ComboFix 09-07-26.03 - User 07/28/2009  3:54.1.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.511.243 [GMT 7:00]
Running from: c:\documents and settings\User\My Documents\Downloads\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090727-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\2cee3.msi
c:\windows\Installer\2ceea.msi
c:\windows\Installer\48be5.msi

.
(((((((((((((((((((((((((   Files Created from 2009-06-27 to 2009-07-27  )))))))))))))))))))))))))))))))
.

2009-07-27 19:40 . 2009-07-27 19:55	--------	d-----w-	c:\program files\Registry Easy
2009-07-27 18:21 . 2009-02-05 21:06	23152	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2009-07-27 18:21 . 2009-02-05 21:06	51376	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2009-07-27 18:21 . 2009-02-05 21:05	26944	----a-w-	c:\windows\system32\drivers\aavmker4.sys
2009-07-27 18:21 . 2009-02-05 21:08	93296	----a-w-	c:\windows\system32\drivers\aswmon.sys
2009-07-27 18:21 . 2009-02-05 21:08	94032	----a-w-	c:\windows\system32\drivers\aswmon2.sys
2009-07-27 18:21 . 2009-02-05 21:07	114768	----a-w-	c:\windows\system32\drivers\aswSP.sys
2009-07-27 18:21 . 2009-02-05 21:07	20560	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2009-07-27 18:21 . 2009-02-05 21:04	97480	----a-w-	c:\windows\system32\AvastSS.scr
2009-07-27 18:21 . 2009-02-05 21:11	1256296	----a-w-	c:\windows\system32\aswBoot.exe
2009-07-27 17:52 . 2009-07-27 17:52	--------	d-----w-	c:\program files\Jitbit
2009-07-27 17:21 . 2009-07-27 17:21	--------	d-----w-	c:\documents and settings\All Users\Application Data\Avg8
2009-07-27 17:11 . 2009-07-27 17:11	724992	----a-w-	c:\windows\iun6002.exe
2009-07-27 17:11 . 2009-07-27 19:42	--------	d-----w-	c:\program files\SpeedItUpFree
2009-07-27 15:39 . 2009-07-27 15:39	--------	d-----w-	c:\docume~1\User\APPLIC~1\AVGTOOLBAR
2009-07-27 14:02 . 2003-03-18 20:20	1060864	----a-w-	c:\windows\system32\MFC71.dll
2009-07-27 14:02 . 2009-07-27 14:02	--------	d-----w-	c:\program files\Alwil Software
2009-07-27 14:00 . 2008-10-24 11:10	453632	-c----w-	c:\windows\system32\dllcache\mrxsmb.sys
2009-07-27 13:49 . 2009-07-27 13:49	--------	d-----w-	c:\documents and settings\All Users\Application Data\Sandlot Games
2009-07-27 13:49 . 2009-07-27 13:49	--------	d-----w-	c:\docume~1\User\APPLIC~1\Sandlot Games
2009-07-27 13:49 . 2009-07-27 13:49	--------	d-sh--w-	c:\windows\ftpcache
2009-07-27 13:44 . 2009-07-27 13:44	--------	d-----w-	c:\docume~1\User\APPLIC~1\Ubisoft
2009-07-27 13:31 . 2009-07-27 13:31	--------	d-----w-	c:\program files\Option
2009-07-27 09:27 . 2009-07-27 09:27	--------	d-----w-	c:\program files\AVG
2009-07-23 11:29 . 2009-07-27 08:09	--------	d-----w-	C:\Downloads
2009-07-23 11:20 . 2009-07-23 11:20	--------	d-----r-	c:\docume~1\User\APPLIC~1\Brother
2009-07-23 11:10 . 2009-07-23 11:10	--------	d-----w-	c:\docume~1\User\APPLIC~1\ScanSoft
2009-07-23 08:41 . 2009-07-27 08:37	57	----a-w-	c:\documents and settings\All Users\Application Data\Brother\BrLog\BrCollectDir\BR_cat.bat
2009-07-23 08:41 . 2009-07-23 08:41	--------	d-----w-	c:\documents and settings\All Users\Application Data\Brother
2009-07-22 12:55 . 2009-07-22 12:55	--------	d-----w-	c:\docume~1\User\APPLIC~1\Apple Computer
