I hope I did this right, I hit yes for the recovery console but I dont think it worked. heres my log.
ComboFix 09-10-04.01 - Nick 10/05/2009 12:48.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.323 [GMT -5:00]
Running from: c:\documents and settings\Nick\My Documents\Combo-Fix.exe
FW: McAfee Personal Firewall Plus *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\aoqwlrag.exe
C:\ddbpu.exe
C:\ddqud.exe
c:\docume~1\Nick\LOCALS~1\Temp\lsass.exe
c:\docume~1\Nick\LOCALS~1\Temp\services.exe
c:\docume~1\Nick\LOCALS~1\Temp\svchost.exe
c:\docume~1\Nick\LOCALS~1\Temp\taskmgr.exe
c:\docume~1\Nick\LOCALS~1\Temp\winlogon.exe
c:\documents and settings\All Users\Application Data\becitidyza.bat
c:\documents and settings\All Users\Application Data\ekupuzy.inf
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\All Users\Application Data\moxas.ban
c:\documents and settings\All Users\Application Data\qyxepilu.sys
c:\documents and settings\All Users\Application Data\uneguzibo.ban
c:\documents and settings\All Users\Application Data\utejeguzu.inf
c:\documents and settings\All Users\Documents\qecowigel.inf
c:\documents and settings\All Users\Documents\refywyxin.reg
c:\documents and settings\All Users\Documents\upihezovav.bat
c:\documents and settings\All Users\Documents\wezu.reg
c:\documents and settings\All Users\Documents\yjelike.vbs
c:\documents and settings\Nick\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced Virus Remover.lnk
c:\documents and settings\Nick\Application Data\Microsoft\Internet Explorer\Quick Launch\AntivirusPro_2010.lnk
c:\documents and settings\Nick\Application Data\seres.exe
c:\documents and settings\Nick\Application Data\svcst.exe
c:\documents and settings\Nick\Application Data\uqovyv.dll
c:\documents and settings\Nick\Application Data\yxaquze.exe
c:\documents and settings\Nick\Application Data\zymiket.vbs
c:\documents and settings\Nick\Cookies\ahehunalib.ban
c:\documents and settings\Nick\Cookies\apakuhaz.reg
c:\documents and settings\Nick\Cookies\caducowu.dll
c:\documents and settings\Nick\Cookies\ewiwedicu.bin
c:\documents and settings\Nick\Cookies\heriqi._dl
c:\documents and settings\Nick\Cookies\icopylabo.pif
c:\documents and settings\Nick\Cookies\inulid.dll
c:\documents and settings\Nick\Cookies\iqohufyde.lib
c:\documents and settings\Nick\Cookies\kaqonaw.bin
c:\documents and settings\Nick\Desktop\Advanced Virus Remover.lnk
c:\documents and settings\Nick\Desktop\AntivirusPro_2010.lnk
c:\documents and settings\Nick\Local Settings\Application Data\fomofuxiko.vbs
c:\documents and settings\Nick\Local Settings\Application Data\izuvoxydaf.bin
c:\documents and settings\Nick\Local Settings\Application Data\jivecugyd.bat
c:\documents and settings\Nick\Local Settings\Application Data\likufiba.vbs
c:\documents and settings\Nick\Local Settings\Application Data\ovet.pif
c:\documents and settings\Nick\Local Settings\Application Data\owyled.dll
c:\documents and settings\Nick\Local Settings\Application Data\tykip.com
c:\documents and settings\Nick\Local Settings\Temporary Internet Files\aremazuzi.bat
c:\documents and settings\Nick\Local Settings\Temporary Internet Files\ekybefocu._dl
c:\documents and settings\Nick\Local Settings\Temporary Internet Files\enibebapom.inf
c:\documents and settings\Nick\Local Settings\Temporary Internet Files\haga._dl
c:\documents and settings\Nick\Local Settings\Temporary Internet Files\ikoba.dll
