Well according to Spybot Search and Destroy I have a virtumonde Virus as well as a PWS... virus which uses my internet in the background and opens pathways to download other viruses (a trojan horse i believe)
from reading other people who have similar infections I believe you need a combo fix log...i downloaded combofix and here's my log, any help would be greatly appreciated.
ComboFix 08-06-20.4 - Sothea Chhay 2008-06-23 11:37:16.1 - NTFSx86
Running from: C:\Documents and Settings\Sothea Chhay\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\d.exe
C:\Documents and Settings\Sothea Chhay\Application Data\inst.exe
C:\WINDOWS\install.exe
C:\WINDOWS\mrofinu1535.exe
C:\WINDOWS\system32\clbdll.dll
C:\WINDOWS\system32\drivers\clbdriver.sys
C:\WINDOWS\system32\drivers\Dkq52.sys
C:\WINDOWS\system32\gMSBJRqr.ini
C:\WINDOWS\system32\gMSBJRqr.ini2
C:\WINDOWS\system32\UEgMoUvw.ini
C:\WINDOWS\system32\UEgMoUvw.ini2
C:\WINDOWS\system32\wvUlllIA.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_DKQ52
-------\Legacy_TCPSR
-------\Service_Dkq52
((((((((((((((((((((((((( Files Created from 2008-05-23 to 2008-06-23 )))))))))))))))))))))))))))))))
.
2008-06-23 10:03 . 2008-06-23 10:03 285,696 --a------ C:\WINDOWS\system32\rqRJBSMg.dll_old
2008-06-23 09:54 . 2008-06-23 11:36 269 --a------ C:\WINDOWS\wininit.ini
2008-06-23 09:36 . 2008-06-23 09:46 15,505 ---h----- C:\Documents and Settings\LocalService\csrssc.exe
2008-06-22 19:17 . 2008-06-22 19:17 705 --a------ C:\d1.exe
2008-06-22 19:16 . 2008-06-23 11:40 63,920 --a------ C:\WINDOWS\system32\drivers\fa4d185b.sys
2008-06-22 19:16 . 2008-06-22 19:16 10,000 --a------ C:\WINDOWS\system32\jfiehayd.dll
2008-06-22 15:20 . 2008-06-22 15:20 <DIR> d-------- C:\Program Files\PCSecurityShield
2008-06-21 23:28 . 2008-06-22 19:16 5,120 --a------ C:\jgkpt.exe
2008-06-21 23:23 . 2008-06-23 11:40 62,384 --a------ C:\WINDOWS\system32\pqasghjd.sys
2008-06-21 23:23 . 2008-06-21 23:29 10,240 --a------ C:\WINDOWS\system32\drivers\beep.sys
2008-06-21 23:23 . 2008-06-21 23:25 10,240 --a------ C:\WINDOWS\system32\beep.sys
2008-06-21 23:23 . 2008-06-22 19:16 2 --a------ C:\542234690
2008-06-21 23:09 . 2008-06-21 23:09 13,824 --a------ C:\WINDOWS\system32\ini.dll
2008-06-21 22:55 . 2008-06-21 22:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2008-06-21 05:30 . 2008-06-23 11:15 <DIR> d-------- C:\Program Files\Steam
2008-06-15 08:54 . 2008-06-15 08:54 <DIR> d-------- C:\WINDOWS\Flipper
2008-06-15 08:54 . 1999-04-23 14:22 385,024 --a------ C:\WINDOWS\system32\vbar332.dll
2008-06-15 08:54 . 1999-04-23 14:22 90,112 --a------ C:\WINDOWS\system32\Vb5db.dll
2008-06-15 08:51 . 2008-06-15 08:51 <DIR> d-------- C:\Documents and Settings\Sothea Chhay\WINDOWS
2008-06-15 08:51 . 2000-12-13 15:47 1,046,288 --a------ C:\WINDOWS\system32\msjet35.dll
2008-06-15 08:51 . 1997-06-23 09:06 407,312 --a------ C:\WINDOWS\system32\msrepl35.dll
2008-06-15 08:51 . 1998-02-11 10:58 368,400 --a------ C:\WINDOWS\system32\msrdo20.dll
2008-06-15 08:51 . 1998-04-27 15:09 269,312 --a------ C:\WINDOWS\uninst.exe
2008-06-15 08:51 . 1997-06-23 09:06 252,176 --a------ C:\WINDOWS\system32\msrd2x35.dll
2008-06-15 08:51 . 2000-12-13 15:47 123,664 --a------ C:\WINDOWS\system32\msjint35.dll
2008-06-15 08:51 . 1998-02-11 10:58 93,456 --a------ C:\WINDOWS\system32\rdocurs.dll
