ComboFix 10-09-15.01 - Admin 16.09.2010  14:28:40.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1251.7.1049.18.2046.1667 [GMT 4:00]
Running from: c:\documents and settings\Admin\ \ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\Delete.bat
c:\windows\system32\.scr

----- BITS: Possible infected sites -----

hxxp://soft.export.yandex.ru
.
(((((((((((((((((((((((((   Files Created from 2010-08-16 to 2010-09-16  )))))))))))))))))))))))))))))))
.

2010-09-16 09:57 . 2006-06-29 09:07	14048	------w-	c:\windows\system32\spmsg2.dll
2010-09-16 09:54 . 2010-09-16 09:54	85416	----a-w-	c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-09-16 09:53 . 2010-09-16 09:56	--------	d-----w-	c:\windows\system32\XPSViewer
2010-09-16 09:53 . 2010-09-16 09:53	--------	d-----w-	c:\program files\MSBuild
2010-09-16 09:53 . 2010-09-16 09:53	--------	d-----w-	c:\program files\Reference Assemblies
2010-09-16 09:52 . 2008-07-06 12:06	89088	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-09-16 09:52 . 2007-11-30 11:18	26488	----a-w-	c:\windows\system32\spupdsvc.exe
2010-09-16 09:52 . 2008-07-06 12:06	89088	-c----w-	c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-09-16 09:52 . 2008-07-06 12:06	117760	------w-	c:\windows\system32\prntvpt.dll
2010-09-16 09:52 . 2008-07-06 12:06	575488	-c----w-	c:\windows\system32\dllcache\xpsshhdr.dll
2010-09-16 09:52 . 2008-07-06 12:06	575488	------w-	c:\windows\system32\xpsshhdr.dll
2010-09-16 09:52 . 2008-07-06 12:06	1676288	-c----w-	c:\windows\system32\dllcache\xpssvcs.dll
2010-09-16 09:52 . 2008-07-06 12:06	1676288	------w-	c:\windows\system32\xpssvcs.dll
2010-09-16 09:52 . 2008-07-06 10:50	597504	-c----w-	c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-09-16 09:52 . 2008-07-06 10:50	597504	------w-	c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-09-16 07:47 . 2010-09-16 07:47	--------	d-----w-	c:\program files\Common Files\14bdaa96
2010-09-16 07:38 . 2010-09-16 07:38	932368	----a-w-	c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll
2010-09-16 07:38 . 2010-09-16 07:38	678416	----a-w-	c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll
2010-09-16 07:38 . 2010-09-16 07:38	604688	----a-w-	c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll
2010-09-16 07:38 . 2010-09-16 07:38	1096208	----a-w-	c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll
2010-09-16 07:38 . 2010-09-16 07:38	522768	----a-w-	c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll
2010-09-16 07:37 . 2010-09-16 07:37	166416	----a-w-	c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\prloader.dll
2010-09-16 06:48 . 2010-09-16 10:57	--------	d-----w-	c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-09-16 06:48 . 2010-09-16 06:48	--------	d-----w-	c:\program files\Kaspersky Lab
2010-09-16 06:43 . 2010-09-16 06:43	--------	d-----w-	c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-09-16 06:36 . 2010-09-16 06:36	--------	d-----w-	c:\documents and settings\Admin\Local Settings\Application Data\Opera
2010-09-16 06:35 . 2010-09-16 06:35	147968	----a-w-	c:\windows\system32\mzjaqk.exe
2010-09-16 04:20 . 2010-09-16 04:20	--------	d--h--w-	c:\windows\PIF
2010-09-16 04:09 . 2010-09-16 04:09	38400	----a-w-	c:\windows\system32\mxsweabl.dll
2010-09-16 04:03 . 2010-09-16 04:04	--------	d-----w-	c:\program files\Microsoft Works
2010-09-16 04:02 . 2010-09-16 04:02	--------	d-----w-	c:\program files\Microsoft.NET
2010-09-16 04:01 . 2010-09-16 04:01	--------	d-----w-	c:\windows\SHELLNEW
2010-09-16 04:01 . 2010-09-16 04:01	--------	d-----w-	c:\documents and settings\Admin\Local Settings\Application Data\Microsoft Help
2010-09-16 04:01 . 2010-09-16 04:06	--------	d-----w-	c:\documents and settings\All Users\Application Data\Microsoft Help
2010-09-16 04:01 . 2010-09-16 04:01	--------	d-----r-	C:\MSOCache
2010-09-15 18:12 . 2010-09-15 18:12	--------	d-----w-	c:\program files\TV Guest
