ComboFix 10-11-06.01 - Alexander 06.11.2010  21:16:57.3.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1251.7.1049.18.2046.1620 [GMT 3:00]
Running from: c:\soft\System\Antivirus\ComboFix\ComboFix.exe
.

(((((((((((((((((((((((((   Files Created from 2010-10-06 to 2010-11-06  )))))))))))))))))))))))))))))))
.

2010-11-04 10:47 . 2010-11-04 11:09	--------	d-----w-	c:\documents and settings\
2010-11-04 10:20 . 2009-10-22 09:54	37392	----a-w-	c:\windows\system32\drivers\89884952.sys
2010-11-04 10:20 . 2009-10-09 19:31	315408	----a-w-	c:\windows\system32\drivers\8988495.sys
2010-11-04 10:20 . 2009-09-25 13:59	128016	----a-w-	c:\windows\system32\drivers\89884951.sys
2010-11-02 03:41 . 2010-11-02 03:41	--------	d-----w-	c:\documents and settings\Alexander\Application Data\Malwarebytes
2010-11-02 03:41 . 2010-04-29 12:39	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-02 03:41 . 2010-11-02 03:41	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-11-02 03:41 . 2010-11-02 03:41	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes
2010-11-02 03:41 . 2010-04-29 12:39	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-10-24 18:01 . 2010-10-24 18:01	--------	d-----w-	c:\documents and settings\All Users\Application Data\vsosdk
2010-10-24 17:52 . 2010-10-24 19:20	--------	d-----w-	c:\documents and settings\Alexander\Application Data\Vso
2010-10-24 17:52 . 2010-10-24 17:52	47360	----a-w-	c:\windows\system32\drivers\pcouffin.sys
2010-10-24 17:52 . 2010-10-24 17:52	47360	----a-w-	c:\documents and settings\Alexander\Application Data\pcouffin.sys
2010-10-24 17:52 . 2007-03-18 17:37	65602	----a-w-	c:\windows\system32\cook3260.dll
2010-10-24 17:52 . 2006-09-29 09:26	176165	----a-w-	c:\windows\system32\drv23260.dll
2010-10-24 17:52 . 2006-09-29 09:25	208935	----a-w-	c:\windows\system32\drv33260.dll
2010-10-24 17:52 . 2006-09-29 09:24	217127	----a-w-	c:\windows\system32\drv43260.dll
2010-10-24 17:52 . 2006-05-11 16:21	626688	----a-w-	c:\windows\system32\vp7vfw.dll
2010-10-24 17:52 . 2006-05-20 13:16	1184984	----a-w-	c:\windows\system32\wvc1dmod.dll
2010-10-24 17:52 . 2004-05-04 08:53	1645320	----a-w-	c:\windows\gdiplus.dll
2010-10-24 17:52 . 2010-10-24 17:52	--------	d-----w-	c:\program files\VSO
2010-10-24 17:47 . 2001-10-19 17:06	5632	----a-w-	c:\windows\system32\ptpusb.dll
2010-10-24 17:47 . 2008-04-14 17:40	159232	----a-w-	c:\windows\system32\ptpusd.dll
2010-10-24 17:47 . 2008-04-13 20:15	15104	-c--a-w-	c:\windows\system32\dllcache\usbscan.sys
2010-10-24 17:47 . 2008-04-13 20:15	15104	----a-w-	c:\windows\system32\drivers\usbscan.sys
2010-10-23 10:36 . 2010-10-27 03:02	--------	d-----w-	c:\program files\Common Files\symbols
2010-10-10 19:48 . 2010-10-10 19:48	--------	d-----w-	c:\documents and settings\Alexander\Local Settings\Application Data\Help
2010-10-10 19:47 . 2010-10-10 19:47	--------	d-----w-	c:\program files\KOMPAS-3D LT 5.11
2010-10-10 19:47 . 1996-11-06 09:58	302592	----a-w-	c:\windows\unin0419.exe
2010-10-10 19:47 . 2010-10-10 19:47	--------	d-----w-	c:\documents and settings\Alexander\WINDOWS

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 10:23 . 2008-04-15 12:00	974848	----a-w-	c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2008-04-15 12:00	974848	----a-w-	c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2008-04-15 12:00	954368	----a-w-	c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2008-04-15 12:00	953856	----a-w-	c:\windows\system32\mfc40u.dll
2010-09-10 05:51 . 2008-04-15 12:00	916480	----a-w-	c:\windows\system32\wininet.dll
2010-09-10 05:51 . 2008-04-15 12:00	43520	----a-w-	c:\windows\system32\licmgr10.dll
2010-09-10 05:51 . 2008-04-15 12:00	1469440	----a-w-	c:\windows\system32\inetcpl.cpl
2010-09-04 09:44 . 2010-09-04 09:44	1466	----a-w-	c:\windows\system32\setacl.bat
2010-09-04 08:58 . 2010-09-04 08:58	54784	----a-w-	c:\windows\system32\drivers\CDAC11BA.EXE
2010-09-04 08:58 . 2010-09-04 08:58	12464	----a-w-	c:\windows\system32\drivers\CDAC15BA.SYS
2010-09-01 11:52 . 2008-04-15 12:00	285824	----a-w-	c:\windows\system32\atmfd.dll
2010-09-01 07:57 . 2008-04-15 12:00	1852928	----a-w-	c:\windows\system32\win32k.sys
2010-08-27 08:03 . 2008-04-15 12:00	119808	----a-w-	c:\windows\system32\t2embed.dll
2010-08-27 05:54 . 2008-04-15 12:00	99840	----a-w-	c:\windows\system32\srvsvc.dll
2010-08-27 01:43 . 2008-05-05 03:25	5120	----a-w-	c:\windows\system32\xpsp4res.dll
2010-08-26 13:39 . 2008-04-15 12:00	357248	----a-w-	c:\windows\system32\drivers\srv.sys
2010-08-23 16:12 . 2008-04-15 12:00	617472	----a-w-	c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2008-04-15 12:00	58880	----a-w-	c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2008-04-15 12:00	590848	----a-w-	c:\windows\system32\rpcrt4.dll
.

