ComboFix 10-11-26.07 -  27.11.2010  21:16:14.2.2 - x86 NETWORK
Microsoft Windows Vista Home Premium   6.0.6002.2.1251.7.1049.18.2046.1198 [GMT 3:00]
Running from: c:\users\\Desktop\ComboFix.exe
Command switches used :: c:\users\\Desktop\CFScript.txt
SP:  Windows *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
 * Created a new restore point

FILE ::
"c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0a1kfvk.exe"
"c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2kqfvvq.exe"
"c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3aavl98.exe"
"c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6kfaa7v.exe"
"c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6qqk2aa.exe"
"c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\a28av1a5a2q.exe"
"c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ak5akv1kv.exe"
"c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\akqa5a76f.exe"
"c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\aqqkaav1.exe"
"c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\avl98gav.exe"
"c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\avvp5faav.exe"
"c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\f5aaaavq.exe"
"c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\faa7vqkk.exe"
"c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fav5q1fa.exe"
"c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fv98qkf9a0.exe"
"c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fv98qkf9a0v.exe"
"c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\k3kkfv98qkf.exe"
"c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kf9a0vq0k0f.exe"
"c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kkaafkvakv.exe"
"c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kkfaa7vq.exe"
"c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kkffaq0k0.exe"
"c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kkffavvqq.exe"
"c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kkfv5q1faq.exe"
"c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kvqff6vfqq.exe"
"c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qff2a9a7vqk.exe"
"c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qkaa1kkffav.exe"
"c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qlaavl98ga.exe"
"c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qqkaav1qkkf.exe"
"c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qqlgg6avqq7.exe"
"c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vavvqk6f.exe"
"c:\windows\system32\drivers\jjoffott.sys"
"c:\windows\system32\drivers\orkooton.sys"
"c:\windows\system32\drivers\qucbdhuj.sys"
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\jjoffott.sys
c:\windows\system32\drivers\orkooton.sys
c:\windows\system32\drivers\qucbdhuj.sys

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_JDJZFEKJ
-------\Legacy_ORKOOTON
-------\Service_jdjzfekj
-------\Service_orkooton


(((((((((((((((((((((((((   Files Created from 2010-10-27 to 2010-11-27  )))))))))))))))))))))))))))))))
.

2010-11-27 18:20 . 2010-11-27 18:23	--------	d-----w-	c:\users\\AppData\Local\temp
2010-11-27 18:20 . 2010-11-27 18:20	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-11-27 18:08 . 2010-04-29 12:39	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-27 18:08 . 2010-11-27 18:08	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-11-27 18:08 . 2010-11-27 18:08	--------	d-----w-	c:\programdata\Malwarebytes
2010-11-27 18:08 . 2010-04-29 12:39	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-11-27 14:32 . 2010-11-27 14:33	11264	----a-w-	c:\windows\system32\drivers\uzqymjgy.sys
2010-11-27 09:27 . 2009-10-22 09:54	37392	----a-w-	c:\windows\system32\drivers\68059512.sys
2010-11-27 09:27 . 2009-10-09 19:31	311312	----a-w-	c:\windows\system32\drivers\6805951.sys
