heres the combofix log...
ComboFix 09-06-05.03 - Administrator 06/05/2009 16:24.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3070.2660 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Windows Live\Messenger\msnmsgr.exe
c:\windows\system32\Drivers\sptd.sys
I:\Desktop.ini
c:\windows\system32\proquota.exe . . . is infected!!
.
((((((((((((((((((((((((( Files Created from 2009-05-05 to 2009-06-05 )))))))))))))))))))))))))))))))
.
2009-06-05 21:16 . 2009-05-26 18:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-05 21:16 . 2009-06-05 21:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-05 21:16 . 2009-05-26 18:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-28 20:23 . 2009-05-28 20:23 -------- d-----w- c:\documents and settings\Administrator\Application Data\KALiNKOsoft
2009-05-28 20:21 . 1998-06-18 05:00 89360 ----a-w- c:\windows\system32\VB5DB.DLL
2009-05-28 20:21 . 2009-05-28 20:23 119296 ----a-w- c:\windows\system32\zlib.dll
2009-05-28 20:21 . 2008-01-14 00:59 36864 ----a-w- c:\windows\system32\dxinputdll.dll
2009-05-28 20:21 . 2008-01-13 21:36 91632 ----a-w- c:\windows\system32\dsofile.dll
2009-05-28 20:21 . 2003-01-26 18:41 40960 ----a-w- c:\windows\system32\SSubTmr6.dll
2009-05-28 20:21 . 1999-05-17 18:55 57344 ------w- c:\windows\system32\ADsSecurity.dll
2009-05-28 20:07 . 2007-06-01 00:30 266088 ----a-w- c:\windows\system32\xactengine2_8.dll
2009-05-28 20:07 . 2007-06-01 00:29 18280 ----a-w- c:\windows\system32\x3daudio1_2.dll
2009-05-28 20:07 . 2007-05-16 21:45 443752 ----a-w- c:\windows\system32\d3dx10_34.dll
2009-05-28 20:07 . 2007-05-16 21:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
2009-05-28 20:07 . 2007-05-16 21:45 1124720 ----a-w- c:\windows\system32\D3DCompiler_34.dll
2009-05-28 20:07 . 2007-04-04 23:55 261480 ----a-w- c:\windows\system32\xactengine2_7.dll
2009-05-28 20:07 . 2007-03-15 21:57 443752 ----a-w- c:\windows\system32\d3dx10_33.dll
2009-05-28 20:07 . 2007-03-12 21:42 1123696 ----a-w- c:\windows\system32\D3DCompiler_33.dll
2009-05-28 20:07 . 2007-03-12 21:42 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
2009-05-28 20:07 . 2007-01-24 20:27 255848 ----a-w- c:\windows\system32\xactengine2_6.dll
2009-05-28 20:06 . 2009-05-28 20:40 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-05-28 20:06 . 2009-05-28 20:06 22328 ----a-w- c:\documents and settings\Administrator\Application Data\PnkBstrK.sys
2009-05-28 20:06 . 2009-05-28 20:40 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-05-28 20:06 . 2009-05-28 20:08 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-05-28 19:57 . 2009-05-28 19:57 -------- d-----w- c:\program files\Activision
2009-05-28 19:56 . 2009-05-28 19:56 -------- d-sh--w- c:\windows\ftpcache
2009-05-09 00:39 . 2009-06-05 21:22 -------- d-----w- c:\documents and settings\Administrator\Tracing
2009-05-09 00:39 . 2009-05-09 00:39 -------- d-----w- c:\program files\Microsoft
2009-05-09 00:38 . 2009-05-09 00:38 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-05-09 00:38 . 2009-05-09 00:39 -------- d-----w- c:\program files\Windows Live
2009-05-09 00:37 . 2009-05-09 00:37 -------- d-----w- c:\program files\Common Files\Windows Live
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-05 21:13 . 2008-11-30 22:26 34 ----a-w- c:\documents and settings\Administrator\jagex_runescape_preferences.dat
2009-05-28 20:21 . 2008-11-29 05:54 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-25 20:41 . 2009-01-16 20:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent
2009-05-18 15:01 . 2008-12-21 23:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\LimeWire
2009-05-17 22:04 . 2009-03-01 23:29 -------- d-----w- c:\program files\LimeWire
2009-05-09 00:39 . 2008-12-21 22:57 51224 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-27 00:03 . 2008-11-29 04:14 -------- d-----w- c:\program files\Java
2009-04-27 00:03 . 2009-04-27 00:02 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-12 02:01 . 2008-12-21 20:49 -------- d-----w- c:\program files\Common Files\AOL
2009-04-12 01:51 . 2009-01-20 00:53 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2009-03-27 20:46 . 2009-03-27 20:46 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-03-23 02:20 . 2009-03-23 02:20 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_12\lzma.dll
2009-03-09 10:19 . 2008-12-12 18:52 410984 ----a-w- c:\windows\system32\deploytk.dll
.
