ComboFix 09-05-29.01 -  30.05.2009 23:37.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1251.7.1049.18.1535.1180 [GMT 11:00]
Running from: c:\documents and settings\\ \ComboFix.exe
Command switches used :: c:\documents and settings\\ \WindowsXP-KB310994-SP2-Pro-BootDisk-RUS.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
 * Resident AV is active

.

(((((((((((((((((((((((((   Files Created from 2009-04-28 to 2009-05-30  )))))))))))))))))))))))))))))))
.

2009-05-30 11:02 . 2009-05-30 11:02	3371383	----a-w	c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-30 10:57 . 2009-05-30 10:57	--------	d-----w	c:\documents and settings\\Application Data\Malwarebytes
2009-05-30 10:57 . 2009-05-26 02:19	19096	----a-w	c:\windows\system32\drivers\mbam.sys
2009-05-30 10:57 . 2009-05-26 02:20	40160	----a-w	c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-30 10:57 . 2009-05-30 10:57	--------	d-----w	c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-30 10:44 . 2009-05-30 10:44	410984	----a-w	c:\windows\system32\deploytk.dll
2009-05-26 21:15 . 2009-05-26 21:15	30720	----a-w	c:\windows\system32\drivers\okojcc.sys
2009-05-26 21:15 . 2009-05-26 21:15	--------	d-----w	c:\documents and settings\\Application Data\Online Solutions
2009-05-22 15:05 . 2009-05-30 12:39	4706336	--sha-w	c:\windows\system32\drivers\fidbox.dat
2009-05-09 12:44 . 2009-05-09 12:44	--------	d-----w	c:\documents and settings\\Local Settings\Application Data\Help
2009-05-01 14:25 . 2009-05-15 14:31	--------	d-----w	c:\windows\system32\NtmsData
2009-05-01 14:22 . 2009-05-01 14:22	--------	d--h--w	c:\windows\system32\GroupPolicy

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-30 12:19 . 2008-12-07 17:50	--------	d-----w	c:\documents and settings\\Application Data\uTorrent
2009-05-30 10:44 . 2008-12-07 15:51	--------	d-----w	c:\program files\Java
2009-05-30 00:01 . 2009-05-22 15:05	3491216	--sha-w	c:\windows\system32\drivers\fidbox.idx
2009-05-01 17:08 . 2004-08-18 12:00	476178	----a-w	c:\windows\system32\perfh019.dat
2009-05-01 17:08 . 2004-08-18 12:00	80032	----a-w	c:\windows\system32\perfc019.dat
2009-04-18 15:46 . 2008-12-09 11:52	--------	d-----w	c:\program files\Common Files\InstallShield
2009-04-18 15:45 . 2008-12-09 11:52	--------	d--h--w	c:\program files\InstallShield Installation Information
.

------- Sigcheck -------

[-] 2006-12-18 15:12	360576	BB4D3A8E6F7EB1D370BC4AD27AB23368	c:\windows\system32\drivers\tcpip.sys

[-] 2007-01-04 13:10	1548288	F21BB58941C128665E49B7A1C6E95DF7	c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-18 15360]
"Torrent"="d:\program files\uTorrent [tfile.ru]\utorrent.exe" [2007-05-08 20:57 177152]
"Download Master"="d:\program files\Download Master\dmaster.exe" [2009-03-19 3776512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="d:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 1443072]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuEjectPC"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)
"NoStrCmpLogical"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecycleFiles"= 0 (0x0)
"NoWelcomeScreen"= 0 (0x0)
"NoStartMenuEjectPC"= 0 (0x0)
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoStrCmpLogical"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\uTorrent [tfile.ru]\\utorrent.exe"=
"d:\\Program Files\\FlylinkDC-r363-bin\\compiled\\FlylinkDC.exe"=
"d:\\Program Files\\opera9.5\\opera.exe"=
"d:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Java\\jre1.5.0_10\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=

R0 okojcc;okojcc;c:\windows\system32\drivers\okojcc.sys [27.05.2009 8:15 30720]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14.03.2008 0:52 33800]
R1 is-83JRKdrv;is-83JRKdrv;c:\windows\system32\drivers\[u]0[/u]2597275.sys [10.03.2009 15:45 148496]
R2 ekrn;Eset Service;d:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [13.03.2008 16:49 472320]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [09.12.2008 3:44 2368]
S1 vde5ote2;AVZ-BC Kernel Driver;\??\c:\windows\system32\Drivers\vde5ote2.sys --> c:\windows\system32\Drivers\vde5ote2.sys [?]
S3 mirrorv3;mirrorv3;c:\windows\system32\drivers\rminiv3.sys [01.11.2006 14:01 3328]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
IE: &  Microsoft Excel - d:\progra~1\office\Office12\EXCEL.EXE/3000
IE:     Download Master - d:\program files\Download Master\dmieall.htm
IE:    Download Master - d:\program files\Download Master\dmie.htm
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-30 23:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1948)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-05-30 23:41
ComboFix-quarantined-files.txt  2009-05-30 12:41
ComboFix2.txt  2009-05-30 12:33

Pre-Run: 2464509952  
Post-Run: 2452987904  

WindowsXP-KB310994-SP2-Pro-BootDisk-RUS.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional RU" /noexecute=optin /fastdetect

118