2010-11-27 09:27 . 2009-09-25 13:59	128016	----a-w-	c:\windows\system32\drivers\68059511.sys
2010-11-27 07:20 . 2010-11-27 15:18	--------	d-----w-	c:\users\\DoctorWeb
2010-11-26 13:24 . 2010-11-26 13:24	50688	--sh--r-	c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qff2a9a7vqk.exe
2010-11-26 13:24 . 2010-11-26 13:24	50688	--sh--r-	c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vavvqk6f.exe
2010-11-26 13:24 . 2010-11-26 13:24	50688	--sh--r-	c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\akqa5a76f.exe
2010-11-26 13:24 . 2010-11-26 13:24	42496	--sh--r-	c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0a1kfvk.exe
2010-11-26 11:50 . 2010-11-26 11:50	42496	--sh--r-	c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ak5akv1kv.exe
2010-11-26 11:50 . 2010-11-26 11:50	50688	--sh--r-	c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kvqff6vfqq.exe
2010-11-26 11:50 . 2010-11-26 11:50	50688	--sh--r-	c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kkaafkvakv.exe
2010-11-26 11:33 . 2010-11-26 11:33	--------	d--h--w-	c:\windows\PIF
2010-11-26 11:18 . 2010-11-26 11:18	0	----a-w-	c:\windows\system32\drivers\mctircro.sys
2010-11-26 11:17 . 2010-11-26 11:17	42496	--sh--r-	c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fav5q1fa.exe
2010-11-26 11:17 . 2010-11-26 11:17	50688	--sh--r-	c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\k3kkfv98qkf.exe
2010-11-26 11:17 . 2010-11-26 11:17	50688	--sh--r-	c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kkffavvqq.exe
2010-11-26 11:17 . 2010-11-26 11:17	50688	--sh--r-	c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kkffaq0k0.exe
2010-11-26 10:57 . 2009-10-09 19:31	311312	----a-w-	c:\windows\system32\drivers\5499330.sys
2010-11-26 10:55 . 2010-11-26 10:55	50688	--sh--r-	c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qkaa1kkffav.exe
2010-11-26 10:55 . 2010-11-26 10:55	50688	--sh--r-	c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kkffa7vq1qk.exe
2010-11-26 10:55 . 2010-11-26 10:55	42496	--sh--r-	c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6kfaa7v.exe
2010-11-26 10:55 . 2010-11-26 10:55	50688	--sh--r-	c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6qqk2aa.exe
2010-11-26 10:47 . 2010-11-26 10:47	42496	--sh--r-	c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fv98qkf9a0.exe
2010-11-26 10:47 . 2010-11-26 10:47	50688	--sh--r-	c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kf9a0vq0k0f.exe
2010-11-26 10:47 . 2010-11-26 10:47	50688	--sh--r-	c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\faa7vqkk.exe
2010-11-26 10:47 . 2010-11-26 10:47	50688	--sh--r-	c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2kqfvvq.exe
2010-11-26 10:16 . 2009-10-09 19:31	311312	----a-w-	c:\windows\system32\drivers\5926714.sys
2010-11-26 09:59 . 2009-10-09 19:31	311312	----a-w-	c:\windows\system32\drivers\2927153.sys
2010-11-26 09:43 . 2009-10-09 19:31	311312	----a-w-	c:\windows\system32\drivers\6971746.sys
2010-11-26 08:16 . 2010-11-26 08:16	42496	--sh--r-	c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\a28av1a5a2q.exe
2010-11-26 08:16 . 2010-11-26 08:16	50688	--sh--r-	c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\f5aaaavq.exe
2010-11-26 08:16 . 2010-11-26 08:16	50688	--sh--r-	c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\avvp5faav.exe
2010-11-26 08:16 . 2010-11-26 08:16	50688	--sh--r-	c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kkfaa7vq.exe
2010-11-26 08:11 . 2010-11-26 08:11	--------	d-----w-	c:\programdata\WindowsSearch
2010-11-26 07:31 . 2010-11-26 07:31	719832	----a-w-	c:\program files\Mozilla Firefox\mozcpp19.dll
2010-11-26 07:31 . 2010-11-26 07:31	16856	----a-w-	c:\program files\Mozilla Firefox\plugin-container.exe