2008-06-15 08:51 . 2008-06-15 08:51 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-15 08:51 . 1997-06-23 09:06 24,848 --a------ C:\WINDOWS\system32\msjter35.dll
2008-06-15 08:51 . 2008-06-15 08:51 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-04 09:50 . 2008-06-04 09:50 <DIR> d-------- C:\Program Files\Creative
2008-06-04 09:50 . 2008-06-04 09:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Creative
2008-06-04 09:50 . 2000-05-22 16:58 647,872 --a------ C:\WINDOWS\system32\Mscomct2.ocx
2008-06-04 09:50 . 2006-10-06 14:17 53,248 --------- C:\WINDOWS\Ctregrun.exe
2008-06-04 09:50 . 1999-12-13 09:01 44,032 --a------ C:\WINDOWS\system32\CTSVCCDA.EXE
2008-06-04 09:50 . 1999-11-18 09:00 25,088 --a------ C:\WINDOWS\system32\CTSVCCTL.EXE
2008-06-03 22:43 . 2008-06-03 22:44 737,280 --a------ C:\WINDOWS\iun6002.exe
2008-06-03 15:43 . 2008-06-03 16:36 560 --a------ C:\WINDOWS\stbce.INI
2008-06-03 09:08 . 2008-06-03 09:08 335 --a------ C:\WINDOWS\mozregistry.dat
2008-06-01 15:11 . 2008-06-01 15:11 <DIR> d-------- C:\Program Files\Common Files\BioWare
2008-06-01 11:46 . 2008-06-01 11:46 <DIR> d-------- C:\Documents and Settings\Sothea Chhay\Application Data\Gearbox Software
2008-05-31 20:25 . 2008-05-24 13:26 651,264 --a------ C:\WINDOWS\system32\drivers\ext2fsd.sys
2008-05-31 20:18 . 2007-12-27 23:47 210,432 --a------ C:\WINDOWS\system32\ifsdrives.dll
2008-05-31 20:18 . 2008-01-20 17:53 179,584 --a------ C:\WINDOWS\system32\drivers\ext2fs.sys
2008-05-31 20:18 . 2007-12-16 17:27 74,752 --a------ C:\WINDOWS\system32\ifsdrives.cpl
2008-05-31 20:18 . 2007-12-29 19:48 49,536 --a------ C:\WINDOWS\system32\drivers\ifsmount.sys
2008-05-31 20:08 . 2008-06-01 15:22 <DIR> d-------- C:\Games
2008-05-31 17:19 . 2008-06-17 09:15 <DIR> d-------- C:\Documents and Settings\Sothea Chhay\Application Data\VideoReDo-TVSuite
2008-05-31 16:56 . 2000-05-22 22:58 608,448 --a------ C:\WINDOWS\system32\comctl32.ocx
2008-05-31 14:38 . 2008-05-31 14:38 <DIR> d-------- C:\Documents and Settings\Sothea Chhay\Application Data\Thinstall
2008-05-24 17:09 . 2008-06-02 07:55 <DIR> d-------- C:\Program Files\Quicken
2008-05-24 17:09 . 2008-05-24 17:09 <DIR> d-------- C:\Documents and Settings\Sothea Chhay\Application Data\Intuit
2008-05-24 16:57 . 2008-05-24 16:57 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
2008-05-24 16:53 . 2008-05-24 16:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Intuit
2008-05-24 12:40 . 2008-05-24 12:40 <DIR> d-------- C:\Program Files\Common Files\Palo Alto Software
2008-05-24 12:40 . 2008-05-24 12:40 <DIR> d-------- C:\Program Files\Common Files\Intuit
2008-05-24 12:40 . 2008-05-24 17:13 <DIR> d-------- C:\Program Files\Common Files\AnswerWorks 5.0
2008-05-24 12:40 . 2008-05-24 17:13 188 --a------ C:\WINDOWS\QUICKEN.INI
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-22 23:21 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-06-22 23:20 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-06-22 21:12 90,112 ----a-w C:\WINDOWS\DUMPd188.tmp
2008-06-22 21:10 --------- d-----w C:\Documents and Settings\Sothea Chhay\Application Data\uTorrent
2008-06-22 03:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-17 12:56 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-13 17:40 --------- d-----w C:\Documents and Settings\Sothea Chhay\Application Data\dvdcss
2008-06-04 22:16 507,392 ----a-w C:\WINDOWS\system32\AutoPartNt.exe
