nevermind I found it, sorry here it is.
ComboFix 08-04-22.1 - RY 2008-04-22 21:32:02.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.201 [GMT -4:00]
Running from: C:\Documents and Settings\RY\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\RY\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\Tasks.\At1.job
C:\WINDOWS\system32\dbmsrpcnc.dll . . . . failed to delete
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_pwpyhymq
-------\Service_pwpyhymq
((((((((((((((((((((((((( Files Created from 2008-03-23 to 2008-04-23 )))))))))))))))))))))))))))))))
.
2008-04-22 18:44 . 2008-04-22 18:44 1,015,808 --a------ C:\WINDOWS\system32\libeay32.dll
2008-04-22 18:44 . 2008-04-22 18:44 638,208 --a------ C:\WINDOWS\system32\qdjwptbl.dat
2008-04-22 18:44 . 2008-04-22 18:44 196,608 --a------ C:\WINDOWS\system32\libssl32.dll
2008-04-22 18:44 . 2008-04-22 18:44 43,264 --a------ C:\WINDOWS\system32\tcwghctf.dat
2008-04-22 18:44 . 2008-04-22 18:44 36,608 --a------ C:\WINDOWS\system32\orstrtqt.dat
2008-04-22 18:44 . 2008-04-22 18:44 35,584 --a------ C:\WINDOWS\system32\nteuclru.dat
2008-04-22 18:44 . 20,608 C:\WINDOWS\system32\drivers\kvlvuxtk.dat
2008-04-22 18:41 . 2008-04-22 18:41 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-22 18:41 . 2008-04-22 18:41 <DIR> d-------- C:\Documents and Settings\RY\Application Data\Malwarebytes
2008-04-22 18:41 . 2008-04-22 18:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-15 18:26 . 2008-04-15 21:53 <DIR> d-------- C:\fixwareout
2008-04-14 22:25 . 2008-04-14 22:45 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-14 22:25 . 2008-04-14 23:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-14 19:53 . 2008-04-22 18:44 190,720 --a------ C:\WINDOWS\system32\olnsewxm.dat
2008-04-14 19:46 . 2004-08-04 04:00 88,064 --a------ C:\WINDOWS\system32\commdlgg.dll
2008-04-14 19:46 . 2008-04-22 18:44 83,456 --a------ C:\WINDOWS\system32\dbmsrpcnc.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-16 02:11 --------- d-----w C:\Program Files\Common Files\AOL
2008-04-16 02:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-04-15 03:22 --------- d-----w C:\Program Files\Easy Internet signup
2008-03-10 22:48 --------- d-----w C:\Documents and Settings\RY\Application Data\Move Networks
2007-06-29 22:37 92,064 ----a-w C:\Documents and Settings\RY\mqdmmdm.sys
2007-06-29 22:37 9,232 ----a-w C:\Documents and Settings\RY\mqdmmdfl.sys
2007-06-29 22:37 79,328 ----a-w C:\Documents and Settings\RY\mqdmserd.sys
2007-06-29 22:37 66,656 ----a-w C:\Documents and Settings\RY\mqdmbus.sys
2007-06-29 22:37 6,208 ----a-w C:\Documents and Settings\RY\mqdmcmnt.sys
2007-06-29 22:37 5,936 ----a-w C:\Documents and Settings\RY\mqdmwhnt.sys
2007-06-29 22:37 4,048 ----a-w C:\Documents and Settings\RY\mqdmcr.sys
2007-06-29 22:37 25,600 ----a-w C:\Documents and Settings\RY\usbsermptxp.sys
2007-06-29 22:37 22,768 ----a-w C:\Documents and Settings\RY\usbsermpt.sys
2006-10-09 17:03 0 ----a-w C:\Documents and Settings\RY\Application Data\wklnhst.dat
2006-03-22 05:10 15,487,432 ----a-w C:\Program Files\DivXPlay.exe
1998-12-09 02:53 99,840 ----a-w C:\Program Files\Common Files\IRAABOUT.DLL
1998-12-09 02:53 70,144 ----a-w C:\Program Files\Common Files\IRAMDMTR.DLL
1998-12-09 02:53 48,640 ----a-w C:\Program Files\Common Files\IRALPTTR.DLL
1998-12-09 02:53 31,744 ----a-w C:\Program Files\Common Files\IRAWEBTR.DLL
1998-12-09 02:53 186,368 ----a-w C:\Program Files\Common Files\IRAREG.DLL
1998-12-09 02:53 17,920 ----a-w C:\Program Files\Common Files\IRASRIAL.DLL
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2F9056F7-7E14-4149-A9A5-BE712751404C}]
2004-08-04 04:00 88064 --a------ C:\WINDOWS\system32\commdlgg.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AFBAE86B-0E2A-44CE-B790-A656B51AC34A}]
2008-04-22 18:44 83456 --a------ c:\windows\system32\dbmsrpcnc.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-13 21:04 68856]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"slaygj2tt"="C:\WINDOWS\system32\slaygj2tt.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-02-08 06:36 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-02-08 06:32 126976]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 12:11 1388544]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-08-06 11:27 860160]
"AGRSMMSG"="AGRSMMSG.exe" [2005-04-13 06:12 88209 C:\WINDOWS\AGRSMMSG.exe]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2005-02-08 12:38 159744]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-05-04 13:59 794624]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 02:11 49152]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-10-13 19:04 278528]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-08-02 03:01 98304]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 16:54 253952]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 16:24 290816]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2005-03-29 17:45 233534]
"ChangeResolution"="C:\hp\bin\ChangeResolution.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43 83608]
"slaygj2tt"="C:\WINDOWS\system32\slaygj2tt.exe" [ ]
"combofix"="C:\WINDOWS\system32\CF14660.exe" [2004-08-04 04:00 388608]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 04:15:54 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xqogvetq]
dbmsrpcnc.dll 2008-04-22 18:44 83456 C:\WINDOWS\system32\dbmsrpcnc.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Motorola\\UID Extraction Tool\\UIDExtraction.exe"=
"C:\\Program Files\\AIM95\\aim.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\EA GAMES\\Need For Speed Underground\\Speed.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunesHelper.exe"=
"C:\\Program Files\\Valve\\hl.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
R0 fopsqltd;fopsqltd;C:\WINDOWS\system32\drivers\kvlvuxtk.dat []
R2 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE []
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]
S2 OracleXETNSListener;OracleXETNSListener;C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe [2006-02-02 00:49]
S3 mamotou;mamotou;C:\WINDOWS\system32\DRIVERS\mamotou.sys [2005-11-07 17:50]
S3 P0630VID;Creative WebCam Live!;C:\WINDOWS\system32\DRIVERS\P0630Vid.sys [2004-04-14 00:07]
S4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE []
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
pwpyhymq
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\RunGame.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b4632a7e-d34a-11db-9b23-001500369210}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
"2008-04-23 01:39:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-04-22 21:37:56
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????9?8?4?9??????? ???B?????????????hLC? ??????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\fopsqltd]
"ImagePath"="system32\drivers\kvlvuxtk.dat"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\oraclexe\app\oracle\product\10.2.0\server\BIN\oracle.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HPQ\Shared\hpqwmi.exe
C:\Program Files\Apoint2K\ApntEx.exe
.
**************************************************************************
.
Completion time: 2008-04-22 21:41:00 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-23 01:40:54
Pre-Run: 32,254,373,888 bytes free
Post-Run: 32,272,863,232 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
168 --- E O F --- 2008-04-16 10:27:32