2010-11-26 07:31 . 2010-11-26 07:31	42496	--sh--r-	c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fv98qkf9a0v.exe
2010-11-26 07:31 . 2010-11-26 07:31	50688	--sh--r-	c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qqkaav1qkkf.exe
2010-11-26 07:31 . 2010-11-26 07:31	50688	--sh--r-	c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kkfv5q1faq.exe
2010-11-26 07:31 . 2010-11-26 07:31	50688	--sh--r-	c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\aqqkaav1.exe
2010-11-26 01:31 . 2010-11-26 01:31	50688	--sh--r-	c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qqlgg6avqq7.exe
2010-11-26 01:31 . 2010-11-26 01:31	42496	--sh--r-	c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\avl98gav.exe
2010-11-26 01:31 . 2010-11-26 01:31	50688	--sh--r-	c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qlaavl98ga.exe
2010-11-26 01:31 . 2010-11-26 01:31	50688	--sh--r-	c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3aavl98.exe
2010-11-25 20:18 . 2010-11-25 20:18	--------	d-----w-	c:\users\\AppData\Roaming\WT Streaming
2010-11-25 20:18 . 2010-11-25 20:18	--------	d-----w-	c:\users\\AppData\Local\Cobain_ltd
2010-11-25 20:16 . 2010-11-25 20:16	--------	d-----w-	c:\program files\Cobain ltd
2010-11-25 15:27 . 2010-11-25 15:27	--------	d-----w-	c:\users\Public\CyberLink
2010-11-24 18:20 . 2010-10-19 04:27	7680	----a-w-	c:\program files\Internet Explorer\iecompat.dll
2010-11-24 18:20 . 2010-08-31 15:46	954752	----a-w-	c:\windows\system32\mfc40.dll
2010-11-24 18:20 . 2010-08-31 15:46	954288	----a-w-	c:\windows\system32\mfc40u.dll
2010-11-24 18:18 . 2010-06-22 13:30	2048	----a-w-	c:\windows\system32\tzres.dll
2010-11-24 18:18 . 2010-08-26 16:37	157184	----a-w-	c:\windows\system32\t2embed.dll
2010-11-24 18:18 . 2010-04-16 16:46	502272	----a-w-	c:\windows\system32\usp10.dll
2010-11-24 18:18 . 2010-05-27 20:08	81920	----a-w-	c:\windows\system32\iccvid.dll
2010-11-24 18:18 . 2010-06-18 17:31	36864	----a-w-	c:\windows\system32\rtutils.dll
2010-11-24 18:18 . 2010-08-31 13:27	2038272	----a-w-	c:\windows\system32\win32k.sys
2010-11-24 18:13 . 2010-06-08 17:35	3548040	----a-w-	c:\windows\system32\ntoskrnl.exe
2010-11-24 18:13 . 2010-06-08 17:35	3600768	----a-w-	c:\windows\system32\ntkrnlpa.exe
2010-11-24 18:13 . 2010-05-04 19:13	231424	----a-w-	c:\windows\system32\msshsq.dll
2010-11-24 18:13 . 2010-06-16 16:04	905088	----a-w-	c:\windows\system32\drivers\tcpip.sys
2010-11-24 18:13 . 2010-08-20 16:05	867328	----a-w-	c:\windows\system32\wmpmde.dll
2010-11-24 18:13 . 2010-05-27 20:08	739328	----a-w-	c:\windows\system32\inetcomm.dll
2010-11-24 18:12 . 2010-06-11 16:15	1248768	----a-w-	c:\windows\system32\msxml3.dll
2010-11-24 18:12 . 2010-08-31 15:44	531968	----a-w-	c:\windows\system32\comctl32.dll
2010-11-24 17:50 . 2010-11-16 09:01	6273872	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{F6DABCE0-81F8-490F-B428-88168BA150AC}\mpengine.dll
2010-11-24 17:31 . 2010-11-24 17:31	--------	d-----w-	c:\users\\AppData\Roaming\Fonbet
2010-11-02 10:12 . 2009-11-08 07:55	99176	----a-w-	c:\windows\system32\PresentationHostProxy.dll
2010-11-02 10:12 . 2009-11-08 07:55	49472	----a-w-	c:\windows\system32\netfxperf.dll
2010-11-02 10:12 . 2009-11-08 07:55	297808	----a-w-	c:\windows\system32\mscoree.dll
2010-11-02 10:12 . 2009-11-08 07:55	295264	----a-w-	c:\windows\system32\PresentationHost.exe
2010-11-02 10:12 . 2009-11-08 07:55	1130824	----a-w-	c:\windows\system32\dfshim.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-26 13:24 . 2010-11-26 13:24	50688	--sh--r-	c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qff2a9a7vqk.exe
2010-11-26 13:24 . 2010-11-26 13:24	50688	--sh--r-	c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qff2a9a7vqk.exe
2010-11-26 13:24 . 2010-11-26 13:24	50688	--sh--r-	c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vavvqk6f.exe