2008-06-04 19:38 90,112 ----a-w C:\WINDOWS\DUMP5b00.tmp
2008-05-24 20:57 --------- d-----w C:\Program Files\MSECACHE
2008-05-17 23:41 37,888 ----a-w C:\WINDOWS\system32\setupnt.dll
2008-05-17 23:41 --------- d-----w C:\Program Files\Acronis
2008-05-04 16:57 --------- d-----w C:\Documents and Settings\Sothea Chhay\Application Data\Locktime
2008-05-04 16:53 --------- d-----w C:\Program Files\NetLimiter 2 Pro
2008-05-04 16:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Locktime
2008-04-29 13:17 --------- d-----w C:\Documents and Settings\Sothea Chhay\Application Data\Winamp
2008-04-28 16:24 --------- d-----w C:\Program Files\Xilisoft
2008-04-26 17:41 45,942,912 ----a-w C:\169.21_forceware_winxp_32bit_english_whql.exe
2008-02-07 19:14 47,360 ----a-w C:\Documents and Settings\Sothea Chhay\Application Data\pcouffin.sys
2008-02-03 10:36 22,328 ----a-w C:\Documents and Settings\Sothea Chhay\Application Data\PnkBstrK.sys
2008-02-03 09:57 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
2008-02-03 09:57 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
2008-02-03 09:57 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008020320080204\index.dat
2008-02-03 09:57 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3858bf6e-6600-40bd-9466-2e3983ef9685}]
C:\WINDOWS\system32\wvUoMgEU.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f22654d8-4bea-4264-bb78-2e68c5c74add}]
C:\WINDOWS\system32\rqRJBSMg.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-12-01 01:26 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"QuickenScheduledUpdates"="C:\Program Files\Quicken\bagent.exe" [2008-01-11 15:12 87328]
"CTZDetec.exe"="C:\Sok\Creative Media Lite\CTZDetec.exe" [2007-12-18 14:20 401408]
"Steam"="c:\program files\steam\steam.exe" [2008-06-21 05:30 1271032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-04-30 22:07 843776]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 12:06 77824]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"OODefragTray"="C:\WINDOWS\system32\oodtray.exe" [2007-05-11 03:08 2512392]
"OSSelectorReinstall"="C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [2007-02-22 20:53 2209224]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2007-09-20 00:58 124928 C:\WINDOWS\system32\advpack.dll]
"ShowDeskFix"="regsvr32" []
C:\Documents and Settings\Sothea Chhay\Start Menu\Programs\Startup\
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2/4/2008 6:40:01 PM 557568]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-57989841-602609370-725345543-1001\Scripts\Logoff\0\0]
"Script"=C:\clean.bat
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\disk1\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\Bowflex.EXE
.
Contents of the 'Scheduled Tasks' folder
"2008-02-03 09:06:34 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2008-06-22 02:51:41 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Sok\RegCure 1.5.0.0 + Crack\RegCure\RegCure.exe
"2008-06-22 02:51:41 C:\WINDOWS\Tasks\RegCure.job"
- C:\Sok\RegCure 1.5.0.0 + Crack\RegCure\RegCure.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-23 11:40:50
Windows 5.1.2600 Service Pack 3, v.3264 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\locator.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\NetLimiter 2 Pro\NLClient.exe
.
**************************************************************************
.