2010-09-15 14:58 . 2010-09-15 15:32	--------	d-----w-	c:\documents and settings\Admin\Application Data\TS3Client
2010-09-15 14:58 . 2010-09-15 15:01	--------	d-----w-	c:\program files\TeamSpeak 3 Client
2010-09-15 14:30 . 2010-09-15 14:30	--------	d-----w-	c:\documents and settings\Admin\Application Data\LolClient
2010-09-15 09:42 . 2010-09-16 08:49	--------	d-----w-	c:\documents and settings\Admin\Application Data\AIMP
2010-09-15 09:41 . 2010-09-15 09:42	--------	d-----w-	c:\documents and settings\Admin\Local Settings\Application Data\Yandex
2010-09-15 09:41 . 2010-09-15 09:42	--------	d-----w-	c:\documents and settings\Admin\Application Data\Yandex
2010-09-15 09:41 . 2010-09-15 09:41	--------	d-----w-	c:\program files\Yandex
2010-09-15 09:41 . 2010-09-15 09:41	--------	d-----w-	c:\program files\AIMP2
2010-09-15 09:40 . 2010-09-15 09:40	12328	----a-w-	c:\documents and settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-15 09:40 . 2010-09-15 09:40	--------	d-----w-	c:\documents and settings\Admin\Local Settings\Application Data\Cyberlink
2010-09-15 09:40 . 2010-09-15 09:40	--------	d-----w-	c:\documents and settings\Admin\Application Data\CyberLink
2010-09-15 09:39 . 2010-09-15 09:40	--------	d-----w-	c:\documents and settings\All Users\Application Data\CyberLink
2010-09-15 09:39 . 2010-09-15 09:39	--------	d-----w-	c:\program files\Common Files\CyberLink
2010-09-15 09:38 . 2010-09-15 09:39	--------	d-----w-	c:\program files\CyberLink
2010-09-15 09:38 . 2010-09-15 09:38	29480	----a-w-	c:\windows\system32\msxml3a.dll
2010-09-15 09:38 . 2010-09-15 09:38	--------	d-----w-	c:\program files\Ask.com
2010-09-15 09:38 . 2010-09-15 09:38	--------	d-----w-	c:\documents and settings\All Users\Application Data\Temp
2010-09-15 09:38 . 2010-09-15 09:38	53319	----a-w-	c:\documents and settings\All Users\Application Data\Temp\{8C20787A-7402-4FA7-BF25-6E5750930FDC}\PostBuild.exe
2010-09-15 09:37 . 2010-09-15 09:38	--------	d-----w-	c:\program files\The KMPlayer
2010-09-15 09:36 . 2010-09-15 09:36	0	----a-w-	c:\windows\nsreg.dat
2010-09-15 09:36 . 2010-09-15 09:36	--------	d-----w-	c:\documents and settings\Admin\Local Settings\Application Data\Mozilla
2010-09-15 09:36 . 2009-08-16 15:08	178176	----a-w-	c:\windows\system32\unrar.dll
2010-09-15 09:36 . 2009-05-29 21:37	205824	----a-w-	c:\windows\system32\xvidvfw.dll
2010-09-15 09:36 . 2009-05-29 21:31	881664	----a-w-	c:\windows\system32\xvidcore.dll
2010-09-15 09:36 . 2004-01-25 16:18	217088	----a-w-	c:\windows\system32\yv12vfw.dll
2010-09-15 09:36 . 2009-10-07 18:00	85504	----a-w-	c:\windows\system32\ff_vfw.dll
2010-09-15 09:36 . 2010-09-15 09:36	--------	d-----w-	c:\program files\K-Lite Codec Pack
2010-09-15 09:34 . 2010-09-15 09:34	--------	d-----w-	c:\program files\uTorrent
2010-09-15 09:33 . 2010-09-15 09:33	--------	d-----w-	c:\program files\Opera 10 Beta
2010-09-15 09:33 . 2010-09-16 10:21	--------	d-----w-	c:\documents and settings\Admin\Application Data\uTorrent
2010-09-15 09:31 . 2010-09-15 09:31	--------	d-----w-	c:\documents and settings\Admin\Application Data\DAEMON Tools Pro
2010-09-15 09:31 . 2010-09-15 09:31	--------	d-----w-	c:\documents and settings\All Users\Application Data\DAEMON Tools Pro
2010-09-15 09:30 . 2010-09-15 09:30	--------	d-----w-	c:\documents and settings\Admin\Local Settings\Application Data\GHISLER
2010-09-15 09:29 . 2010-09-15 09:31	--------	d-----w-	c:\program files\DAEMON Tools Pro
2010-09-15 09:19 . 2010-09-16 10:22	--------	d-----w-	c:\documents and settings\Admin\Local Settings\Application Data\PMB Files
2010-09-15 09:19 . 2010-09-15 09:28	--------	d-----w-	c:\documents and settings\All Users\Application Data\PMB Files
2010-09-15 09:18 . 2010-09-15 09:18	--------	d-----w-	c:\program files\Pando Networks
2010-09-15 09:16 . 2010-09-15 09:17	--------	d-----w-	c:\program files\Total Commander
2010-09-15 09:13 . 2010-09-15 09:13	--------	d-----w-	c:\windows\Sun