2010-11-26 13:24 . 2010-11-26 13:24	50688	--sh--r-	c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vavvqk6f.exe
2010-11-26 13:24 . 2010-11-26 13:24	50688	--sh--r-	c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\akqa5a76f.exe
2010-11-26 13:24 . 2010-11-26 13:24	50688	--sh--r-	c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\akqa5a76f.exe
2010-11-26 13:24 . 2010-11-26 13:24	42496	--sh--r-	c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0a1kfvk.exe
2010-11-26 13:24 . 2010-11-26 13:24	42496	--sh--r-	c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0a1kfvk.exe
2010-11-26 11:50 . 2010-11-26 11:50	50688	--sh--r-	c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kvqff6vfqq.exe
2010-11-26 11:50 . 2010-11-26 11:50	50688	--sh--r-	c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kvqff6vfqq.exe
2010-11-26 11:50 . 2010-11-26 11:50	42496	--sh--r-	c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ak5akv1kv.exe
2010-11-26 11:50 . 2010-11-26 11:50	42496	--sh--r-	c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ak5akv1kv.exe
2010-11-26 11:50 . 2010-11-26 11:50	50688	--sh--r-	c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kkaafkvakv.exe
2010-11-26 11:50 . 2010-11-26 11:50	50688	--sh--r-	c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kkaafkvakv.exe
2010-11-26 11:17 . 2010-11-26 11:17	42496	--sh--r-	c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fav5q1fa.exe
2010-11-26 11:17 . 2010-11-26 11:17	42496	--sh--r-	c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fav5q1fa.exe
2010-11-26 11:17 . 2010-11-26 11:17	50688	--sh--r-	c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\k3kkfv98qkf.exe
2010-11-26 11:17 . 2010-11-26 11:17	50688	--sh--r-	c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\k3kkfv98qkf.exe
2010-11-26 11:17 . 2010-11-26 11:17	50688	--sh--r-	c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kkffavvqq.exe
2010-11-26 11:17 . 2010-11-26 11:17	50688	--sh--r-	c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kkffavvqq.exe
2010-11-26 11:17 . 2010-11-26 11:17	50688	--sh--r-	c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kkffaq0k0.exe
2010-11-26 11:17 . 2010-11-26 11:17	50688	--sh--r-	c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kkffaq0k0.exe
2010-11-26 10:55 . 2010-11-26 10:55	50688	--sh--r-	c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qkaa1kkffav.exe
2010-11-26 10:55 . 2010-11-26 10:55	50688	--sh--r-	c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qkaa1kkffav.exe
2010-11-26 10:55 . 2010-11-26 10:55	50688	--sh--r-	c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kkffa7vq1qk.exe
2010-11-26 10:55 . 2010-11-26 10:55	50688	--sh--r-	c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kkffa7vq1qk.exe
2010-11-26 10:55 . 2010-11-26 10:55	42496	--sh--r-	c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6kfaa7v.exe
2010-11-26 10:55 . 2010-11-26 10:55	42496	--sh--r-	c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6kfaa7v.exe
2010-11-26 10:55 . 2010-11-26 10:55	50688	--sh--r-	c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6qqk2aa.exe
2010-11-26 10:55 . 2010-11-26 10:55	50688	--sh--r-	c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6qqk2aa.exe
2010-11-26 10:47 . 2010-11-26 10:47	42496	--sh--r-	c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fv98qkf9a0.exe
2010-11-26 10:47 . 2010-11-26 10:47	42496	--sh--r-	c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fv98qkf9a0.exe
2010-11-26 10:47 . 2010-11-26 10:47	50688	--sh--r-	c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kf9a0vq0k0f.exe
2010-11-26 10:47 . 2010-11-26 10:47	50688	--sh--r-	c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kf9a0vq0k0f.exe
