I've dealt with this before, and my solution was using Norton Ghost to restore my hard drive to a back up, which worked, however I would like to not do that again to keep files : ). Well some website I went to must have had it again, so now I'm stuck with it. I have run ComboFix and the log is posted below as requested.
ComboFix 09-03-29.04 - msimpson 2009-03-30 17:22:30.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2814.2243 [GMT -4:00]
Running from: c:\documents and settings\msimpson\Desktop\ComboFix.exe
AV: a-squared Anti-Malware *On-access scanning disabled* (Updated)
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\emMON.exe
c:\windows\system32\fohomugu.dll
c:\windows\system32\luyusowa.dll
c:\windows\system32\mofewobi.dll
c:\windows\system32\sekapehu.dll
c:\windows\system32\wogisewo.dll
c:\windows\system32\wuyeligo.dll
c:\windows\system32\zabinose.dll
----- BITS: Possible infected sites -----
hxxp://82.98.235.205
.
((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-30 )))))))))))))))))))))))))))))))
.
2009-03-29 11:03 . 2009-03-09 15:06 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-03-29 09:55 . 2009-03-29 09:55 153 --a------ c:\windows\wininit.ini
2009-03-29 09:46 . 2009-03-09 15:06 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-03-29 09:45 . 2009-03-29 09:45 <DIR> d-------- c:\program files\Lavasoft
2009-03-29 09:45 . 2009-03-29 09:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-03-29 09:45 . 2009-03-29 09:45 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-03-19 21:06 . 2009-03-19 21:06 <DIR> d-------- c:\documents and settings\msimpson\Application Data\vlc
2009-03-19 21:05 . 2009-03-19 21:05 <DIR> d-------- c:\program files\VideoLAN
2009-03-16 19:17 . 2009-03-16 19:17 <DIR> d-------- c:\program files\MathType
2009-03-16 19:17 . 2009-03-16 19:17 <DIR> d-------- c:\documents and settings\msimpson\Application Data\Design Science
2009-03-05 18:43 . 2009-03-05 19:36 66,936 --ahs---- c:\windows\dlinfo_1.drv
2009-03-04 23:50 . 2009-03-05 00:44 66,936 --ahs---- c:\windows\dlinfo_0.drv
2009-03-04 23:45 . 2009-03-04 23:45 <DIR> d-------- c:\documents and settings\msimpson\WINDOWS
2009-03-04 23:43 . 2009-03-04 23:43 61,440 --a------ c:\windows\diabunin.exe
2009-03-04 21:56 . 2009-03-04 21:56 <DIR> d-------- c:\documents and settings\msimpson\Application Data\teamspeak2
2009-03-04 21:56 . 2009-03-04 21:56 34,064 --a------ c:\windows\system32\lhacm.acm
2009-03-04 21:55 . 2009-03-04 21:56 <DIR> d-------- c:\program files\Teamspeak2_RC2
2009-03-03 00:08 . 2009-03-03 00:08 <DIR> d-------- c:\program files\Riva
2009-03-03 00:08 . 2009-03-03 00:08 <DIR> d-------- c:\program files\Common Files\SWF Studio
2009-02-28 23:22 . 2009-03-03 21:29 23 --a------ c:\windows\BlendSettings.ini
2009-02-28 22:28 . 2009-02-28 22:28 66,936 --ahs---- c:\windows\slinfo_0.drv
2009-02-28 22:27 . 2009-03-04 23:50 <DIR> d-------- C:\Diablo
2009-02-28 22:27 . 2009-03-04 23:43 86,528 --a------ c:\windows\bnetunin.exe
2009-02-28 22:27 . 2009-02-28 22:27 61,440 --a------ c:\windows\diabswun.exe
2009-02-28 22:17 . 2009-03-18 22:30 <DIR> d-------- c:\program files\Bethesda Softworks
2009-02-27 09:12 . 2009-02-27 09:12 <DIR> d-------- c:\program files\Eufony Lite
2009-02-27 09:08 . 2009-02-27 09:09 <DIR> d-------- c:\program files\FLAC
2009-02-26 01:02 . 2009-03-18 22:00 <DIR> d-------- c:\program files\a-squared Anti-Malware
2009-02-23 21:36 . 2009-03-28 17:45 <DIR> d-------- C:\Fraps
2009-02-23 01:11 . 2007-07-19 19:14 1,358,192 --a------ c:\windows\system32\D3DCompiler_35.dll
2009-02-23 01:11 . 2007-07-19 19:14 444,776 --a------ c:\windows\system32\d3dx10_35.dll
2009-02-23 01:11 . 2007-07-20 01:57 267,112 --a------ c:\windows\system32\xactengine2_9.dll
2009-02-23 00:59 . 2009-02-23 01:11 <DIR> d-------- c:\program files\The Witcher
2009-02-19 22:18 . 2009-02-19 22:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\CCP
2009-02-19 22:10 . 2007-07-19 19:14 3,727,720 --a------ c:\windows\system32\d3dx9_35.dll
2009-02-19 22:05 . 2009-02-19 22:05 <DIR> d-------- c:\program files\CCP
2009-02-19 21:15 . 2009-02-19 21:15 <DIR> d-------- c:\program files\Ventrilo
2009-02-19 21:15 . 2009-03-30 17:25 <DIR> d-------- c:\program files\Steam