c:\documents and settings\Nick\Local Settings\Temporary Internet Files\imuwyl.dl
c:\documents and settings\Nick\Local Settings\Temporary Internet Files\itucapewu.pif
c:\documents and settings\Nick\Local Settings\Temporary Internet Files\ivipidej.reg
c:\documents and settings\Nick\Local Settings\Temporary Internet Files\kajofew.bin
c:\documents and settings\Nick\Local Settings\Temporary Internet Files\maroduq.bat
c:\documents and settings\Nick\Local Settings\Temporary Internet Files\miduzywo.ban
c:\documents and settings\Nick\Local Settings\Temporary Internet Files\mypaviqap.pif
c:\documents and settings\Nick\Local Settings\Temporary Internet Files\ocihamerej._dl
c:\documents and settings\Nick\Local Settings\Temporary Internet Files\oxofafy.ban
c:\documents and settings\Nick\Local Settings\Temporary Internet Files\pudyfeh.dl
c:\documents and settings\Nick\Local Settings\Temporary Internet Files\sonuvotup.dl
c:\documents and settings\Nick\Local Settings\Temporary Internet Files\uzid.bin
c:\documents and settings\Nick\Local Settings\Temporary Internet Files\uzurafumar._sy
c:\documents and settings\Nick\Local Settings\Temporary Internet Files\yroq.bat
c:\documents and settings\Nick\Local Settings\Temporary Internet Files\zomecupo._sy
c:\documents and settings\Nick\Start Menu\Advanced Virus Remover.lnk
c:\documents and settings\Nick\Start Menu\Programs\AntivirusPro_2010
c:\documents and settings\Nick\Start Menu\Programs\AntivirusPro_2010\AntivirusPro_2010.lnk
c:\documents and settings\Nick\Start Menu\Programs\AntivirusPro_2010\Uninstall.lnk
C:\eopmjm.exe
C:\flqihkhx.exe
C:\hxlqib.exe
C:\mdnsq.exe
C:\p2hhr.bat
C:\pkusq.exe
c:\program files\AdvancedVirusRemover
c:\program files\AdvancedVirusRemover\PAVRM.exe
c:\program files\AntivirusPro_2010
c:\program files\AntivirusPro_2010\AntivirusPro_2010.cfg
c:\program files\AntivirusPro_2010\AntivirusPro_2010.exe
c:\program files\AntivirusPro_2010\AVEngn.dll
c:\program files\AntivirusPro_2010\data\daily.cvd
c:\program files\AntivirusPro_2010\htmlayout.dll
c:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest
c:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\msvcm80.dll
c:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\msvcp80.dll
c:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\msvcr80.dll
c:\program files\AntivirusPro_2010\pthreadVC2.dll
c:\program files\AntivirusPro_2010\Uninstall.exe
c:\program files\AntivirusPro_2010\wscui.cpl
c:\program files\Common Files\oqevoquqog.scr
c:\program files\Common Files\ozidazegy.inf
c:\program files\Common Files\requk.pif
c:\program files\Common Files\zusadesil._dl
c:\program files\Shared\liB.dll
c:\program files\Shared\lib.sig
c:\program files\Windows Police Pro
c:\program files\Windows Police Pro\msvcm80.dll
c:\program files\Windows Police Pro\msvcp80.dll
c:\program files\Windows Police Pro\msvcr80.dll
c:\program files\Windows Police Pro\tmp\dbsinit.exe
c:\program files\Windows Police Pro\tmp\images\i1.gif
c:\program files\Windows Police Pro\tmp\images\i2.gif
c:\program files\Windows Police Pro\tmp\images\i3.gif
c:\program files\Windows Police Pro\tmp\images\j1.gif
c:\program files\Windows Police Pro\tmp\images\j2.gif
c:\program files\Windows Police Pro\tmp\images\j3.gif
c:\program files\Windows Police Pro\tmp\images\jj1.gif
c:\program files\Windows Police Pro\tmp\images\jj2.gif
c:\program files\Windows Police Pro\tmp\images\jj3.gif
c:\program files\Windows Police Pro\tmp\images\l1.gif
c:\program files\Windows Police Pro\tmp\images\l2.gif