2010-11-26 10:47 . 2010-11-26 10:47	50688	--sh--r-	c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\faa7vqkk.exe
2010-11-26 10:47 . 2010-11-26 10:47	50688	--sh--r-	c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\faa7vqkk.exe
2010-11-26 10:47 . 2010-11-26 10:47	50688	--sh--r-	c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2kqfvvq.exe
2010-11-26 10:47 . 2010-11-26 10:47	50688	--sh--r-	c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2kqfvvq.exe
2010-11-26 08:16 . 2010-11-26 08:16	42496	--sh--r-	c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\a28av1a5a2q.exe
2010-11-26 08:16 . 2010-11-26 08:16	42496	--sh--r-	c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\a28av1a5a2q.exe
2010-11-26 08:16 . 2010-11-26 08:16	50688	--sh--r-	c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\f5aaaavq.exe
2010-11-26 08:16 . 2010-11-26 08:16	50688	--sh--r-	c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\f5aaaavq.exe
2010-11-26 08:16 . 2010-11-26 08:16	50688	--sh--r-	c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\avvp5faav.exe
2010-11-26 08:16 . 2010-11-26 08:16	50688	--sh--r-	c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\avvp5faav.exe
2010-11-26 08:16 . 2010-11-26 08:16	50688	--sh--r-	c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kkfaa7vq.exe
2010-11-26 08:16 . 2010-11-26 08:16	50688	--sh--r-	c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kkfaa7vq.exe
2010-11-26 07:31 . 2010-11-26 07:31	42496	--sh--r-	c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fv98qkf9a0v.exe
2010-11-26 07:31 . 2010-11-26 07:31	42496	--sh--r-	c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fv98qkf9a0v.exe
2010-11-26 07:31 . 2010-11-26 07:31	50688	--sh--r-	c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qqkaav1qkkf.exe
2010-11-26 07:31 . 2010-11-26 07:31	50688	--sh--r-	c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qqkaav1qkkf.exe
2010-11-26 07:31 . 2010-11-26 07:31	50688	--sh--r-	c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kkfv5q1faq.exe
2010-11-26 07:31 . 2010-11-26 07:31	50688	--sh--r-	c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kkfv5q1faq.exe
2010-11-26 07:31 . 2010-11-26 07:31	50688	--sh--r-	c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\aqqkaav1.exe
2010-11-26 07:31 . 2010-11-26 07:31	50688	--sh--r-	c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\aqqkaav1.exe
2010-11-26 01:31 . 2010-11-26 01:31	50688	--sh--r-	c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qqlgg6avqq7.exe
2010-11-26 01:31 . 2010-11-26 01:31	50688	--sh--r-	c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qqlgg6avqq7.exe
2010-11-26 01:31 . 2010-11-26 01:31	42496	--sh--r-	c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\avl98gav.exe
2010-11-26 01:31 . 2010-11-26 01:31	42496	--sh--r-	c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\avl98gav.exe
2010-11-26 01:31 . 2010-11-26 01:31	50688	--sh--r-	c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qlaavl98ga.exe
2010-11-26 01:31 . 2010-11-26 01:31	50688	--sh--r-	c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qlaavl98ga.exe
2010-11-26 01:31 . 2010-11-26 01:31	50688	--sh--r-	c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3aavl98.exe
2010-11-26 01:31 . 2010-11-26 01:31	50688	--sh--r-	c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3aavl98.exe
2010-10-19 07:41 . 2009-10-03 08:54	222080	------w-	c:\windows\system32\MpSigStub.exe
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-06 4390912]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-02-06 839680]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-08 68640]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"ViivMonitor"="c:\program files\Intel\Intel Media Share Software\ViivMonitor.exe" [2007-03-10 69632]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\users\३\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