2009-07-16 10:41 . 2009-07-16 10:48	--------	d-----w-	c:\docume~1\User\APPLIC~1\BitCometLite
2009-07-16 08:33 . 2009-07-27 09:27	--------	d-----w-	c:\program files\Destiny
2009-07-15 10:04 . 2009-07-23 09:37	--------	d-----w-	c:\docume~1\User\APPLIC~1\DMCache
2009-07-09 04:55 . 2008-06-13 13:10	272128	-c----w-	c:\windows\system32\dllcache\bthport.sys
2009-07-09 04:55 . 2008-06-13 13:10	272128	------w-	c:\windows\system32\drivers\bthport.sys
2009-07-09 01:06 . 2009-07-09 01:06	--------	d-----w-	c:\documents and settings\User\Local Settings\Application Data\Yahoo
2009-07-08 13:08 . 2009-07-27 15:56	--------	d--h--w-	c:\windows\$hf_mig$
2009-07-08 12:52 . 2009-07-08 12:53	--------	d-----w-	c:\docume~1\User\APPLIC~1\Yahoo!
2009-07-08 12:52 . 2009-07-08 12:52	--------	d-----w-	c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-07-08 12:48 . 2009-07-09 00:59	--------	d-----w-	c:\documents and settings\All Users\Application Data\Yahoo!
2009-07-08 12:48 . 2009-05-26 12:50	607472	----a-w-	c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-27 08:41 . 2009-07-06 08:03	--------	d-----w-	c:\program files\Common Files\InstallShield
2009-07-27 08:38 . 2009-07-23 08:44	50	----a-w-	c:\windows\system32\bridf05a.dat
2009-07-27 08:37 . 2009-07-06 08:04	--------	d--h--w-	c:\program files\InstallShield Installation Information
2009-07-23 10:57 . 2009-07-23 10:57	--------	d-----w-	c:\program files\Common Files\ScanSoft Shared
2009-07-23 10:57 . 2009-07-23 10:57	--------	d-----w-	c:\documents and settings\All Users\Application Data\ScanSoft
2009-07-23 10:57 . 2009-07-23 08:42	--------	d-----w-	c:\program files\ScanSoft
2009-07-23 08:42 . 2009-07-23 08:42	--------	d-----w-	c:\documents and settings\All Users\Application Data\InstallShield
2009-07-09 04:45 . 2009-07-06 07:48	86327	----a-w-	c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-07-08 12:53 . 2009-07-06 08:25	--------	d-----w-	c:\program files\Yahoo!
2009-07-06 12:46 . 2009-07-06 09:16	--------	d-----w-	c:\docume~1\User\APPLIC~1\Winamp
2009-07-06 12:09 . 2009-07-06 09:15	--------	d-----w-	c:\program files\K-Lite Codec Pack
2009-07-06 12:09 . 2009-07-06 12:08	--------	d-----w-	c:\docume~1\User\APPLIC~1\ACD Systems
2009-07-06 12:05 . 2009-07-06 12:05	--------	d-----w-	c:\docume~1\User\APPLIC~1\Media Player Classic
2009-07-06 10:31 . 2009-07-06 10:31	--------	d-----w-	c:\documents and settings\All Users\Application Data\Trymedia
2009-07-06 10:25 . 2009-07-06 10:25	--------	d-----w-	c:\program files\ReflexiveArcade
2009-07-06 10:25 . 2009-07-06 10:25	--------	d-----w-	c:\program files\Zuma
2009-07-06 10:23 . 2009-07-06 10:23	--------	d-----w-	c:\program files\Luxor
2009-07-06 10:23 . 2009-07-06 10:23	--------	d-----w-	c:\program files\Insaniquarium
2009-07-06 10:22 . 2009-07-06 10:21	--------	d-----w-	c:\program files\FeedingFrenzy
2009-07-06 09:48 . 2009-07-06 09:48	70768	----a-w-	c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-06 09:48 . 2009-07-06 09:48	--------	d-----w-	c:\docume~1\User\APPLIC~1\Ahead
2009-07-06 09:40 . 2009-07-06 09:40	--------	d-----w-	c:\documents and settings\All Users\Application Data\Ahead
2009-07-06 09:39 . 2009-07-06 09:36	--------	d-----w-	c:\program files\Common Files\Ahead