c:\program files\Windows Police Pro\tmp\images\l3.gif
c:\program files\Windows Police Pro\tmp\images\pix.gif
c:\program files\Windows Police Pro\tmp\images\t1.gif
c:\program files\Windows Police Pro\tmp\images\t2.gif
c:\program files\Windows Police Pro\tmp\images\up1.gif
c:\program files\Windows Police Pro\tmp\images\up2.gif
c:\program files\Windows Police Pro\tmp\images\w1.gif
c:\program files\Windows Police Pro\tmp\images\w11.gif
c:\program files\Windows Police Pro\tmp\images\w2.gif
c:\program files\Windows Police Pro\tmp\images\w3.gif
c:\program files\Windows Police Pro\tmp\images\w3.jpg
c:\program files\Windows Police Pro\tmp\images\wt1.gif
c:\program files\Windows Police Pro\tmp\images\wt2.gif
c:\program files\Windows Police Pro\tmp\images\wt3.gif
c:\program files\Windows Police Pro\tmp\wispex.html
c:\program files\Windows Police Pro\winivsetup.exe
c:\recycler\S-1-5-21-0335715335-8862983424-635718708-2222
c:\recycler\S-1-5-21-0335715335-8862983424-635718708-2222\msimfo32.exe
C:\rhjdpc.exe
C:\ruptbvv.exe
C:\vhlyrkv.exe
c:\windows\braviax.exe
c:\windows\cru629.dat
c:\windows\fesykanup.reg
c:\windows\fisy.inf
c:\windows\Fonts\acrsec.fon
c:\windows\idolodiqat.exe
c:\windows\ifutuqicace.dll
c:\windows\Installer\157c3ef.msp
c:\windows\Installer\2c9a66b.msp
c:\windows\lapa.scr
c:\windows\mark_32.dll
c:\windows\msa.exe
c:\windows\myvezuh.vbs
c:\windows\neherexiby.bat
c:\windows\otecutona.exe
c:\windows\otuqe.vbs
c:\windows\ppp3.dat
c:\windows\ppp4.dat
c:\windows\ququmazyco.bat
c:\windows\svchast.exe
c:\windows\system32\_scui.cpl
c:\windows\system32\18467.exe
c:\windows\system32\41.exe
c:\windows\system32\AVR09.exe
c:\windows\system32\bincd32.dat
c:\windows\system32\braviax.exe
c:\windows\system32\cache329
c:\windows\system32\cache329\B_329_0_0_106800.htm
c:\windows\system32\cache329\B_329_0_0_107400.htm
c:\windows\system32\cache329\B_329_1_0_449200.gif
c:\windows\system32\cache329\B_329_1_0_449600.gif
c:\windows\system32\cache329\B_329_1_0_454300.gif
c:\windows\system32\cache329\B_329_2_0_106800.htm
c:\windows\system32\cache329\B_329_2_0_107400.htm
c:\windows\system32\cache329\B_329_3_0_106800.htm
c:\windows\system32\cache329\B_329_3_0_107400.htm
c:\windows\system32\cache329\B_329_4_0_111600.htm
c:\windows\system32\cache329\B_329_4_0_152400.htm
c:\windows\system32\cache329\B_329_4_0_155300.htm
c:\windows\system32\cache329\B_329_4_0_164100.htm
c:\windows\system32\cache329\t_B_329_0_0_106800.htm
c:\windows\system32\cache329\t_B_329_0_0_107400.htm
c:\windows\system32\cache329\t_B_329_2_0_106800.htm
c:\windows\system32\cache329\t_B_329_2_0_107400.htm
c:\windows\system32\cache329\t_B_329_3_0_106800.htm
c:\windows\system32\cache329\t_B_329_3_0_107400.htm
c:\windows\system32\cache329\t_B_329_4_0_111600.htm
c:\windows\system32\cache329\t_B_329_4_0_152400.htm
c:\windows\system32\cache329\t_B_329_4_0_155300.htm
c:\windows\system32\cache329\t_B_329_4_0_164100.htm
c:\windows\system32\critical_warning.html
c:\windows\system32\cru629.dat
c:\windows\system32\desot.exe
c:\windows\system32\dllcache\figaro.sys
c:\windows\system32\drivers\cxnkgaibcqcrjqqf.sys
c:\windows\system32\drivers\cxtiqrnsiwwosecs.sys
c:\windows\system32\drivers\cxtksvjkcicvsbfg.sys
c:\windows\system32\drivers\dbdwqenvnnkijwme.sys
c:\windows\system32\drivers\dbxthxfypetrdmxt.sys
c:\windows\system32\drivers\dxvccrncwkonnois.sys
c:\windows\system32\drivers\eciqxnorabwtrdcd.sys
c:\windows\system32\drivers\ecrirtfgqdeqxerc.sys