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-16 10:56 . 2010-09-16 10:56	--------	d-----w-	c:\program files\Common Files\14bdaa7f
2010-09-16 10:56 . 2010-09-16 04:09	0	----a-w-	c:\windows\system32\tmp.tmp
2010-09-16 10:39 . 2010-09-16 10:39	0	----a-w-	c:\documents and settings\Admin\tmp.tmp
2010-09-16 10:10 . 2010-09-16 06:35	402	----a-w-	c:\program files\Common Files\jqyrg4inedzz13m
2010-09-16 09:54 . 2008-04-15 13:00	84082	----a-w-	c:\windows\system32\perfc019.dat
2010-09-16 09:54 . 2008-04-15 13:00	484362	----a-w-	c:\windows\system32\perfh019.dat
2010-09-16 07:37 . 2010-09-16 07:37	80400	----a-w-	c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\mzvkbd3.dll
2010-09-16 07:37 . 2010-09-16 07:37	80400	----a-w-	c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\mzvkbd.dll
2010-09-16 07:37 . 2010-09-16 07:37	303376	----a-w-	c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\avp.exe
2010-09-16 07:37 . 2010-09-16 07:37	264720	----a-w-	c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\klwtbbho.dll
2010-09-16 07:37 . 2010-09-16 07:37	129552	----a-w-	c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\mmpprtc.dll
2010-09-16 07:37 . 2010-09-16 06:49	113933	----a-w-	c:\windows\system32\drivers\klin.dat
2010-09-16 07:37 . 2010-09-16 06:49	97549	----a-w-	c:\windows\system32\drivers\klick.dat
2010-09-16 07:37 . 2010-09-16 07:37	170584	----a-w-	c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\prloader.dll
2010-09-16 07:37 . 2010-09-16 07:37	311680	----a-w-	c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\avp.exe
2010-09-16 07:36 . 2010-09-16 07:36	109072	----a-w-	c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\mzvkbd3.dll
2010-09-16 07:36 . 2010-09-16 07:36	59920	----a-w-	c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\mzvkbd.dll
2010-09-16 07:36 . 2010-09-16 07:36	129624	----a-w-	c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\mmpprtc.dll
2010-09-16 07:36 . 2010-09-16 07:36	264720	----a-w-	c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\klwtbbho.dll
2010-09-16 06:59 . 2010-09-16 06:59	604140	--sha-w-	c:\windows\system32\drivers\ISwift3.dat
2010-09-16 05:39 . 2010-09-15 05:00	86327	----a-w-	c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-09-15 09:39 . 2010-09-15 05:41	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-09-15 06:58 . 2010-09-15 06:53	--------	d-----w-	c:\program files\Common Files\Adobe AIR
2010-09-15 06:57 . 2010-09-15 06:58	53632	----a-w-	c:\documents and settings\Admin\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-09-15 06:57 . 2010-09-15 06:53	53632	----a-w-	c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-09-15 06:29 . 2010-09-15 06:29	--------	d-----w-	c:\documents and settings\Admin\Application Data\InstallShield
2010-09-15 05:46 . 2010-09-15 05:46	--------	d-----w-	c:\program files\AGEIA Technologies
2010-09-15 05:45 . 2010-09-15 05:45	--------	d-----w-	c:\program files\Common Files\Wise Installation Wizard
2010-09-15 05:42 . 2010-09-15 05:42	--------	d-----w-	c:\program files\Vtune
2010-09-15 05:41 . 2010-09-15 05:41	--------	d-----w-	c:\program files\Common Files\InstallShield
2010-09-15 05:16 . 2010-09-15 05:16	--------	d-----w-	c:\program files\ESET
2010-09-15 05:16 . 2010-09-15 05:16	--------	d-----w-	c:\documents and settings\All Users\Application Data\ESET
2010-09-15 05:05 . 2010-09-15 05:05	--------	d-----w-	c:\program files\VistaDriveIcon
2010-09-15 05:05 . 2010-09-15 05:05	721904	----a-w-	c:\windows\system32\drivers\sptd.sys
2010-09-15 05:05 . 2010-09-15 05:05	--------	d---a-w-	c:\program files\Paint.NET
2010-09-15 05:05 . 2010-09-15 05:05	410984	----a-w-	c:\windows\system32\deploytk.dll
2010-09-15 05:04 . 2010-09-15 05:04	--------	d-----w-	c:\program files\Java
2010-09-15 04:58 . 2010-09-15 04:58	22564	----a-w-	c:\windows\system32\emptyregdb.dat
2010-09-15 04:58 . 2010-09-15 04:58	--------	d-----w-	c:\program files\Windows Media Connect 2
.