Completion time: 2008-06-23 11:41:51 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-23 15:41:48
Pre-Run: 356,316,151,808 bytes free
Post-Run: 356,380,639,232 bytes free
218
from reading other people who have similar infections I believe you need a combo fix log...i downloaded combofix and here's my log, any help would be greatly appreciated.
ComboFix 08-06-20.4 - Sothea Chhay 2008-06-23 11:37:16.1 - NTFSx86
Running from: C:\Documents and Settings\Sothea Chhay\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\d.exe
C:\Documents and Settings\Sothea Chhay\Application Data\inst.exe
C:\WINDOWS\install.exe
C:\WINDOWS\mrofinu1535.exe
C:\WINDOWS\system32\clbdll.dll
C:\WINDOWS\system32\drivers\clbdriver.sys
C:\WINDOWS\system32\drivers\Dkq52.sys
C:\WINDOWS\system32\gMSBJRqr.ini
C:\WINDOWS\system32\gMSBJRqr.ini2
C:\WINDOWS\system32\UEgMoUvw.ini
C:\WINDOWS\system32\UEgMoUvw.ini2
C:\WINDOWS\system32\wvUlllIA.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_DKQ52
-------\Legacy_TCPSR
-------\Service_Dkq52
((((((((((((((((((((((((( Files Created from 2008-05-23 to 2008-06-23 )))))))))))))))))))))))))))))))
.
2008-06-23 10:03 . 2008-06-23 10:03 285,696 --a------ C:\WINDOWS\system32\rqRJBSMg.dll_old
2008-06-23 09:54 . 2008-06-23 11:36 269 --a------ C:\WINDOWS\wininit.ini
2008-06-23 09:36 . 2008-06-23 09:46 15,505 ---h----- C:\Documents and Settings\LocalService\csrssc.exe
2008-06-22 19:17 . 2008-06-22 19:17 705 --a------ C:\d1.exe
2008-06-22 19:16 . 2008-06-23 11:40 63,920 --a------ C:\WINDOWS\system32\drivers\fa4d185b.sys
2008-06-22 19:16 . 2008-06-22 19:16 10,000 --a------ C:\WINDOWS\system32\jfiehayd.dll
2008-06-22 15:20 . 2008-06-22 15:20 <DIR> d-------- C:\Program Files\PCSecurityShield
2008-06-21 23:28 . 2008-06-22 19:16 5,120 --a------ C:\jgkpt.exe
2008-06-21 23:23 . 2008-06-23 11:40 62,384 --a------ C:\WINDOWS\system32\pqasghjd.sys
2008-06-21 23:23 . 2008-06-21 23:29 10,240 --a------ C:\WINDOWS\system32\drivers\beep.sys
2008-06-21 23:23 . 2008-06-21 23:25 10,240 --a------ C:\WINDOWS\system32\beep.sys
2008-06-21 23:23 . 2008-06-22 19:16 2 --a------ C:\542234690
2008-06-21 23:09 . 2008-06-21 23:09 13,824 --a------ C:\WINDOWS\system32\ini.dll
2008-06-21 22:55 . 2008-06-21 22:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2008-06-21 05:30 . 2008-06-23 11:15 <DIR> d-------- C:\Program Files\Steam
2008-06-15 08:54 . 2008-06-15 08:54 <DIR> d-------- C:\WINDOWS\Flipper
2008-06-15 08:54 . 1999-04-23 14:22 385,024 --a------ C:\WINDOWS\system32\vbar332.dll
2008-06-15 08:54 . 1999-04-23 14:22 90,112 --a------ C:\WINDOWS\system32\Vb5db.dll
2008-06-15 08:51 . 2008-06-15 08:51 <DIR> d-------- C:\Documents and Settings\Sothea Chhay\WINDOWS
2008-06-15 08:51 . 2000-12-13 15:47 1,046,288 --a------ C:\WINDOWS\system32\msjet35.dll
2008-06-15 08:51 . 1997-06-23 09:06 407,312 --a------ C:\WINDOWS\system32\msrepl35.dll
2008-06-15 08:51 . 1998-02-11 10:58 368,400 --a------ C:\WINDOWS\system32\msrdo20.dll
2008-06-15 08:51 . 1998-04-27 15:09 269,312 --a------ C:\WINDOWS\uninst.exe
2008-06-15 08:51 . 1997-06-23 09:06 252,176 --a------ C:\WINDOWS\system32\msrd2x35.dll
2008-06-15 08:51 . 2000-12-13 15:47 123,664 --a------ C:\WINDOWS\system32\msjint35.dll
2008-06-15 08:51 . 1998-02-11 10:58 93,456 --a------ C:\WINDOWS\system32\rdocurs.dll
2008-06-15 08:51 . 2008-06-15 08:51 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-15 08:51 . 1997-06-23 09:06 24,848 --a------ C:\WINDOWS\system32\msjter35.dll