2009-07-06 09:36 . 2009-07-06 09:36	--------	d-----w-	c:\program files\Nero
2009-07-06 09:36 . 2009-07-06 09:36	--------	d-----w-	c:\documents and settings\All Users\Application Data\Nero
2009-07-06 09:36 . 2009-07-06 09:36	0	----a-w-	c:\windows\nsreg.dat
2009-07-06 09:29 . 2009-07-06 09:29	--------	d-----w-	c:\documents and settings\All Users\Application Data\CyberLink
2009-07-06 09:28 . 2009-07-06 09:28	--------	d-----w-	c:\program files\CyberLink
2009-07-06 09:20 . 2009-07-06 09:20	--------	d-----w-	c:\program files\OpenOffice.org 2.3
2009-07-06 09:17 . 2009-07-06 09:16	--------	d-----w-	c:\program files\Winamp
2009-07-06 09:15 . 2009-07-06 09:14	--------	d-----w-	c:\program files\QuickTime
2009-07-06 09:14 . 2009-07-06 09:14	--------	d-----w-	c:\documents and settings\All Users\Application Data\Apple Computer
2009-07-06 09:14 . 2009-07-06 09:14	--------	d-----w-	c:\program files\Apple Software Update
2009-07-06 09:12 . 2009-07-06 09:12	--------	d-----w-	c:\program files\Common Files\Corel
2009-07-06 09:12 . 2009-07-06 09:12	--------	d-----w-	c:\program files\Corel
2009-07-06 09:08 . 2009-07-06 09:08	--------	d-----w-	c:\documents and settings\All Users\Application Data\Macrovision
2009-07-06 09:08 . 2009-07-06 09:08	--------	d-----w-	c:\program files\Common Files\Adobe Systems Shared
2009-07-06 09:05 . 2009-07-06 09:05	--------	d-----w-	c:\program files\Opera
2009-07-06 09:02 . 2009-07-06 09:02	--------	d-----w-	c:\program files\Microsoft.NET
2009-07-06 09:02 . 2009-07-06 09:02	--------	d-----w-	c:\program files\Microsoft ActiveSync
2009-07-06 08:32 . 2009-07-06 08:32	--------	d-----w-	c:\program files\Java
2009-07-06 08:30 . 2009-07-06 08:29	--------	d-----w-	c:\program files\Common Files\Adobe
2009-07-06 08:24 . 2009-07-06 08:24	--------	d-----w-	c:\documents and settings\All Users\Application Data\ACD Systems
2009-07-06 08:24 . 2009-07-06 08:24	--------	d-----w-	c:\program files\ACD Systems
2009-07-06 08:24 . 2009-07-06 08:24	--------	d-----w-	c:\program files\Common Files\ACD Systems
2009-07-06 08:16 . 2009-07-06 08:14	--------	d-----w-	c:\program files\Realtek
2009-07-06 08:16 . 2009-07-06 08:16	315392	----a-w-	c:\windows\HideWin.exe
2009-07-06 08:14 . 2009-07-06 08:14	--------	d-----w-	c:\docume~1\User\APPLIC~1\InstallShield
2009-07-06 08:14 . 2009-07-06 08:14	--------	d-----w-	c:\program files\BroadCom GB LAN
2009-07-06 08:13 . 2009-07-06 08:13	--------	d-----w-	c:\program files\Marvell
2009-07-06 08:12 . 2009-07-06 08:04	--------	d-----w-	c:\program files\ATI Technologies
2009-07-06 08:01 . 2009-07-06 08:01	--------	d-----w-	c:\program files\Intel
2009-07-06 07:49 . 2009-07-06 07:49	--------	d-----w-	c:\program files\microsoft frontpage
2009-07-06 07:45 . 2009-07-06 07:45	21640	----a-w-	c:\windows\system32\emptyregdb.dat
2009-06-13 18:00 . 2009-06-13 18:00	44544	----a-w-	c:\windows\system32\SystemHookCore.dll
2009-05-07 15:44 . 2004-08-03 21:56	344064	----a-w-	c:\windows\system32\localspl.dll
2009-07-19 00:31 . 2009-07-06 08:25	137208	----a-w-	c:\program files\mozilla firefox\components\brwsrcmp.dll
2009-03-21 14:18 . 2004-08-03 21:56	2367488	--sha-r-	c:\windows\system32\kvejh.dll
.