c:\windows\system32\drivers\gasfkyexexyvbe.sys
c:\windows\system32\drivers\gerciqxyymsbccdi.sys
c:\windows\system32\drivers\gqfwoseqvrpprrpi.sys
c:\windows\system32\drivers\hpmbapbutexymcxt.sys
c:\windows\system32\drivers\hqxxreeexnixgowf.sys
c:\windows\system32\drivers\iqmbyxuspqufgqsb.sys
c:\windows\system32\drivers\iuypdmenxuijpwap.sys
c:\windows\system32\drivers\ivkkbesevpttrpth.sys
c:\windows\system32\drivers\ivpeobcmvxqxvjib.sys
c:\windows\system32\drivers\ivtnvnnqvrnmdrtf.sys
c:\windows\system32\drivers\iwwosetepyrbcxvp.sys
c:\windows\system32\drivers\ixrnnqwhossiuwtn.sys
c:\windows\system32\drivers\mpuyadnfvnstrxob.sys
c:\windows\system32\drivers\ndisrd.sys
c:\windows\system32\drivers\ooqhxvcpcbcxjuhi.sys
c:\windows\system32\drivers\pinlpcbvsbccxgid.sys
c:\windows\system32\drivers\pwiporncvkpjulqi.sys
c:\windows\system32\drivers\qbvpeornstikseni.sys
c:\windows\system32\drivers\qipftoieeibcjxtn.sys
c:\windows\system32\drivers\rbrpvnylnoixnmsp.sys
c:\windows\system32\drivers\riuwivximueqrxtp.sys
c:\windows\system32\drivers\rjkiqoufhqoajwid.sys
c:\windows\system32\drivers\rtfjxycimnwxbvpd.sys
c:\windows\system32\drivers\snpyycwxrqrppujj.sys
c:\windows\system32\drivers\sobcrprrxexymdiv.sys
c:\windows\system32\drivers\stinnxwbwwoisecq.sys
c:\windows\system32\drivers\UACyvxmnkesmf.sys
c:\windows\system32\drivers\ulnqvrxexlkidxrq.sys
c:\windows\system32\drivers\virdcxnidutiorir.sys
c:\windows\system32\drivers\vkbcrviuthtxomba.sys
c:\windows\system32\drivers\vxtusiwqqpctqecg.sys
c:\windows\system32\drivers\vxvksmnwbvtrpfdb.sys
c:\windows\system32\drivers\wtixnspwyfulnqvr.sys
c:\windows\system32\drivers\xgqduxnqvtiqrjuy.sys
c:\windows\system32\drivers\xnkbwqvreecimqxe.sys
c:\windows\system32\drivers\xrpqfvnntsieewir.sys
c:\windows\system32\emogu.sys
c:\windows\system32\fulefoze.dll
c:\windows\system32\gasfkyqftjlnka.dat
c:\windows\system32\gasfkyqjwqjrlt.dat
c:\windows\system32\gasfkyqqhqobwe.dll
c:\windows\system32\gasfkywjebbyxv.dll
c:\windows\system32\gasfkyyxvdktaf.dll
c:\windows\system32\images
c:\windows\system32\images\i1.gif
c:\windows\system32\images\i2.gif
c:\windows\system32\images\i3.gif
c:\windows\system32\images\j1.gif
c:\windows\system32\images\j2.gif
c:\windows\system32\images\j3.gif
c:\windows\system32\images\jj1.gif
c:\windows\system32\images\jj2.gif
c:\windows\system32\images\jj3.gif
c:\windows\system32\images\l1.gif
c:\windows\system32\images\l2.gif
c:\windows\system32\images\l3.gif
c:\windows\system32\images\pix.gif
c:\windows\system32\images\t1.gif
c:\windows\system32\images\t2.gif
c:\windows\system32\images\up1.gif
c:\windows\system32\images\up2.gif
c:\windows\system32\images\w1.gif
c:\windows\system32\images\w11.gif
c:\windows\system32\images\w2.gif
c:\windows\system32\images\w3.gif
c:\windows\system32\images\w3.jpg
c:\windows\system32\images\wt1.gif
c:\windows\system32\images\wt2.gif
c:\windows\system32\images\wt3.gif
c:\windows\system32\iqupikor.inf
c:\windows\system32\nakofubu.dll
c:\windows\system32\ndisapi.dll
c:\windows\system32\nzFIu3h78di.dll
c:\windows\system32\q5pbg.dll
c:\windows\system32\racle~1
c:\windows\system32\racle~1\?racle\ctxad-555.0000
c:\windows\system32\rajujuli.dll
c:\windows\system32\satakasu.dll
c:\windows\system32\sonhelp.htm
c:\windows\system32\tmp.reg
c:\windows\system32\uacinit.dll
c:\windows\system32\UACrrpxhjiyea.dat
c:\windows\system32\UACruocynnrcp.dll
c:\windows\system32\UACwtaitpweyk.dll