------- Sigcheck -------

[-] 2009-04-24 . 6A104BA98D99D53AB0C91825CE659FC6 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys

[-] 2009-04-24 . 2F29C751D1E9F6A9E4D3DB3A472DFF02 . 78360 . . [7.2.6001.788] . . c:\windows\system32\wuauclt.exe

[-] 2009-04-24 . 23B7D3F3F5EC8FEEA75EC381C71CBD5E . 579072 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll

[-] 2009-04-24 . 7921B0E73103546CF65890FB9EA5BAC0 . 1039872 . . [8.00.6001.18702] . . c:\windows\system32\wininet.dll

[-] 2009-04-24 . A7830A9F166C9CE4F18CA22076F1077C . 1721344 . . [6.00.2900.5512] . . c:\windows\explorer.exe

[-] 2009-04-24 . 8F51D3D08E9FFF9113EFDFA7A7511F2C . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

[-] 2009-04-24 . EFCC265C7C50677C7C9E0260981182C6 . 30208 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe

.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-07-10 13:28	1174920	----a-w-	c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-10 1174920]
"{91397D20-1446-11D4-8AF4-0040CA1127B6}"= "c:\program files\Yandex\YandexBarIE\yndbar.dll" [2009-07-24 5586208]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOT\Yandex.Toolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOT\Yandex.Toolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{91397D20-1446-11D4-8AF4-0040CA1127B6}"= "c:\program files\Yandex\YandexBarIE\yndbar.dll" [2009-07-24 5586208]

[HKEY_CLASSES_ROOT\clsid\{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOT\Yandex.Toolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOT\Yandex.Toolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VistaIcon"="c:\program files\VistaDriveIcon\VistaDrv.exe" [2008-01-02 132096]
"TBPanel"="c:\program files\Vtune\TBPanel.exe" [2009-05-12 2158592]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-09-15 2969496]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-09-15 289072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-03-27 17567744]
"CHotkey"="mHotkey.exe" [2002-07-23 477184]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-10-06 87336]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-09-01 75048]
"avp"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2010-09-16 311680]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2009-04-24 30208]
"VistaIcon"="c:\program files\VistaDriveIcon\VistaDrv.exe" [2008-01-02 132096]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IE8_01"="shell32" [X]
"ZZZZ2_FirstLogonSetting"="advpack.dll" [2009-04-24 128512]
"IE8_02"="advpack.dll" [2009-04-24 128512]

