ComboFix 10-11-26.07 - moonis 28.11.2010  20:39:48.3.2 - x86
Microsoft Windows 7    6.1.7600.0.1251.7.1049.18.3327.2453 [GMT 6:00]
Running from: c:\users\moonis\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\poluaktov\Application Data\64dlls.exe
c:\documents and settings\poluaktov\Application Data\intel64.exe
c:\documents and settings\poluaktov\Application Data\Kernel32.exe
c:\documents and settings\poluaktov\Application Data\localsys64.exe
c:\documents and settings\poluaktov\Application Data\ntos.exe
c:\documents and settings\poluaktov\Application Data\oembios.exe
c:\documents and settings\poluaktov\Application Data\sdra64.exe
c:\documents and settings\poluaktov\Application Data\sdra73.exe
c:\documents and settings\poluaktov\Application Data\swin32.exe
c:\documents and settings\poluaktov\Application Data\twex.exe
c:\documents and settings\poluaktov\Application Data\twext.exe
c:\documents and settings\poluaktov\Application Data\wsnpoema.exe
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
D:\Autorun.inf

----- BITS: Possible infected sites -----

hxxp://soft.export.yandex.ru
hxxp://download.yandex.ru
.
(((((((((((((((((((((((((   Files Created from 2010-10-28 to 2010-11-28  )))))))))))))))))))))))))))))))
.

2010-11-28 14:53 . 2010-11-28 14:53	--------	d-----w-	c:\users\moonis\AppData\Local\temp
2010-11-28 14:53 . 2010-11-28 14:53	--------	d-----w-	c:\users\\AppData\Local\temp
2010-11-28 14:53 . 2010-11-28 14:53	--------	d-----w-	c:\users\\AppData\Local\temp
2010-11-28 14:53 . 2010-11-28 14:53	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-11-27 03:38 . 2010-11-27 03:38	--------	d-----w-	c:\users\moonis\AppData\Roaming\Malwarebytes
2010-11-27 03:38 . 2010-04-29 09:39	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-27 03:38 . 2010-11-27 03:38	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-11-27 03:38 . 2010-11-27 03:38	--------	d-----w-	c:\programdata\Malwarebytes
2010-11-27 03:38 . 2010-04-29 09:39	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-11-27 03:05 . 2010-11-27 03:09	6153352	----a-w-	C:\mbam-setup.exe
2010-11-27 02:42 . 2010-11-27 02:42	11264	----a-w-	c:\windows\system32\drivers\uzexnzux.sys
2010-11-26 08:56 . 2010-11-27 10:10	13312	----a-w-	c:\windows\system32\drivers\vdexnzux.sys
2010-11-26 02:54 . 2010-11-27 11:52	--------	d-----w-	c:\program files\Trend Micro
2010-11-26 02:54 . 2010-11-26 02:54	388096	----a-r-	c:\users\moonis\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-11-25 17:03 . 2010-11-28 07:57	--------	d-----w-	C:\avz4
2010-11-25 03:36 . 2010-11-27 15:54	--------	d-----w-	c:\program files\Foobar2000
2010-11-24 03:42 . 2010-11-24 03:45	339991	----a-w-	C:\RSIT.exe
2010-11-24 03:42 . 2010-11-24 06:54	1402880	----a-w-	C:\4) HiJackThis.msi
2010-11-24 03:36 . 2010-11-24 04:47	83966648	----a-w-	C:\1,2) setup_9.0.0.722_24.11.2010_06-12.exe
2010-11-24 03:30 . 2010-11-24 03:30	50688	----a-w-	C:\0)ATF-Cleaner.exe
2010-11-15 18:22 . 2009-01-15 13:20	3072	------w-	c:\windows\system32\BrDctF2S.dll
2010-11-15 18:22 . 2007-12-13 16:16	73728	------w-	c:\windows\system32\BrDctF2.dll
2010-11-15 18:22 . 2007-12-13 16:16	5120	------w-	c:\windows\system32\BrDctF2L.dll
2010-11-15 18:22 . 2010-11-15 18:22	--------	d-----w-	c:\program files\Brother
2010-11-15 18:22 . 2008-06-17 09:33	167936	------w-	c:\windows\system32\NSSearch.dll
2010-11-12 18:46 . 2010-11-12 18:46	4280320	----a-w-	c:\windows\system32\GPhotos.scr
2010-11-12 02:47 . 2010-03-31 00:00	12413330	----a-w-	c:\windows\system32\CC3update.exe
2010-11-11 18:44 . 2010-11-11 18:44	--------	d-----w-	c:\users\moonis\AppData\Roaming\Zeon
2010-11-11 17:10 . 2010-11-11 17:10	--------	d-----r-	c:\users\moonis\AppData\Roaming\Brother
2010-11-11 17:00 . 2010-11-11 17:00	--------	d-----w-	c:\users\moonis\AppData\Local\Scansoft
2010-11-11 16:42 . 2009-04-07 06:01	1534464	----a-w-	c:\windows\system32\BrWia09b.dll
2010-11-11 16:42 . 2009-02-24 04:37	53760	----a-w-	c:\windows\system32\BrUsi09a.dll
2010-11-11 16:42 . 2009-05-20 18:00	111928	----a-w-	c:\windows\system32\BRRBTOOL.EXE
2010-11-11 16:42 . 2005-01-17 10:10	45056	----a-w-	c:\windows\system32\BRTCPCON.DLL
2010-11-11 16:42 . 2004-08-09 18:42	77824	----a-w-	c:\windows\system32\BRLMW03A.DLL
2010-11-11 16:42 . 2007-01-15 18:00	24223	----a-w-	c:\windows\system32\BRLM03A.DLL
2010-11-11 16:38 . 2010-11-11 16:38	--------	d-----w-	c:\programdata\InstallShield
2010-11-11 16:37 . 2010-11-15 18:11	--------	d-----w-	c:\programdata\ScanSoft
2010-11-11 16:35 . 2010-11-11 16:35	--------	d-----w-	c:\programdata\Brother
2010-11-09 09:06 . 2010-11-09 09:07	--------	d-----w-	c:\program files\WinDjView
2010-11-08 15:32 . 2010-11-27 16:09	--------	d-----w-	c:\program files\Kaspersky Lab
2010-11-05 17:36 . 2010-11-27 19:32	--------	d-----w-	c:\program files\DenS-mIRC