c:\windows\system32\UACydotymndou.dll
c:\windows\system32\wbem\proquota.exe
c:\windows\system32\winhelper.dll
c:\windows\system32\winupdate.exe
c:\windows\system32\wisdstr.exe
c:\windows\system32\wispex.html
c:\windows\system32\ytypavaraz.dll
c:\windows\system32\yuwowijo.dll
c:\windows\system32\zosijofa.dll
c:\windows\Temp\991545680.exe
c:\windows\ugetilukeh.inf
c:\windows\yzunaqonol.inf
C:\yhjj.exe
----- BITS: Possible infected sites -----
hxxp://download.yimg.comInfected copy of c:\windows\system32\drivers\beep.sys was found and disinfected
Restored copy from - c:\i386\beep.sys
c:\windows\system32\proquota.exe was missing
Restored copy from - c:\i386\proquota.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_UACd.sys
-------\Legacy_UACd.sys
-------\Legacy_NDISRD
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}
-------\Service_NDISRD
((((((((((((((((((((((((( Files Created from 2009-09-05 to 2009-10-05 )))))))))))))))))))))))))))))))
.
2009-10-05 18:00 . 2004-08-04 10:00 50176 ----a-w- c:\windows\system32\proquota.exe
2009-10-05 17:59 . 2009-10-05 17:59 -------- d-----w- c:\windows\LastGood.Tmp
2009-10-05 01:13 . 2009-10-05 01:13 693760 ----a-w- c:\windows\is-AI8N5.exe
2009-10-04 18:04 . 2009-10-04 18:04 96256 ----a-w- c:\windows\system32\nNQ4vpNBRa.dll
2009-10-03 17:16 . 2009-10-03 17:16 -------- d-----w- c:\documents and settings\Nick\Application Data\Common Files
2009-09-30 23:05 . 2009-09-30 23:05 96256 ----a-w- c:\windows\system32\iTEBs6w6Rn.dll
2009-09-30 19:18 . 2009-09-30 19:18 46080 ----a-w- c:\windows\system32\wtmet1.dll
2009-09-30 19:18 . 2009-09-30 19:18 19456 ----a-w- C:\xrwy.exe
2009-09-30 19:18 . 2009-09-30 19:18 53248 ----a-w- C:\yonm.exe
2009-09-30 19:18 . 2009-09-30 19:18 57344 ----a-w- C:\rmeprraf.exe
2009-09-30 19:18 . 2009-09-30 19:18 5632 ----a-w- C:\rlswn.exe
2009-09-30 19:18 . 2009-09-30 19:18 46592 ----a-w- C:\nqxbk.exe
2009-09-30 19:17 . 2009-09-30 19:17 57856 ----a-w- C:\imat.exe
2009-09-26 20:33 . 2009-09-26 20:33 -------- d-----w- c:\documents and settings\Nick\Application Data\COREL
2009-09-25 19:54 . 2009-09-25 19:54 48640 ----a-w- C:\mlhlsvq.exe
2009-09-24 03:16 . 2009-09-24 03:16 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2009-09-24 03:15 . 2009-09-24 03:15 -------- d-sh--w- c:\windows\system32\config\systemprofile\IECompatCache
2009-09-23 22:34 . 2009-10-05 17:47 0 ----a-w- c:\windows\Rnezogovit.bin
2009-09-23 22:34 . 2009-10-05 17:47 120 ----a-w- c:\windows\Gxewoxired.dat
2009-09-23 22:34 . 2009-09-23 22:34 -------- d-----w- c:\documents and settings\Nick\Local Settings\Application Data\{B08FF45D-F73F-4BEE-8CF9-0218C7613CBD}
2009-09-21 17:22 . 2009-09-21 17:22 16498 ----a-w- c:\windows\ibirehag.dat
2009-09-21 17:22 . 2009-09-21 17:22 15638 ----a-w- c:\windows\mukygazet.dat
2009-09-19 11:09 . 2009-10-05 00:09 0 ----a-w- c:\windows\win32k.sys
2009-09-18 20:21 . 2009-09-18 20:21 0 ----a-w- c:\documents and settings\Nick\settings.dat
2009-09-18 20:11 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-18 20:11 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-18 19:07 . 2009-09-18 19:07 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-09-18 18:53 . 2009-09-18 18:53 83456 ----a-w- C:\hwdgqmcw.exe
2009-09-18 18:53 . 2009-09-18 18:53 17920 ----a-w- C:\joxa.exe
2009-09-18 18:53 . 2009-09-18 18:53 95744 ----a-w- C:\kqjopjiq.exe
2009-09-09 18:03 . 2009-06-21 22:04 153088 ------w- c:\windows\system32\dllcache\triedit.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-05 17:59 . 2009-08-19 19:01 -------- d-----w- c:\program files\Shared