c:\documents and settings\All Users\ \ணࠬ\⮧㧪\
Total Commander.lnk - c:\program files\Total Commander\Totalcmd.exe [2009-10-5 3520256]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,c:\windows\system32\4d3e8984.exe,c:\windows\system32\mzjaqk.exe,"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\persistentroutes]
"86.57.151.0,255.255.255.224,192.168.1.1,1"=""
"86.57.251.28,255.255.255.255,192.168.1.1,1"=""
"86.57.253.1,255.255.255.255,192.168.1.1,1"=""
"193.232.248.79,255.255.255.255,192.168.1.1,1"=""
"193.232.248.80,255.255.255.255,192.168.1.1,1"=""
"82.209.245.151,255.255.255.255,192.168.1.1,1"=""
"194.158.206.240,255.255.255.255,192.168.1.1,1"=""
"194.158.206.241,255.255.255.255,192.168.1.1,1"=""
"194.158.206.246,255.255.255.255,192.168.1.1,1"=""
"194.158.202.59,255.255.255.255,192.168.1.1,1"=""
"82.209.195.15,255.255.255.255,192.168.1.1,1"=""
"86.57.250.0,255.255.254.0,192.168.1.1,1"=""
"93.84.112.0,255.255.248.0,192.168.1.1,1"=""
"178.124.128.0,255.255.248.0,192.168.1.1,1"=""
"91.149.189.0,255.255.255.128,192.168.1.1,1"=""
"91.149.189.128,255.255.255.192,192.168.1.1,1"=""
"91.149.157.0,255.255.255.128,192.168.1.1,1"=""
"91.149.157.192,255.255.255.192,192.168.1.1,1"=""
"93.125.30.0,255.255.254.0,192.168.1.1,1"=""
"194.158.199.177,255.255.255.255,192.168.1.1,1"=""
"82.209.253.2,255.255.255.255,192.168.1.1,1"=""
"193.232.248.2,255.255.255.255,192.168.1.1,1"=""
"80.86.107.0,255.255.255.0,192.168.1.0,1"=""
"81.176.66.0,255.255.255.0,192.168.1.0,1"=""
"81.177.31.0,255.255.255.0,192.168.1.0,1"=""
"81.24.35.0,255.255.255.0,192.168.1.0,1"=""
"82.117.238.0,255.255.255.0,192.168.1.0,1"=""
"82.151.107.0,255.255.255.0,192.168.1.0,1"=""
"82.165.103.0,255.255.255.0,192.168.1.0,1"=""
"82.98.86.0,255.255.255.0,192.168.1.0,1"=""
"83.202.175.0,255.255.255.0,192.168.1.0,1"=""
"83.222.23.0,255.255.255.0,192.168.1.0,1"=""
"83.222.31.0,255.255.255.0,192.168.1.0,1"=""
"83.223.117.0,255.255.255.0,192.168.1.0,1"=""
"84.40.30.0,255.255.255.0,192.168.1.0,1"=""
"85.12.57.0,255.255.255.0,192.168.1.0,1"=""
"85.17.210.0,255.255.255.0,192.168.1.0,1"=""
"85.214.106.0,255.255.255.0,192.168.1.0,1"=""
"85.255.19.0,255.255.255.0,192.168.1.0,1"=""
"85.31.222.0,255.255.255.0,192.168.1.0,1"=""
"87.106.242.0,255.255.255.0,192.168.1.0,1"=""
"87.106.254.0,255.255.255.0,192.168.1.0,1"=""
"87.230.79.0,255.255.255.0,192.168.1.0,1"=""
"87.238.48.0,255.255.255.0,192.168.1.0,1"=""
"87.242.72.0,255.255.255.0,192.168.1.0,1"=""
"87.242.74.0,255.255.255.0,192.168.1.0,1"=""
"87.242.79.0,255.255.255.0,192.168.1.0,1"=""
"88.221.119.0,255.255.255.0,192.168.1.0,1"=""
"89.108.66.0,255.255.255.0,192.168.1.0,1"=""
"89.111.176.0,255.255.255.0,192.168.1.0,1"=""
"89.202.149.0,255.255.255.0,192.168.1.0,1"=""
"89.202.157.0,255.255.255.0,192.168.1.0,1"=""
"90.156.159.0,255.255.255.0,192.168.1.0,1"=""
"90.183.101.0,255.255.255.0,192.168.1.0,1"=""
"91.121.97.0,255.255.255.0,192.168.1.0,1"=""
"91.199.212.0,255.255.255.0,192.168.1.0,1"=""
"91.209.196.0,255.255.255.0,192.168.1.0,1"=""
"92.123.155.0,255.255.255.0,192.168.1.0,1"=""
"92.53.106.0,255.255.255.0,192.168.1.0,1"=""
"93.184.71.0,255.255.255.0,192.168.1.0,1"=""
"93.191.13.0,255.255.255.0,192.168.1.0,1"=""
"94.23.206.0,255.255.255.0,192.168.1.0,1"=""
"94.236.0.0,255.255.255.0,192.168.1.0,1"=""
"95.140.225.0,255.255.255.0,192.168.1.0,1"=""
"74.55.74.0,255.255.255.0,192.168.1.0,1"=""
"75.125.185.0,255.255.255.0,192.168.1.0,1"=""
"174.120.186.0,255.255.255.0,192.168.1.0,1"=""
"208.43.71.0,255.255.255.0,192.168.1.0,1"=""
"74.53.70.0,255.255.255.0,192.168.1.0,1"=""
"74.86.232.0,255.255.255.0,192.168.1.0,1"=""
"74.54.139.0,255.255.255.0,192.168.1.0,1"=""
"174.133.38.0,255.255.255.0,192.168.1.0,1"=""
"174.120.185.0,255.255.255.0,192.168.1.0,1"=""
"174.120.184.0,255.255.255.0,192.168.1.0,1"=""
"74.54.130.0,255.255.255.0,192.168.1.0,1"=""
"74.54.46.0,255.255.255.0,192.168.1.0,1"=""
"75.125.189.0,255.255.255.0,192.168.1.0,1"=""
"75.125.43.0,255.255.255.0,192.168.1.0,1"=""
"74.86.125.0,255.255.255.0,192.168.1.0,1"=""
"75.125.212.0,255.255.255.0,192.168.1.0,1"=""
"207.44.254.0,255.255.255.0,192.168.1.0,1"=""
"83.102.130.0,255.255.255.0,192.168.1.0,1"=""
"87.242.75.0,255.255.255.0,192.168.1.0,1"=""
"81.176.67.0,255.255.255.0,192.168.1.0,1"=""
"212.59.118.0,255.255.255.0,192.168.1.0,1"=""
"188.40.74.0,255.255.255.0,192.168.1.0,1"=""
"208.43.44.0,255.255.255.0,192.168.1.0,1"=""
"62.67.184.0,255.255.255.0,192.168.1.0,1"=""
"74.55.143.0,255.255.255.0,192.168.1.0,1"=""
"195.222.17.0,255.255.255.0,192.168.1.0,1"=""
"81.176.230.0,255.255.255.0,192.168.1.0,1"=""
"194.67.52.0,255.255.255.0,192.168.1.0,1"=""