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-05 05:08 . 2010-09-05 05:09	8192	--sha-w-	c:\windows\system32\srvany.exe
2010-09-02 02:16 . 2010-09-10 04:17	961312	----a-w-	c:\windows\system32\drivers\vbcorent.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-09-01 382840]
"ICQ"="c:\program files\ICQLite\icq.exe" [2010-11-03 153912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2009-10-26 15872]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-06-08 9267816]
"USB Antivirus"="c:\program files\USB Disk Security\USBGuard.exe" [2010-07-23 824224]
"KMCONFIG"="c:\program files\Keyboard & Mouse Driver\StartAutorun.exe" [2008-05-29 212992]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]

c:\users\moonis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Outlook 2010.lnk - c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe [2010-9-5 303456]
Punto Switcher.lnk - c:\program files\Yandex\Punto Switcher\punto.exe [2010-10-26 831272]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
DynDNS Updater Tray Icon.lnk - c:\program files\DynDNS Updater\DynTray.exe [2010-4-16 91504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^webcam 7.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\webcam 7.lnk
backup=c:\windows\pss\webcam 7.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^moonis^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Punto Switcher.lnk]
path=c:\users\moonis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Punto Switcher.lnk
backup=c:\windows\pss\Punto Switcher.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^moonis^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^      OneNote 2010.lnk]
path=c:\users\moonis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\      OneNote 2010.lnk
backup=c:\windows\pss\      OneNote 2010.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2Gis Update Notifier]
2010-09-29 06:50	4411736	----a-w-	c:\program files\2gis\3.0\2GISTrayNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2009-11-10 11:27	377568	----a-w-	c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2009-11-10 11:28	962288	----a-w-	c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 07:54	91520	----a-w-	c:\program files\Microsoft Office\Office14\BCSSync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bonus.SSR.FR10]
2010-02-08 14:37	941320	----a-w-	c:\program files\ABBYY FineReader 10\Bonus.ScreenshotReader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KMCONFIG]
2008-05-29 18:22	212992	----a-w-	c:\program files\Keyboard & Mouse Driver\StartAutorun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 04:44	248552	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2009-11-10 11:24	4393944	----a-w-	c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-09-01 13:01	382840	----a-w-	c:\program files\uTorrent\uTorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMonitorVMUVC]
2008-08-29 11:27	143360	----a-w-	c:\program files\Vimicro Corporation\VMUVC\VMonitor.exe

R2 Guard.Mail.ru;Guard.Mail.ru; [x]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [x]
R2 KMService;KMService;c:\windows\system32\srvany.exe [2010-09-05 8192]
R2 mitsijm2011;  Autodesk Moldflow Inventor Tool Suite Integration 2011;c:\program files\Autodesk\Inventor 2011\Moldflow\bin\mitsijm.exe [2010-01-23 462336]
R3 2GISUpdateService;2GIS UpdateService;c:\program files\2gis\3.0\2GISUpdateService.exe [2010-09-29 837464]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2010-08-06 13224]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\Drivers\VMUVC.sys [2009-01-09 251904]
R3 vpcuxd;   USB;c:\windows\system32\DRIVERS\vpcuxd.sys [2009-09-23 12800]
R3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [2008-07-01 398720]
R3 w7Svc;webcam 7 Service;c:\program files\webcam 7\wService.exe [2010-05-15 5029376]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-02-11 47128]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-29 239336]
R4 SQLAgent$AUTODESKVAULT;SQL Server Agent (AUTODESKVAULT);c:\program files\Microsoft SQL Server\MSSQL10.AUTODESKVAULT\MSSQL\Binn\SQLAGENT.EXE [2009-03-29 366936]
S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [2009-05-11 154664]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-15 691696]
S0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\DRIVERS\tdrpm251.sys [2010-01-15 902432]
S1 uzexnzux;AVZ-RK Kernel Driver;c:\windows\system32\Drivers\uzexnzux.sys [2010-11-27 11264]
S2 DynDNS Updater;DynDNS Updater;c:\program files\DynDNS Updater\DynUpSvc.exe [2010-01-20 99704]
S2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Keyboard & Mouse Driver\KMWDSrv.exe [2009-08-31 1821184]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2006-11-22 5120]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-09-18 240232]
S3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 25088]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2010-08-06 27632]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
iissvcs	REG_MULTI_SZ   	w3svc was
apphost	REG_MULTI_SZ   	apphostsvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yandex.ru/?clid=41128
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &  OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: &  Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE:     Download Master - c:\program files\Download Master\dmieall.htm
IE:    Download Master - c:\program files\Download Master\dmie.htm
IE:     DM - c:\program files\Download Master\remdown.htm
.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\w7Svc]
"ImagePath"="c:\program files\webcam 7\wService.exe /startedbyscm:5053B757-40E35B3B-webcam7SRV"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-11-28  20:55:12
ComboFix-quarantined-files.txt  2010-11-28 14:55
ComboFix2.txt  2010-11-27 17:01

Pre-Run: 41058095104  
Post-Run: 40976879616  

- - End Of File - - 9F641E769A281E73DEFD607490286F96