2009-10-05 16:53 . 2006-08-22 16:54 -------- d-----w- c:\program files\PokerStars
2009-10-05 16:51 . 2008-07-10 00:17 -------- d-----w- c:\program files\PlayersOnly Poker
2009-10-05 02:29 . 2009-09-03 02:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-04 20:36 . 2007-01-23 04:54 -------- d-----w- c:\program files\Full Tilt Poker
2009-09-21 17:22 . 2009-09-21 17:22 14535 ----a-w- c:\program files\Common Files\ruxuqewyq.lib
2009-09-17 05:47 . 2007-09-02 23:57 -------- d-----w- c:\program files\Absolute Poker
2009-09-15 18:13 . 2007-08-13 23:47 -------- d-----w- c:\program files\Bodog Poker
2009-09-13 18:02 . 2007-08-14 07:03 -------- d-----w- c:\program files\UltimateBet
2009-09-03 04:16 . 2009-08-30 18:07 -------- d-----w- c:\program files\Common Files\Uninstall
2009-08-31 03:09 . 2009-08-13 00:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-08-31 02:52 . 2009-08-31 02:52 18413 ----a-w- c:\program files\Common Files\afijuq.dat
2009-08-31 02:52 . 2009-08-31 02:52 16614 ----a-w- c:\windows\esot.sys
2009-08-31 02:52 . 2009-08-31 02:52 15481 ----a-w- c:\documents and settings\Nick\Local Settings\Application Data\amedizogus.com
2009-08-31 02:52 . 2009-08-31 02:52 13835 ----a-w- c:\windows\demudab.pif
2009-08-31 02:52 . 2009-08-31 02:52 13529 ----a-w- c:\windows\system32\oqajy.com
2009-08-31 02:52 . 2009-08-31 02:52 12430 ----a-w- c:\program files\Common Files\axazahicy.dll
2009-08-31 02:52 . 2009-08-31 02:52 12200 ----a-w- c:\program files\Common Files\kizaquvum.dl
2009-08-31 02:52 . 2009-08-31 02:52 11242 ----a-w- c:\program files\Common Files\viwyk.lib
2009-08-31 02:52 . 2009-08-31 02:52 17507 ----a-w- c:\windows\system32\vajudo.scr
2009-08-31 02:52 . 2009-08-31 02:52 15728 ----a-w- c:\documents and settings\All Users\Application Data\xizisecigu.dat
2009-08-31 02:52 . 2009-08-31 02:52 11405 ----a-w- c:\documents and settings\All Users\Application Data\lyvovilu.scr
2009-08-31 02:52 . 2009-08-31 02:52 11251 ----a-w- c:\program files\Common Files\myqovecy.db
2009-08-19 20:57 . 2009-08-19 20:57 18427 ----a-w- c:\program files\Common Files\helivaw.lib
2009-08-19 20:57 . 2009-08-19 20:57 16746 ----a-w- c:\program files\Common Files\fypumyz.db
2009-08-19 20:57 . 2009-08-19 20:57 15525 ----a-w- c:\documents and settings\Nick\Local Settings\Application Data\fusifusiha.exe
2009-08-19 20:57 . 2009-08-19 20:57 15429 ----a-w- c:\program files\Common Files\osite.db
2009-08-19 20:57 . 2009-08-19 20:57 14646 ----a-w- c:\documents and settings\All Users\Application Data\uricudaned.scr
2009-08-19 20:57 . 2009-08-19 20:57 14023 ----a-w- c:\program files\Common Files\ylotorat.bin
2009-08-19 20:57 . 2009-08-19 20:57 13756 ----a-w- c:\windows\system32\eqesyqow.com
2009-08-19 20:57 . 2009-08-19 20:57 13531 ----a-w- c:\documents and settings\Nick\Local Settings\Application Data\muqutykiz.com
2009-08-19 20:57 . 2009-08-19 20:57 11592 ----a-w- c:\program files\Common Files\adahy.bin
2009-08-19 20:57 . 2009-08-19 20:57 11122 ----a-w- c:\program files\Common Files\ohifufasu.bin
2009-08-13 08:15 . 2009-08-13 08:15 16562 ----a-w- c:\documents and settings\Nick\Application Data\vepog.bin
2009-08-13 08:15 . 2009-08-13 08:15 12051 ----a-w- c:\windows\system32\gydi.bin
2009-08-13 08:15 . 2009-08-13 08:15 19456 ----a-w- c:\documents and settings\Nick\Local Settings\Application Data\gulamyjilo.sys
