ComboFix 09-04-04.01 -  2009-04-10 11:38:59.3 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1251.1.1049.18.1015.754 [GMT 4:00]
Running from: c:\documents and settings\\ \ComboFix.exe
Command switches used :: c:\documents and settings\\ \CFScript.txt.txt
FW: Outpost Firewall Pro *enabled*
 * Created a new restore point

FILE ::
c:\windows\iedr.exe
c:\windows\system32\cabine.dll
.

(((((((((((((((((((((((((   Files Created from 2009-03-10 to 2009-04-10  )))))))))))))))))))))))))))))))
.

2009-04-09 17:26 . 2009-04-09 17:26	4,324	--a------	C:\ComboFix.7z
2009-04-09 11:14 . 2009-04-09 11:14	<DIR>	d--------	c:\program files\Malwarebytes' Anti-Malware
2009-04-09 11:14 . 2009-04-09 11:14	<DIR>	d--------	c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-09 11:14 . 2009-04-09 11:14	<DIR>	d--------	c:\documents and settings\\Application Data\Malwarebytes
2009-04-09 11:14 . 2009-01-04 18:38	38,496	--a------	c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-09 11:14 . 2009-01-04 18:38	15,504	--a------	c:\windows\system32\drivers\mbam.sys
2009-04-09 10:46 . 2009-04-09 10:46	23,927	--a------	c:\documents and settings\catchme.zip
2009-04-09 10:44 . 2009-04-09 10:44	<DIR>	d--------	c:\windows\ERUNT
2009-04-08 12:20 . 2009-04-08 12:27	11,264	--a------	c:\windows\system32\drivers\uzi4mty3.sys
2009-04-03 14:32 . 2009-04-03 14:32	<DIR>	d--------	c:\program files\K-Lite Codec Pack
2009-04-03 14:32 . 2007-01-30 06:03	3,596,288	--a------	c:\windows\system32\qt-dx331.dll
2009-04-03 14:32 . 2007-01-20 21:26	1,565,480	--a------	c:\windows\system32\wmv9vcm.dll
2009-04-03 14:32 . 2007-01-30 06:03	1,044,480	--a------	c:\windows\system32\libdivx.dll
2009-04-03 14:32 . 2006-11-01 14:52	765,952	--a------	c:\windows\system32\xvidcore.dll
2009-04-03 14:32 . 2007-02-01 05:56	639,066	--a------	c:\windows\system32\divx.dll
2009-04-03 14:32 . 2007-01-30 06:03	200,704	--a------	c:\windows\system32\ssldivx.dll
2009-04-03 14:32 . 2007-01-30 05:56	196,608	--a------	c:\windows\system32\dtu100.dll
2009-04-03 14:32 . 2006-11-01 14:54	180,224	--a------	c:\windows\system32\xvidvfw.dll
2009-04-03 14:32 . 2006-05-13 23:16	118,784	--a------	c:\windows\system32\ac3acm.acm
2009-04-03 14:32 . 2007-01-30 05:56	73,728	--a------	c:\windows\system32\dpl100.dll
2009-04-03 14:32 . 2007-01-09 18:46	10,752	--a------	c:\windows\system32\ff_vfw.dll
2009-04-03 14:32 . 2005-02-24 18:56	547	--a------	c:\windows\system32\ff_vfw.dll.manifest
2009-03-23 18:50 . 2009-03-23 18:50	<DIR>	d--------	c:\documents and settings\\DoctorWeb
2009-03-23 18:50 . 2009-03-23 18:50	<DIR>	d--------	c:\documents and settings\\DoctorWeb

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-09 13:13	---------	d-----w	c:\documents and settings\\Application Data\OpenOffice.org2
2009-04-08 14:06	---------	d-----w	c:\program files\Eset
2009-04-03 11:33	---------	d-----w	c:\program files\Light Alloy
2009-03-19 09:12	---------	d--h--w	c:\program files\InstallShield Installation Information
2009-03-19 09:11	---------	d-----w	c:\program files\SoftLogica
2009-02-18 07:12	---------	d-----w	c:\program files\Common Files\NalogoplUL410
2009-02-18 07:12	---------	d-----w	c:\program files\
2009-02-13 08:52	---------	d-----w	c:\documents and settings\\Application Data\Super-Cow
.

