Thank you Origin, Here is my combofix log
ComboFix 09-07-19.01 - Owner 07/19/2009 8:10.1.1 - NTFSx86
Running from: c:\games\Combo-Fix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\Owner\LOCALS~1\Temp\csrss.exe
c:\docume~1\Owner\LOCALS~1\Temp\services.exe
c:\docume~1\Owner\LOCALS~1\Temp\svchost.exe
c:\docume~1\Owner\LOCALS~1\Temp\taskmgr.exe
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\ipuduwuq.pif
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\lose.dl
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\lyferidoj.bat
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\zukaco.bat
C:\gfub.exe
C:\myacngu.exe
C:\p2hhr.bat
c:\recycler\S-1-5-21-122048960-4198321903-4111881677-1007
c:\recycler\S-1-5-21-122048960-4198321903-4111881677-1008
C:\rtdasr.exe
C:\vphih.exe
c:\windows\010112010146118114.dat
c:\windows\0101120101464849.dat
c:\windows\01011201014650120.dat
c:\windows\0101120101465749.dat
c:\windows\0101120101465752.dat
c:\windows\DRIVERS\beep.sys
c:\windows\Installer\284543e0.msi
c:\windows\ld12.exe
c:\windows\system32\_scui.cpl
c:\windows\system32\AutoRun.inf
c:\windows\system32\tmp.reg
c:\windows\system32\drivers\beep.sys . . . is infected!!
c:\windows\system32\proquota.exe . . . is missing!!
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}
((((((((((((((((((((((((( Files Created from 2009-06-19 to 2009-07-19 )))))))))))))))))))))))))))))))
.
2009-07-18 19:43 . 2009-02-12 09:35 38208 ----a-w- c:\documents and settings\Owner\Application Data\Macromedia\Flash Player\
www.macromedia.com\bin\airappinstaller\airappinstaller.exe2009-07-18 19:39 . 2009-07-18 19:39 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-07-18 19:37 . 2009-07-18 19:37 86016 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\NOS\Adobe_Downloads\arh.exe
2009-07-18 19:37 . 2009-07-18 19:37 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\NOS
2009-07-18 19:37 . 2009-07-18 19:37 -------- d-----w- c:\program files\NOS
2009-07-18 13:50 . 2009-07-18 13:50 -------- d-----w- c:\program files\Trend Micro
2009-07-16 22:56 . 2009-07-16 22:56 -------- d-sh--w- c:\documents and settings\Owner\PrivacIE
2009-07-16 22:55 . 2009-07-16 22:55 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY\IETldCache
2009-07-16 22:53 . 2009-07-16 22:53 -------- d-sh--w- c:\documents and settings\Owner\IETldCache
2009-07-16 21:39 . 2009-06-02 10:12 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-07-16 21:39 . 2009-07-16 21:39 -------- d-----w- c:\windows\ie8updates
2009-07-16 21:38 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-07-16 21:38 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-16 21:33 . 2009-07-16 21:38 -------- dc-h--w- c:\windows\ie8
2009-07-15 02:41 . 2008-12-11 15:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-07-15 02:40 . 2009-04-03 18:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-07-15 02:40 . 2008-12-18 19:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-07-15 02:40 . 2009-07-19 15:02 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2009-07-15 02:40 . 2009-07-15 02:41 -------- d-----w- c:\program files\Common Files\PC Tools
2009-07-15 02:40 . 2008-12-10 18:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-07-15 02:40 . 2009-07-17 07:18 -------- d-----w- c:\program files\Spyware Doctor
2009-07-15 02:40 . 2009-07-15 02:40 -------- d-----w- c:\documents and settings\Owner\Application Data\PC Tools
2009-07-15 02:40 . 2009-07-15 02:40 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\PC Tools
2009-07-15 02:08 . 2009-07-15 02:08 -------- d-----w- c:\program files\Enigma Software Group
2009-07-15 01:58 . 2009-07-15 01:58 18987 ----a-w- c:\documents and settings\Owner\Application Data\vapo.exe
2009-07-15 01:58 . 2009-07-15 01:58 17338 ----a-w- c:\windows\system32\kiqizuxade.com
2009-07-15 01:58 . 2009-07-15 01:58 15533 ----a-w- c:\program files\Common Files\olub.com
2009-07-15 01:58 . 2009-07-15 01:58 15269 ----a-w- c:\documents and settings\Owner\Application Data\pasobaky.dll
2009-07-15 01:58 . 2009-07-15 01:58 13588 ----a-w- c:\windows\jegozy.bin
2009-07-15 01:58 . 2009-07-15 01:58 13041 ----a-w- c:\documents and settings\Owner\Application Data\evodedujo.pif
2009-07-15 01:58 . 2009-07-15 01:58 11727 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\nygolonip.vbs
2009-07-15 01:58 . 2009-07-15 01:58 10829 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\rutepijary.com
2009-07-15 01:58 . 2009-07-15 01:58 10448 ----a-w- c:\windows\ojidiq.reg
2009-07-15 01:50 . 2009-07-15 01:50 19164 ----a-w- c:\windows\system32\pimuvah.sys
2009-07-15 01:50 . 2009-07-15 01:50 18739 ----a-w- c:\windows\kyto.scr
2009-07-15 01:50 . 2009-07-15 01:50 15929 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\mibupupa.dll
2009-07-15 01:50 . 2009-07-15 01:50 15021 ----a-w- c:\windows\system32\opufyd.pif
2009-07-15 01:50 . 2009-07-15 01:50 14128 ----a-w- c:\program files\Common Files\unequ.pif
2009-07-15 01:50 . 2009-07-15 01:50 13182 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\jyvez.reg
2009-07-15 01:50 . 2009-07-15 01:50 11756 ----a-w- c:\documents and settings\Owner\Application Data\topaceb.bat
2009-07-15 01:50 . 2009-07-15 01:50 11542 ----a-w- c:\windows\system32\nuseqo.com
