons0009.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-22 15:52	---------	d-----w	c:\program files\MSBuild
2008-12-20 15:50	---------	d-----w	c:\program files\Windows Journal
2008-12-20 15:50	---------	d-----w	c:\program files\Windows Collaboration
2008-12-13 18:16	---------	d-----w	c:\program files\Microsoft Games
2008-12-11 22:30	112,144	----a-w	c:\windows\system32\drivers\kl1.sys
2008-12-11 20:25	---------	d-----w	c:\program files\Windows Mail
2008-12-11 20:17	319,456	----a-w	c:\windows\DIFxAPI.dll
2008-12-11 19:58	---------	d-sh--w	c:\programdata\
2008-12-11 19:58	---------	d-sh--w	c:\programdata\ 
2008-12-11 19:58	---------	d-sh--w	c:\programdata\ 
2008-12-11 19:58	---------	d-sh--w	c:\programdata\
2008-12-11 19:58	---------	d-sh--w	c:\programdata\
2008-11-01 03:44	541,696	----a-w	c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44	52,736	----a-w	c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44	460,288	----a-w	c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44	28,672	----a-w	c:\windows\System32\Apphlpdm.dll
2008-11-01 03:44	2,154,496	----a-w	c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44	173,056	----a-w	c:\windows\AppPatch\AcXtrnal.dll
2008-11-01 01:21	4,240,384	----a-w	c:\windows\System32\GameUXLegacyGDFs.dll
2008-10-22 03:57	241,152	----a-w	c:\windows\System32\PortableDeviceApi.dll
2008-10-22 01:22	2,048	----a-w	c:\windows\System32\tzres.dll
2008-10-21 05:25	296,960	----a-w	c:\windows\System32\gdi32.dll
2008-09-30 14:43	1,286,152	----a-w	c:\windows\System32\msxml4.dll
2008-01-21 02:41	174	--sha-w	c:\program files\desktop.ini
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{91397D20-1446-11D4-8AF4-0040CA1127B6}"= "c:\program files\Yandex\YandexBarIE\yndbar.dll" [2008-10-16 1578248]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{91397D20-1446-11D4-8AF4-0040CA1127B6}"= "c:\program files\Yandex\YandexBarIE\yndbar.dll" [2008-10-16 1578248]

[HKEY_CLASSES_ROOT\clsid\{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOT\Yandex.Toolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOT\Yandex.Toolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2008-12-12 270128]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-12-08 26499880]
"Auslogics BoostSpeed 4"="c:\program files\Auslogics\AusLogics BoostSpeed\boostspeed.exe" [2008-03-07 250368]
"Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2008-12-09 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-19 c:\windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-08-03 c:\windows\SkyTel.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1.0\r3hook.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
--a------ 2008-02-08 18:36 227856 c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-07-24 17:02 490952 c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera]
--a------ 2007-07-11 16:09 20480 c:\windows\FixCamera.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadwin PrintScreen]
--a------ 2008-12-09 13:08 495616 c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 07:00 33648 c:\program files\microsoft office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]
--a------ 2007-05-10 13:18 835584 c:\windows\vsnpstd3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnpstd3]
--a------ 2007-10-12 16:43 270336 c:\windows\tsnpstd3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2008-01-21 04:23 202240 c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yupdate!]
--a------ 2008-10-20 13:38 479496 c:\program files\Common Files\Yandex\Yupdate\yupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{F23EFF3A-3489-46EE-97FD-DEF07131B47D}c:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 7.0.1.321\\russian\\setup.exe"= UDP:c:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.321\russian\setup.exe:    7.0
"UDP Query User{C28F370B-B52D-4818-8119-23DF0652DB8A}c:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 7.0.1.321\\russian\\setup.exe"= TCP:c:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.321\russian\setup.exe:    7.0
"{530848BA-03A9-44D9-BF24-8A65428DD882}"= UDP:c:\program files\uTorrent\uTorrent.exe:Torrent (TCP-In)
"{875558C8-93EE-4081-9CAC-CD343FE4313E}"= TCP:c:\program files\uTorrent\uTorrent.exe:Torrent (UDP-In)
"TCP Query User{E4D00D46-66F8-4C16-ACFB-EB181997CA98}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{D4773FA3-644D-4CB0-825A-53E02EF24B7A}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{2A169B8F-CCEC-4856-9883-89775DB421AF}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{8E0797A5-395A-4550-8C43-A2AE9A6BC813}"= UDP:c:\program files\Activision\ (TM)\JB_LiveEngine_s.exe: 
"{5F5D378A-64AC-4866-9221-D52590F7FE26}"= TCP:c:\program files\Activision\ (TM)\JB_LiveEngine_s.exe: 
"{88AB14F1-3B35-4708-8CB5-97AE5DAF4C61}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{BA8BC229-729B-4567-A329-57DA7A8189B4}"= UDP:c:\program files\microsoft office\Office12\GROOVE.EXE:Microsoft Office Groove
"{40EE9A96-54DE-44CB-9AE5-A4E59BBAF743}"= TCP:c:\program files\microsoft office\Office12\GROOVE.EXE:Microsoft Office Groove
"{058A1DB9-4E4D-4777-86A8-C3798E50750A}"= UDP:c:\program files\microsoft office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{76E51106-0BC9-4C7C-907A-21EDBE94865E}"= TCP:c:\program files\microsoft office\Office12\ONENOTE.EXE:Microsoft Office OneNote

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2007-10-16 20496]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{163259df-c87d-11dd-a380-001d7dd04738}]
\shell\AutoRun\command - H:\SETUP.EXE
\shell\configure\command - H:\SETUP.EXE
\shell\install\command - H:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b6a0badd-c7bc-11dd-8821-806e6f6e6963}]
\shell\AutoRun\command - G:\SETUP.EXE

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
%SystemRoot%\system32\soundschemes2.exe /AddRegistration
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yandex.ru/?clid=41128
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\iliya\AppData\Roaming\Mozilla\Firefox\Profiles\1blqr35t.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yandex.ru/?clid=41128
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-25 18:43:12
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(868)
c:\progra~1\KASPER~1\KASPER~1.0\r3hook.dll

- - - - - - - > 'lsass.exe'(744)
c:\progra~1\KASPER~1\KASPER~1.0\r3hook.dll
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll
.
Completion time: 2008-12-25 18:44:46
ComboFix-quarantined-files.txt  2008-12-25 16:44:44

Pre-Run: 41148088320  
Post-Run: 41,114,701,824  

285	--- E O F ---	2008-12-24 04:36:13