------- Sigcheck -------
[-] 2006-12-18 19:04 577024 1800F293BCCC8EDE8A70E12B88D80036 c:\windows\system32\user32.dll
[-] 2006-12-18 19:04 664576 231EF4179ACABE486376B5CA893F1076 c:\windows\system32\wininet.dll
[-] 2006-12-30 09:26 360576 504C18ABFB3E6B0B8CACBE0BA3A5C63A c:\windows\system32\drivers\tcpip.sys
[-] 2006-12-18 19:04 2015232 2B6DCEB39E160AA37B141E59C81B2427 c:\windows\system32\ntkrnlpa.exe
[-] 2006-12-18 19:04 2135552 34CABA7B91DD6A9208A5A612F87D05A6 c:\windows\system32\ntoskrnl.exe
[-] 2004-08-04 10:00 949760 9BE29C2873DF44DD301EC57EEE9A6440 c:\windows\explorer.exe
[7] 2004-08-04 10:00 1032192 A0732187050030AE399B241436565E64 c:\windows\XPize\Backup\explorer.exe
[-] 2004-08-04 10:00 30208 DE8FA9CF18F95341079C7E6A215C226A c:\windows\system32\ctfmon.exe
[7] 2004-08-04 10:00 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\XPize\Backup\ctfmon.exe
[-] 2006-12-18 19:04 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows\system32\spoolsv.exe
[-] 2006-12-18 19:03 985088 0FDD84928A5DDE2510761B7EC76CCEC9 c:\windows\system32\kernel32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 30208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"VX3000"="c:\windows\vVX3000.exe" [2007-04-10 709992]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"UVS10 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe" [2006-08-09 36864]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-12-05 1626112]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-11-07 17421824]
"StandardKeyboard"="KBDaemonA.exe" - c:\windows\system32\KBDaemonA.exe [2004-11-26 57344]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2006-12-18 12451]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2004-08-04 99840]
"_nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2004-08-04 99840]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):58,50,69,7a,65,5f,4c,6f,67,6f,6e,2e,65,78,65,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.sys
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
S3 KBNTXP;Standard PS/2 Multi-Keyboard Filter Driver for WinXp;c:\windows\system32\drivers\KBNTXP.sys [3/30/2009 9:01 AM 7296]
NETSVCS REQUIRES REPAIRS - current entries shown
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Netman
Nla
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
Schedule
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
Themes
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
xmlprov
BITS
ShellHWDetection
helpsvc
wuauserv
WmdmPmSN
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
Contents of the 'Scheduled Tasks' folder
2008-12-25 c:\windows\Tasks\Microsoft_Hardware_Launch_setup_exe.job
- E:\setup.exe [2007-10-04 07:45]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-MsnMsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
SafeBoot-procexp90.Sys
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.windowsue.com/
uLocal Page = \blank.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\e9n3ee1n.default\
FF - plugin: c:\mozilla firefox\plugins\np-mswmp.dll
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2009-06-05 16:26
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-06-05 16:26
ComboFix-quarantined-files.txt 2009-06-05 21:26
ComboFix2.txt 2009-01-16 20:24
Pre-Run: 284,169,519,104 bytes free
Post-Run: 284,271,144,960 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
i:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
209