0a1kfvk.exe [2010-11-26 42496]
2kqfvvq.exe [2010-11-26 50688]
3aavl98.exe [2010-11-26 50688]
6kfaa7v.exe [2010-11-26 42496]
6qqk2aa.exe [2010-11-26 50688]
a28av1a5a2q.exe [2010-11-26 42496]
ak5akv1kv.exe [2010-11-26 42496]
akqa5a76f.exe [2010-11-26 50688]
aqqkaav1.exe [2010-11-26 50688]
avl98gav.exe [2010-11-26 42496]
avvp5faav.exe [2010-11-26 50688]
f5aaaavq.exe [2010-11-26 50688]
faa7vqkk.exe [2010-11-26 50688]
fav5q1fa.exe [2010-11-26 42496]
fv98qkf9a0.exe [2010-11-26 42496]
fv98qkf9a0v.exe [2010-11-26 42496]
k3kkfv98qkf.exe [2010-11-26 50688]
kf9a0vq0k0f.exe [2010-11-26 50688]
kkaafkvakv.exe [2010-11-26 50688]
kkfaa7vq.exe [2010-11-26 50688]
kkffa7vq1qk.exe [2010-11-26 50688]
kkffaq0k0.exe [2010-11-26 50688]
kkffavvqq.exe [2010-11-26 50688]
kkfv5q1faq.exe [2010-11-26 50688]
kvqff6vfqq.exe [2010-11-26 50688]
qff2a9a7vqk.exe [2010-11-26 50688]
qkaa1kkffav.exe [2010-11-26 50688]
qlaavl98ga.exe [2010-11-26 50688]
qqkaav1qkkf.exe [2010-11-26 50688]
qqlgg6avqq7.exe [2010-11-26 50688]
setup_9.0.0.722_25.11.2010_22-14.lnk - c:\users\३\Desktop\Virus Removal Tool\setup_9.0.0.722_25.11.2010_22-14\startup.exe [2010-11-27 72208]
vavvqk6f.exe [2010-11-26 50688]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-12-20 719664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
NA [X]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-722921032-245759234-3210273906-1000]
"EnableNotificationsRef"=dword:00000001

R2 uoohsiuw9ok6oa4;ASUSKeyboardService;c:\users\\AppData\Roaming\Microsoft\dizukivip.exe [x]
S0 68059512;68059512 Boot Guard Driver;c:\windows\system32\DRIVERS\68059512.sys [2009-10-22 37392]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-06-22 685816]
S1 68059511;68059511;c:\windows\system32\DRIVERS\68059511.sys [2009-09-25 128016]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2009-11-03 21520]
S1 setup_9.0.0.722_25.11.2010_22-14drv;setup_9.0.0.722_25.11.2010_22-14drv;c:\windows\system32\DRIVERS\6805951.sys [2009-10-09 311312]
S1 uzqymjgy;AVZ-RK Kernel Driver;c:\windows\system32\Drivers\uzqymjgy.sys [2010-11-27 11264]
S2 IMSSync;Intel Media Share Synch Service;c:\program files\Intel\Intel Media Share Software\IMSSync.exe [2007-03-10 368640]
S2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\system32\DRIVERS\kmdfmemio.sys [2006-11-14 13312]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-10-02 19472]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - UZQYMJGY

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = local
IE:    & Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE:    & Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {463ED66E-431B-11D2-ADB0-0080C83DA4EB} - hxxps://w3s.webmoney.ru/WMAcceptor.dll
DPF: {ED1F56D6-E7EB-4CA8-81DB-D99BD7AB6082} - hxxps://light.webmoney.ru/Tray/TrayNotifier2.dll
FF - ProfilePath - c:\users\\AppData\Roaming\Mozilla\Firefox\Profiles\6150egl5.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Extension: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\users\\AppData\Roaming\Mozilla\Firefox\Profiles\6150egl5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-27 21:22
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet029\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(2944)
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
c:\windows\system32\conime.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\WUDFHost.exe
c:\windows\RtHDVCpl.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2010-11-27  21:29:03 - machine was rebooted
ComboFix-quarantined-files.txt  2010-11-27 18:28
ComboFix2.txt  2010-11-27 17:22

Pre-Run: 53469118464  
Post-Run: 51053178880  

- - End Of File - - 369C5703AB0842B4608D1235215DA124