2009-08-13 08:15 . 2009-08-13 08:15 18590 ----a-w- c:\windows\system32\kusimu.exe
2009-08-13 08:15 . 2009-08-13 08:15 17965 ----a-w- c:\documents and settings\Nick\Application Data\wewam.pif
2009-08-13 08:15 . 2009-08-13 08:15 17588 ----a-w- c:\program files\Common Files\beco._sy
2009-08-13 08:15 . 2009-08-13 08:15 15577 ----a-w- c:\program files\Common Files\lolabijuq._dl
2009-08-13 08:15 . 2009-08-13 08:15 14299 ----a-w- c:\windows\system32\yhyfyrus.exe
2009-08-13 08:15 . 2009-08-13 08:15 14094 ----a-w- c:\documents and settings\All Users\Application Data\zene.scr
2009-08-13 08:15 . 2009-08-13 08:15 11896 ----a-w- c:\windows\ydis.com
2009-08-13 08:15 . 2009-08-13 08:15 10019 ----a-w- c:\program files\Common Files\byqavixydo.dl
2009-08-13 00:09 . 2009-08-12 23:29 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-08-13 00:05 . 2009-08-12 23:44 656 ----a-w- c:\windows\system32\drivers\kgpfr2.cfg
2009-08-13 00:04 . 2009-08-12 23:45 74168 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2009-08-12 23:42 . 2006-08-16 16:33 -------- d-----w- c:\program files\McAfee.com
2009-08-12 23:30 . 2009-08-12 23:30 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2009-08-12 23:29 . 2009-08-12 23:29 -------- d-----w- c:\program files\Common Files\iS3
2009-08-12 23:07 . 2009-08-12 23:07 19621 ----a-w- c:\program files\Common Files\wuzekubosa.pif
2009-08-12 23:07 . 2009-08-12 23:07 16169 ----a-w- c:\documents and settings\All Users\Application Data\gilepacyzu.dll
2009-08-12 23:07 . 2009-08-12 23:07 16022 ----a-w- c:\documents and settings\Nick\Application Data\imisukap.scr
2009-08-12 23:07 . 2009-08-12 23:07 13061 ----a-w- c:\windows\system32\abyr.bin
2009-08-12 23:07 . 2009-08-12 23:07 12074 ----a-w- c:\documents and settings\Nick\Application Data\acifavag.bin
2009-08-12 23:07 . 2009-08-12 23:07 11772 ----a-w- c:\documents and settings\All Users\Application Data\xemozesat.com
2009-08-12 23:07 . 2009-08-12 23:07 11071 ----a-w- c:\documents and settings\All Users\Application Data\gewebijiqy.exe
2009-08-12 23:07 . 2009-08-12 23:07 10402 ----a-w- c:\windows\ecaqavody.dat
2009-08-12 22:39 . 2006-08-16 16:35 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee.com Personal Firewall
2009-08-05 09:11 . 2004-08-10 17:51 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 18:55 . 2004-08-10 17:50 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 15:08 . 2004-08-10 17:51 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-25 19:54 . 2009-06-25 19:54 0 --sha-w- c:\windows\system32\kofipulo.dll
2009-06-25 19:54 . 2009-06-25 19:54 0 --sha-w- c:\windows\system32\muhavude.dll
2009-06-30 19:18 . 2009-06-30 19:18 53248 --sha-w- c:\windows\system32\suhamose.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="c:\program files\AIM\aim.exe" [2005-08-05 67160]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-28 68856]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DellTransferAgent"="c:\documents and settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" [2007-11-13 135168]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 2097488]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-06 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-06 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-06 114688]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-12-13 58992]
"Norton Ghost 10.0"="c:\program files\Norton Ghost\Agent\GhostTray.exe" [2005-12-07 1537696]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-09-22 303104]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 212992]