------- Sigcheck -------

2006-03-02 16:00  359040  1745b00fc1141404b28f4b94f69a8871	c:\windows\system32\dllcache\tcpip.sys
2006-03-02 16:00  359040  1745b00fc1141404b28f4b94f69a8871	c:\windows\system32\drivers\tcpip.sys
.
(((((((((((((((((((((((((((((   SnapShot@2009-04-09_17.22.52.00   )))))))))))))))))))))))))))))))))))))))))
.
- 2009-04-09 07:49:11	40,128	----a-w	c:\windows\system32\perfc009.dat
+ 2009-04-10 04:07:25	40,128	----a-w	c:\windows\system32\perfc009.dat
- 2009-04-09 07:49:11	49,552	----a-w	c:\windows\system32\perfc019.dat
+ 2009-04-10 04:07:25	49,552	----a-w	c:\windows\system32\perfc019.dat
- 2009-04-09 07:49:11	311,740	----a-w	c:\windows\system32\perfh009.dat
+ 2009-04-10 04:07:25	311,740	----a-w	c:\windows\system32\perfh009.dat
- 2009-04-09 07:49:11	346,452	----a-w	c:\windows\system32\perfh019.dat
+ 2009-04-10 04:07:25	346,452	----a-w	c:\windows\system32\perfh019.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OutpostFeedBack"="c:\program files\Agnitum\Outpost Firewall\feedback.exe" [2007-01-23 335872]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"= c_810927.nls
"mixer2"= c_810927.nls
"midi2"= c_810927.nls
"midi1"= c_810927.nls
"wave2"= c_810927.nls
"aux2"= c_810927.nls
"mixer1"= c_810927.nls
"46810958"= 41303838443945392d443638362d343339372d394441322d443546334232464646463946
"46810947"= 7a5bbe42cfb658dad038cb25cdf6fe3323b9a2d911ed511dac2ef23c288709af60830e4b6fcd15c8a83499b1f9386f552c20ca945f8f0038830dae613d133ceffb4e5f3aafe250635f2df44bd08cb9ce44a4c932413f1742b7bc5310b38a477476a43080c623caf3e483de28cbbdf272a8047b39fc6b52a134dde2ad093d879adb0674381975577c32cf76c3ac6a3a3084849d02dac089a7e8a9dc9b972bfb7fefef45142f71fd0605eb87983db3b9332846eccacfdc9aa582b29a24495d199da60856fcdb8b2c6af8c6459be75aba8f849df86caa08a7cc2df72fef03412f67782d77780ebb0bce6e889cf089ff8954a60fa01af7a7f68f6b10a92ddcb845afaf47e4e987a0a918d21965fe604fdbf7d59f5dc1422c9796b53d5ec755492d5a333a9032b526d37c511b815792aaf84e8e468a6ca501e88d1ea38d06e59f4d864f707f60dbe4296da29612569efc31dd2fc0865778a0435d11e52432ea5608201f2e776efa2f8804c7e037fbbd8c81f30a90cecd73ba8d698df48c6a75346d36920c1faf45d03bdb925b5d1b73521b0e00
"46810977"= 333832333464623338323334646233383233346462
"46810957"= 333832333464623338323334646233383233346462
"wave1"= c_810927.nls

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^ ^^^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\ \\\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^ ^^^HP LaserJet Director.lnk]
path=c:\documents and settings\All Users\ \\\HP LaserJet Director.lnk
backup=c:\windows\pss\HP LaserJet Director.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^ ^^^  .lnk]
path=c:\documents and settings\All Users\ \\\  .lnk
backup=c:\windows\pss\  .lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^ ^^^  Canon LASER SHOT LBP-1120.LNK]
path=c:\documents and settings\All Users\ \\\  Canon LASER SHOT LBP-1120.LNK
backup=c:\windows\pss\  Canon LASER SHOT LBP-1120.LNKCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^^ ^^^QuickTV.lnk]
path=c:\documents and settings\\ \\\QuickTV.lnk
backup=c:\windows\pss\QuickTV.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAP3ON]
--a------ 2002-07-29 19:00 22528 c:\windows\system32\spool\drivers\w32x86\3\CAP3ONN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2006-03-02 16:00 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
-ra------ 2007-11-08 11:56 166424 c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP AutoIndexer]
--a------ 2002-04-22 12:57 90112 c:\program files\Hewlett-Packard\LaserJet 33xx\hppautoindexer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP SchedIndexer]
--a------ 2002-04-22 12:56 94208 c:\program files\Hewlett-Packard\LaserJet 33xx\hppschedindexer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
-ra------ 2007-11-08 11:56 141848 c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-08-17 16:17 1667584 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
-ra------ 2007-11-08 11:56 137752 c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-r------- 2005-05-03 14:43 69632 c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-r------- 2007-10-25 07:57 16855552 c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-r------- 2007-10-11 07:04 1826816 c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R1 uzi4mty3;AVZ-RK Kernel Driver;c:\windows\system32\drivers\uzi4mty3.sys [2009-04-08 11264]
R3 PhTVTune;Cap7134 TVTuner;c:\windows\system32\drivers\PhTVTune.sys [2008-07-17 25216]
S3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\drivers\l251x86.sys [2008-07-16 30720]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ya.ru/
IE:     FlashGet - d:\program files\FlashGet\jc_all.htm
IE:    FlashGet - d:\program files\FlashGet\jc_link.htm
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-10 11:39:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-04-10 11:40:45
ComboFix-quarantined-files.txt  2009-04-10 07:40:40
ComboFix2.txt  2009-04-10 07:30:45
ComboFix3.txt  2009-04-09 13:23:33

Pre-Run: 7300673536  
Post-Run: 7,295,500,288  

157