2008-06-15 08:51 . 2008-06-15 08:51 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-04 09:50 . 2008-06-04 09:50 <DIR> d-------- C:\Program Files\Creative
2008-06-04 09:50 . 2008-06-04 09:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Creative
2008-06-04 09:50 . 2000-05-22 16:58 647,872 --a------ C:\WINDOWS\system32\Mscomct2.ocx
2008-06-04 09:50 . 2006-10-06 14:17 53,248 --------- C:\WINDOWS\Ctregrun.exe
2008-06-04 09:50 . 1999-12-13 09:01 44,032 --a------ C:\WINDOWS\system32\CTSVCCDA.EXE
2008-06-04 09:50 . 1999-11-18 09:00 25,088 --a------ C:\WINDOWS\system32\CTSVCCTL.EXE
2008-06-03 22:43 . 2008-06-03 22:44 737,280 --a------ C:\WINDOWS\iun6002.exe
2008-06-03 15:43 . 2008-06-03 16:36 560 --a------ C:\WINDOWS\stbce.INI
2008-06-03 09:08 . 2008-06-03 09:08 335 --a------ C:\WINDOWS\mozregistry.dat
2008-06-01 15:11 . 2008-06-01 15:11 <DIR> d-------- C:\Program Files\Common Files\BioWare
2008-06-01 11:46 . 2008-06-01 11:46 <DIR> d-------- C:\Documents and Settings\Sothea Chhay\Application Data\Gearbox Software
2008-05-31 20:25 . 2008-05-24 13:26 651,264 --a------ C:\WINDOWS\system32\drivers\ext2fsd.sys
2008-05-31 20:18 . 2007-12-27 23:47 210,432 --a------ C:\WINDOWS\system32\ifsdrives.dll
2008-05-31 20:18 . 2008-01-20 17:53 179,584 --a------ C:\WINDOWS\system32\drivers\ext2fs.sys
2008-05-31 20:18 . 2007-12-16 17:27 74,752 --a------ C:\WINDOWS\system32\ifsdrives.cpl
2008-05-31 20:18 . 2007-12-29 19:48 49,536 --a------ C:\WINDOWS\system32\drivers\ifsmount.sys
2008-05-31 20:08 . 2008-06-01 15:22 <DIR> d-------- C:\Games
2008-05-31 17:19 . 2008-06-17 09:15 <DIR> d-------- C:\Documents and Settings\Sothea Chhay\Application Data\VideoReDo-TVSuite
2008-05-31 16:56 . 2000-05-22 22:58 608,448 --a------ C:\WINDOWS\system32\comctl32.ocx
2008-05-31 14:38 . 2008-05-31 14:38 <DIR> d-------- C:\Documents and Settings\Sothea Chhay\Application Data\Thinstall
2008-05-24 17:09 . 2008-06-02 07:55 <DIR> d-------- C:\Program Files\Quicken
2008-05-24 17:09 . 2008-05-24 17:09 <DIR> d-------- C:\Documents and Settings\Sothea Chhay\Application Data\Intuit
2008-05-24 16:57 . 2008-05-24 16:57 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
2008-05-24 16:53 . 2008-05-24 16:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Intuit
2008-05-24 12:40 . 2008-05-24 12:40 <DIR> d-------- C:\Program Files\Common Files\Palo Alto Software
2008-05-24 12:40 . 2008-05-24 12:40 <DIR> d-------- C:\Program Files\Common Files\Intuit
2008-05-24 12:40 . 2008-05-24 17:13 <DIR> d-------- C:\Program Files\Common Files\AnswerWorks 5.0
2008-05-24 12:40 . 2008-05-24 17:13 188 --a------ C:\WINDOWS\QUICKEN.INI
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-22 23:21 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-06-22 23:20 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-06-22 21:12 90,112 ----a-w C:\WINDOWS\DUMPd188.tmp
2008-06-22 21:10 --------- d-----w C:\Documents and Settings\Sothea Chhay\Application Data\uTorrent
2008-06-22 03:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-17 12:56 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-13 17:40 --------- d-----w C:\Documents and Settings\Sothea Chhay\Application Data\dvdcss
2008-06-04 22:16 507,392 ----a-w C:\WINDOWS\system32\AutoPartNt.exe
2008-06-04 19:38 90,112 ----a-w C:\WINDOWS\DUMP5b00.tmp
2008-05-24 20:57 --------- d-----w C:\Program Files\MSECACHE