------- Sigcheck -------

[-] 2010-07-18 . F5E8B729CE74757A6635FED21614DE50 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((   SnapShot@2010-11-04_15.43.50   )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-06 18:06 . 2010-11-06 18:06	16384              c:\windows\temp\Perflib_Perfdata_270.dat
+ 2010-11-06 18:04 . 2010-11-06 18:04	262144              c:\windows\system32\config\systemprofile\NtUser.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Alexander\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-07-18 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-22 13508608]
"nwiz"="nwiz.exe" [2008-02-22 1626112]
"NVHotkey"="nvHotkey.dll" [2008-02-22 86016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-02-22 86016]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-10 16861184]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-12-06 202032]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"pdfFactory Pro Dispatcher v3"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" [2009-09-02 606208]
"TomcatStartup 2.5"="c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-11-12 245760]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

c:\documents and settings\Alexander\ \ணࠬ\⮧㧪\
Create virtual drive for Denwer.lnk - c:\webservers\denwer\Boot.exe [2010-10-6 6656]
setup_9.0.0.722_03.11.2010_22-11.lnk - c:\documents and settings\Alexander\稩 ⮫\Virus Removal Tool\setup_9.0.0.722_03.11.2010_22-11\startup.exe [2010-11-4 72208]

c:\documents and settings\All Users\ \ணࠬ\⮧㧪\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-12 581693]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2008-08-11 04:31	1124352	----a-w-	c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomcatStartup 2.5]
2004-11-12 16:57	245760	----a-w-	c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\UGS\\NX 6.0\\UGII\\ugraf.exe"=
"c:\\Documents and Settings\\Alexander\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Documents and Settings\\Alexander\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WebServers\\usr\\local\\apache\\bin\\httpd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"10240:TCP"= 10240:TCP

R0 89884952;89884952 Boot Guard Driver;c:\windows\system32\drivers\89884952.sys [04.11.2010 13:20 37392]
R1 89884951;89884951;c:\windows\system32\drivers\89884951.sys [04.11.2010 13:20 128016]
R1 setup_9.0.0.722_03.11.2010_22-11drv;setup_9.0.0.722_03.11.2010_22-11drv;c:\windows\system32\drivers\8988495.sys [04.11.2010 13:20 315408]
R2 UGS License Server (ugslmd);UGS License Server (ugslmd);c:\program files\UGS\UGSLicensing\lmgrd.exe [22.04.2008 17:37 1372160]
S2 gupdate; Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [18.07.2010 21:38 136176]
S3 gtstusbser;Option210 USB Device for Legacy Serial Communication;c:\windows\system32\drivers\gtstusbser.sys [07.09.2010 23:11 103552]
.
Contents of the 'Scheduled Tasks' folder

2010-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-18 18:37]

2010-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-18 18:37]

2010-11-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-287218729-1417001333-1003Core.job
- c:\documents and settings\Alexander\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-08 18:37]

2010-11-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-287218729-1417001333-1003UA.job
- c:\documents and settings\Alexander\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-08 18:37]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = <local>
IE: &  Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE:     Download Master - c:\program files\Download Master\dmieall.htm
IE:    Download Master - c:\program files\Download Master\dmie.htm
IE:   &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE:     DM - c:\program files\Download Master\remdown.htm
TCP: {1D0F75C0-6F17-431B-9C93-F93345518C6F} = 195.226.220.30,195.226.220.31
TCP: {56800E73-8F0D-4184-AD0C-57F7DBE8BFE6} = 195.226.220.30,195.226.220.31
TCP: {682D9081-48F0-4374-8D89-D9CB7BD7A788} = 195.226.220.30,195.226.220.31
TCP: {794C5CBD-0C4E-4406-B544-F0376A9F8640} = 195.226.220.30,195.226.220.31
TCP: {88BB46A4-7594-425D-816B-D7F8AAD871EF} = 195.226.220.30,195.226.220.31
TCP: {937DD1C8-C4BF-4E63-8877-952220030152} = 195.226.220.30,195.226.220.31
TCP: {96677C64-2BAE-4D02-A098-3FEC924F70CB} = 195.226.220.30,195.226.220.31
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-06 21:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3968)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2010-11-06  21:23:53
ComboFix-quarantined-files.txt  2010-11-06 18:23

Pre-Run: 39857004544  
Post-Run: 39853113344  

- - End Of File - - 6FBBBBE3581E9B46FC0E183464B8E7D8