"MSKDetectorExe"="c:\progra~1\McAfee\SPAMKI~1\MSKDetct.exe" [2005-08-12 1121792]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-26 29744]
"MSKAGENTEXE"="c:\progra~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-09-26 110592]
"MPFExe"="c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-11-11 1005096]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-14 148888]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-8-16 24576]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli wkbyse.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/23/2007 6:47 PM 24652]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [8/16/2006 11:37 AM 29744]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder
2009-10-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 20:57]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.commStart Page =
hxxp://www.google.commSearch Bar =
hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.htmluInternet Connection Wizard,ShellNext = iexplore
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
IE: {{10F055B8-F443-4adf-948A-EC551E9DBCE4} - c:\documents and settings\Nick\Start Menu\Programs\UltimateBet\UltimateBet.lnk
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKCU-Run-mserv - c:\documents and settings\Nick\Application Data\svcst.exe
HKLM-Run-avgnt - c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
HKLM-Run-Windows Defender - c:\program files\Windows Defender\MSASCui.exe
HKLM-Run-Dnadetohekafom - c:\windows\ifutuqicace.dll
HKLM-Run-POINTER - point32.exe
HKLM-Run-wimidogude - fulefoze.dll
Notify-WgaLogon - (no file)
AddRemove-ShockwaveFlash - c:\windows\system32\Macromed\Flash\FlashUtil9c.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-10-05 13:06
Windows 5.1.2600 Service Pack 2 NTFS
scanning hȋdden processes ...
scanning hȋdden autostart entries ...
scanning hȋdden files ...
scan completed successfully
hȋdden files: 0
**************************************************************************
"ImagePath"="\??\c:\windows\system32\drivers\rootrepeal
[1].sys"
[HKEY_LOCAL_MACHINE\System\controlset002\Services\rootrepeal[1]]
"ImagePath"="\??\c:\windows\system32\drivers\rootrepeal
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(772)
c:\windows\wkbyse.dll
c:\windows\system32\WININET.dll
- - - - - - - > 'explorer.exe'(2908)
c:\windows\system32\WININET.dll
c:\progra~1\McAfee\SPAMKI~1\mskoeplg.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\wkbyse.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\gearsec.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\McAfee.com\Agent\Mcdetect.exe
c:\progra~1\McAfee.com\Agent\McTskshd.exe
c:\program files\Microsoft Hardware\Mouse\point32.exe
c:\progra~1\McAfee.com\PERSON~1\MpfService.exe
c:\program files\Norton Ghost\CfgWiz.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\wscntfy.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\progra~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\program files\Common Files\InstallShield\UpdateService\agent.exe
c:\program files\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2009-10-05 13:12 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-05 18:11
Pre-Run: 101,645,611,008 bytes free
Post-Run: 103,654,531,072 bytes free
Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4
555 --- E O F --- 2009-09-27 20:07