2008-05-17 23:41 37,888 ----a-w C:\WINDOWS\system32\setupnt.dll
2008-05-17 23:41 --------- d-----w C:\Program Files\Acronis
2008-05-04 16:57 --------- d-----w C:\Documents and Settings\Sothea Chhay\Application Data\Locktime
2008-05-04 16:53 --------- d-----w C:\Program Files\NetLimiter 2 Pro
2008-05-04 16:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Locktime
2008-04-29 13:17 --------- d-----w C:\Documents and Settings\Sothea Chhay\Application Data\Winamp
2008-04-28 16:24 --------- d-----w C:\Program Files\Xilisoft
2008-04-26 17:41 45,942,912 ----a-w C:\169.21_forceware_winxp_32bit_english_whql.exe
2008-02-07 19:14 47,360 ----a-w C:\Documents and Settings\Sothea Chhay\Application Data\pcouffin.sys
2008-02-03 10:36 22,328 ----a-w C:\Documents and Settings\Sothea Chhay\Application Data\PnkBstrK.sys
2008-02-03 09:57 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
2008-02-03 09:57 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
2008-02-03 09:57 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008020320080204\index.dat
2008-02-03 09:57 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3858bf6e-6600-40bd-9466-2e3983ef9685}]
C:\WINDOWS\system32\wvUoMgEU.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f22654d8-4bea-4264-bb78-2e68c5c74add}]
C:\WINDOWS\system32\rqRJBSMg.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-12-01 01:26 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"QuickenScheduledUpdates"="C:\Program Files\Quicken\bagent.exe" [2008-01-11 15:12 87328]
"CTZDetec.exe"="C:\Sok\Creative Media Lite\CTZDetec.exe" [2007-12-18 14:20 401408]
"Steam"="c:\program files\steam\steam.exe" [2008-06-21 05:30 1271032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-04-30 22:07 843776]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 12:06 77824]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"OODefragTray"="C:\WINDOWS\system32\oodtray.exe" [2007-05-11 03:08 2512392]
"OSSelectorReinstall"="C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [2007-02-22 20:53 2209224]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2007-09-20 00:58 124928 C:\WINDOWS\system32\advpack.dll]
"ShowDeskFix"="regsvr32" []
C:\Documents and Settings\Sothea Chhay\Start Menu\Programs\Startup\
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2/4/2008 6:40:01 PM 557568]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-57989841-602609370-725345543-1001\Scripts\Logoff\0\0]
"Script"=C:\clean.bat
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\disk1\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\Bowflex.EXE
.
Contents of the 'Scheduled Tasks' folder
"2008-02-03 09:06:34 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2008-06-22 02:51:41 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Sok\RegCure 1.5.0.0 + Crack\RegCure\RegCure.exe
"2008-06-22 02:51:41 C:\WINDOWS\Tasks\RegCure.job"
- C:\Sok\RegCure 1.5.0.0 + Crack\RegCure\RegCure.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-23 11:40:50
Windows 5.1.2600 Service Pack 3, v.3264 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\locator.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\NetLimiter 2 Pro\NLClient.exe
.
**************************************************************************
.
Completion time: 2008-06-23 11:41:51 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-23 15:41:48
Pre-Run: 356,316,151,808 bytes free
Post-Run: 356,380,639,232 bytes free
218