2009-07-15 01:50 . 2009-07-15 01:50 11501 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\etecym.reg
2009-07-15 01:50 . 2009-07-15 01:50 10008 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\ryrorehic.dll
2009-07-15 00:03 . 2009-07-15 02:47 238642 ----a-w- c:\windows\system32\wisdstr.exe
2009-07-14 23:57 . 2009-07-14 23:57 24576 ----a-w- C:\fhlyeby.exe
2009-07-14 23:57 . 2009-07-14 23:57 11264 ----a-w- C:\benfuse.exe
2009-07-14 23:57 . 2009-07-16 11:54 278 ----a-w- c:\documents and settings\Owner\Application Data\AdobeUM\delself.bat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-18 20:19 . 2009-03-31 22:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-18 19:42 . 2004-05-16 16:07 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-15 01:58 . 2009-07-15 01:58 15014 ----a-w- c:\documents and settings\Owner\Application Data\beri.bin
2009-07-15 01:58 . 2009-07-15 01:58 13800 ----a-w- c:\program files\Common Files\murawyhyr._sy
2009-07-15 01:58 . 2009-07-15 01:58 12301 ----a-w- c:\documents and settings\Owner\Application Data\gakikuxaq.bin
2009-07-15 01:50 . 2009-07-15 01:50 13472 ----a-w- c:\program files\Common Files\obexo.db
2009-07-15 01:50 . 2009-07-15 01:50 11477 ----a-w- c:\program files\Common Files\uqihaha.ban
2009-07-14 23:57 . 2004-05-27 21:57 -------- d-----w- c:\documents and settings\Owner\Application Data\AdobeUM
2009-07-13 20:36 . 2009-03-31 22:56 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 20:36 . 2009-03-31 22:56 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-05 20:01 . 2009-02-09 00:46 -------- d-----w- c:\program files\3DO
2009-06-16 14:36 . 2003-07-16 20:47 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2003-07-16 20:28 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-03 19:09 . 2003-05-13 18:28 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-20 20:24 . 2009-05-20 20:24 2967799 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-13 05:15 . 2004-02-07 01:05 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2003-07-16 20:32 345600 ----a-w- c:\windows\system32\localspl.dll
2007-03-03 01:15 . 2007-03-03 01:15 50688 ----a-w- c:\program files\ATF-Cleaner.exe
2008-12-30 13:19 . 2007-02-20 00:05 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-12-30 13:19 . 2007-02-20 00:05 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-30 13:19 . 2007-02-20 00:05 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-12-30 13:19 . 2007-02-20 00:05 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-12-30 13:19 . 2007-02-20 00:05 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2006-06-05 17:12 . 2006-06-05 17:12 8 --sh--r- c:\windows\SYSTEM32\C359C33EBB.sys
2006-06-05 17:12 . 2006-06-05 17:12 3350 --sha-w- c:\windows\SYSTEM32\KGyGaAvL.sys
.
------- Sigcheck -------
[-] 2009-07-18 13:28 28672 9BA5A2F0BC70019C96510D730F5692DD c:\windows\SYSTEM32\DLLCACHE\beep.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe"=
"c:\\Program Files\\Symantec\\pcAnywhere\\awhost32.exe"=
"c:\\Program Files\\Symantec\\pcAnywhere\\Winaw32.exe"=
"c:\\Program Files\\Symantec\\pcAnywhere\\awrem32.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"c:\\Program Files\\GameHouse\\TextTwist\\TextTwist.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 BsStor;InCD Storage Helper Driver;c:\windows\SYSTEM32\DRIVERS\bsstor.sys [12/27/2003 6:10 PM 9344]
R0 PCTCore;PCTools KDS;c:\windows\SYSTEM32\DRIVERS\PCTCore.sys [7/14/2009 7:40 PM 130936]
R2 BsUDF;InCD UDF Driver;c:\windows\SYSTEM32\DRIVERS\bsudf.sys [12/27/2003 6:10 PM 455552]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [7/18/2009 12:37 PM 66056]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [7/14/2009 7:40 PM 348752]
S3 VVBETHERNET;Actiontec Gateway Service;c:\windows\SYSTEM32\DRIVERS\VVBETH.SYS [12/27/2003 4:48 PM 15309]
S3 vvbususb;Actiontec Gateway USB Service;c:\windows\SYSTEM32\DRIVERS\VVBUSUSB.SYS [12/27/2003 4:48 PM 50911]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca83abc9-2aa2-11d8-badc-806d6172696f}]
\Shell\AutoRun\command - D:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe739306-9fc5-11dd-bdeb-806d6172696f}]
\Shell\AutoRun\command - E:\AP_SETUP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-07-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL =
hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8uStart Page =
hxxp://www.yahoo.com/DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabFF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\gh5zw9eu.default\
FF - prefs.js: browser.startup.homepage -
hxxp://www.yahoo.com/FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-07-19 08:23
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(4028)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\LEXBCES.EXE
c:\windows\SYSTEM32\LEXPPS.EXE
c:\windows\SYSTEM32\DRIVERS\KodakCCS.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\SYSTEM32\nvsvc32.exe
c:\windows\SYSTEM32\wdfmgr.exe
.
**************************************************************************
.
Completion time: 2009-07-19 8:33 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-19 15:33
Pre-Run: 40,314,138,624 bytes free
Post-Run: 43,211,001,856 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
222 --- E O F --- 2009-07-16 21:40