------- Sigcheck -------

[-] 2008-11-18 08:32	1580544	32272BF10467C8ACF1F83138C61D541E	c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2006-04-28 89542]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
GlobeTrotter Connect.lnk - c:\program files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe [2008-7-11 782336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\User\\Desktop\\Destiny_Online_-Power_of_Crimson_Client.exe"=
"d:\\Program Files\\BitComet\\BitComet.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5825:TCP"= 5825:TCP:*:Disabled:Unspecified
"5825:UDP"= 5825:UDP:*:Disabled:Unspecified
"7741:TCP"= 7741:TCP:BitComet 7741 TCP
"7741:UDP"= 7741:UDP:BitComet 7741 UDP
"7774:TCP"= 7774:TCP:exlulw

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [7/28/2009 1:21 AM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/28/2009 1:21 AM 20560]
R2 GtDetectSc;GtDetectSc;c:\program files\Option\GlobeTrotter Connect\GtDetectSc.exe [12/18/2007 12:48 PM 196704]
R3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\drivers\Gt51Ip.sys [2/18/2008 4:14 PM 106624]
R3 GT72UBUS;GT 72 U BUS;c:\windows\system32\drivers\gt72ubus.sys [2/8/2008 12:00 PM 59648]
R3 GTPTSER;GT PT SER;c:\windows\system32\drivers\gtptser.sys [3/30/2007 12:38 PM 8064]
S2 gmdis;Microsoft Server;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 4:56 AM 14336]
S2 msmljgyq;Config Monitor;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 4:56 AM 14336]
S2 vnjwmtf;Support Task;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 4:56 AM 14336]
S2 vunkzh;Helper Update;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 4:56 AM 14336]
S4 Pl108xuspadf;Pl108xuspadf; [x]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
vunkzh
vnjwmtf
msmljgyq
gmdis
.
Contents of the 'Scheduled Tasks' folder

2009-07-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 07:21]

2009-07-27 c:\windows\Tasks\One-Click Tweak.job
- d:\program files\Advanced PC Tweaker\OneClick.exe [2009-07-27 05:43]

2009-07-27 c:\windows\Tasks\Schedule Task Weekly.job
- c:\program files\Registry Easy\RE.exe [2009-07-27 04:10]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.avast.com/go.php?verb=register-home&lang=eng
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &D&ownload &with BitComet - d:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - d:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - d:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {B0AD4752-145A-47DE-B6AF-EEF00DBF2705} = 202.134.0.155,203.130.196.155
.

**************************************************************************

driver loading error catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-28 03:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gmdis]
"ServiceDll"="c:\windows\system32\kvejh.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\msmljgyq]
"ServiceDll"="c:\windows\system32\kvejh.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vnjwmtf]
"ServiceDll"="c:\windows\system32\kvejh.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vunkzh]
"ServiceDll"="c:\windows\system32\kvejh.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-839522115-1958367476-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C514A8CC-B057-7CE1-7486-A3625973DD2E}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"napbfjkkohielmaniiecpadammjh"=hex:6a,61,64,6e,6f,6a,63,69,69,62,6d,6f,6f,65,
   6a,66,6e,67,67,6a,00,00
"manbllcnoadjllngimbeanonme"=hex:6a,61,64,6e,6f,6a,63,69,69,62,6d,6f,6f,65,6a,
   66,6e,67,67,6a,00,9b

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{39de42c8-5485-4dd0-82a6-9991b4ac9448}]
@Denied: (Full) (Everyone)
"Model"=dword:000000cb
"Therad"=dword:00000009

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):f3,38,33,3c,92,da,50,c3,12,cb,e6,6e,0f,0a,15,e7,e0,6a,6e,54,ff,
   ab,31,04,ce,01,0c,18,56,ac,fe,9b,72,62,76,47,2e,99,95,e6,00,00,00,00,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(852)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-07-27  3:57
ComboFix-quarantined-files.txt  2009-07-27 20:57

Pre-Run: 23,194,083,328 bytes free
Post-Run: 23,208,632,320 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

246	--- E O F ---	2009-07-27 15:57