2009-02-19 21:15 . 2009-02-19 21:15 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-02-19 21:15 . 2009-03-08 15:21 <DIR> d-------- c:\documents and settings\msimpson\Application Data\Ventrilo
2009-02-19 21:15 . 2009-02-19 21:15 262 --a------ c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2009-02-19 21:14 . 2009-02-19 21:14 <DIR> d-------- c:\program files\Opera
2009-02-19 20:07 . 2005-10-27 16:06 356,096 --a------ c:\windows\system32\drivers\rt61.sys
2009-02-19 20:07 . 2005-05-17 17:24 311,296 --a------ c:\windows\system32\AegisI5.exe
2009-02-19 20:07 . 2005-10-20 16:00 243,328 --a------ c:\windows\system32\drivers\RT2500.SYS
2009-02-19 20:07 . 2005-07-15 19:11 81,920 --a------ c:\windows\system32\Install6x.dll
2009-02-19 20:07 . 2009-02-19 20:07 20,747 --a------ c:\windows\system32\drivers\AegisP.sys
2009-02-19 20:07 . 2005-10-26 15:22 8,192 --a------ c:\windows\system32\drivers\RT2661.bin
2009-02-19 20:07 . 2005-10-26 15:22 8,192 --a------ c:\windows\system32\drivers\RT2561s.bin
2009-02-19 20:07 . 2005-10-26 15:22 8,192 --a------ c:\windows\system32\drivers\RT2561.bin
2009-02-19 20:07 . 2005-06-16 01:30 162 --a------ c:\windows\filespec6x
2009-02-19 20:06 . 2009-02-19 20:06 <DIR> d-------- c:\program files\Hawking
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-29 13:43 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-29 13:42 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-28 14:29 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-01 02:17 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-23 05:11 278,984 ----a-w c:\windows\system32\drivers\atksgt.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-09-19 455968]
"EPSON Stylus Photo R380 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIBOA.EXE" [2006-05-29 139264]
"Steam"="c:\program files\Steam\Steam.exe" [2009-02-19 1410296]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-06 8523776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-06 81920]
"Norton Ghost 12.0"="c:\program files\Norton Ghost\Agent\VProTray.exe" [2007-03-28 2037352]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 1443072]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-01-29 91432]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2008-01-22 81920]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-10-11 62760]
"a-squared"="c:\program files\A-SQUARED ANTI-MALWARE\a2guard.exe" [2009-02-27 2799760]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-09 515416]
"nwiz"="nwiz.exe" [2007-11-06 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-16 c:\windows\RTHDCPL.exe]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Hawking Wireless Utility.lnk - c:\program files\Hawking\Common\RaUI.exe [2009-02-19 651264]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Hawking\\Common\\RaUI.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-03-29 64160]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-02-20 33800]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\000.fcl [2008-09-28 04:37:33 41456]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-02-20 472320]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 951632]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2001-08-23 3584]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0522fc1-7bbf-11dd-9f08-806d6172696f}]
\Shell\AutoRun\command - d:\programs\nu2menu\nu2menu.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
2009-03-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 15:06]
.
- - - - ORPHANS REMOVED - - - -
BHO-{f5fba4ab-7439-4b23-8394-16c2bd798d1a} - c:\windows\system32\mofewobi.dll
HKLM-Run-0075e356 - c:\windows\system32\pabipihe.dll
HKLM-Run-emMON - emMON.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.kronosrobotics.com/xcart/home.php
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-30 17:25:39
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(1048)
c:\windows\system32\nvappfilter.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\a-squared Anti-Malware\a2service.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Norton Ghost\Agent\VProSvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-03-30 17:27:58 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-30 21:27:56
Pre-Run: 97,827,094,528 bytes free
Post-Run: 98,060,640,256 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
196