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders	msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, mxsweabl.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^ ^^^hidcon.exe]
path=c:\documents and settings\All Users\ \\\hidcon.exe
backup=c:\windows\pss\hidcon.exeCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2009-06-10 04:29	1657376	----a-w-	c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"UpdatesOverride"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD9\\PowerDVD9.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57914:TCP"= 57914:TCP:Pando Media Booster
"57914:UDP"= 57914:UDP:Pando Media Booster
"10308:TCP"= 10308:TCP

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [15.12.2008 20:41 33808]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/09/15 13:39];c:\program files\CyberLink\PowerDVD9\000.fcl [06.10.2009 21:24 87536]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [13.05.2009 17:46 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [16.05.2009 20:59 19472]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [15.09.2010 12:50 1684736]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15.09.2010 9:05 721904]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - WUAUSERV
.
Contents of the 'Scheduled Tasks' folder

2010-09-16 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-07-10 13:29]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yandex.ru/?clid=124990
IE: &  Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE:   - - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
TCP: {2654E10E-CAB9-4BE2-8F68-DC64457AC07A} = 82.209.253.2,193.232.248.2
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\w4iij48v.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com?o=15187&l=dis
FF - prefs.js: keyword.URL - hxxp://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=PTV&o=15184&locale=en_US&q=
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npdsplay.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\NPOFF12.DLL
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npwmsdrm.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
.
- - - - ORPHANS REMOVED - - - -

Toolbar-ITBar7Position - (no file)
AddRemove-InstallShield_{8C20787A-7402-4FA7-BF25-6E5750930FDC} - c:\program files\InstallShield Installation Information\{8C20787A-7402-4FA7-BF25-6E5750930FDC}\Setup.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-16 14:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  


**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-515967899-484061587-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6b,b2,4d,9c,a4,af,2e,45,9d,2b,69,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6b,b2,4d,9c,a4,af,2e,45,9d,2b,69,\
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\mHotkey.exe
c:\windows\system32\RUNDLL32.EXE
.
**************************************************************************
.
Completion time: 2010-09-16  15:00:38 - machine was rebooted
ComboFix-quarantined-files.txt  2010-09-16 11:00

Pre-Run: 7691112448  
Post-Run: 7568859136  

- - End Of File - - 0CC845C2EF904353B7277C5A8BF9CC46
