Thanks CatByte for your help!!! Please see my ComboFix contents below, also attached..awaiting your next suggestions...
ComboFix 09-06-24.05 - Administrator 06/25/2009 13:00.1 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3070.2783 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\Combo-Fix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\Cache
c:\windows\system32\drivers\SKYNETmnedlnnr.sys
c:\windows\system32\drivers\UACqtuynwfjmvffqnt.sys
c:\windows\system32\SKYNETadfkbobt.dat
c:\windows\system32\SKYNETnpusbhml.dll
c:\windows\system32\SKYNETpwdhvhko.dat
c:\windows\system32\SKYNETrsqxvcrm.dll
c:\windows\system32\UACeohhaeamqwvvvbn.dat
c:\windows\system32\UACqfyrbgpmhfwmvsw.dll
c:\windows\system32\UACunbgevyqxowqamd.dll
c:\windows\Install.txt
c:\windows\jsr468ijdfghfjsw3rw3i6tjag81.exe
c:\windows\system32\drivers\SKYNETmnedlnnr.sys
c:\windows\system32\drivers\UACqtuynwfjmvffqnt.sys
c:\windows\system32\Install.txt
c:\windows\system32\SKYNETadfkbobt.dat
c:\windows\system32\SKYNETnpusbhml.dll
c:\windows\system32\SKYNETpwdhvhko.dat
c:\windows\system32\SKYNETrsqxvcrm.dll
c:\windows\system32\UACeohhaeamqwvvvbn.dat
c:\windows\system32\UACqfyrbgpmhfwmvsw.dll
c:\windows\system32\UACunbgevyqxowqamd.dll
c:\windows\system32\wiawow32.sys
----- BITS: Possible infected sites -----
hxxp://216.12.168.130
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_SKYNETdqlpltko
-------\Service_UACd.sys
-------\Legacy_MSNCACHE
-------\Legacy_SOPIDKC
-------\Legacy_jsr468ijdfghfjsw3rw3i6tjag80
-------\Service_jsr468ijdfghfjsw3rw3i6tjag80
((((((((((((((((((((((((( Files Created from 2009-05-25 to 2009-06-25 )))))))))))))))))))))))))))))))
.
2009-06-25 17:38 . 2009-06-25 17:39 -------- d-----w- C:\32788R22FWJFW.0.tmp
2009-06-25 12:32 . 2009-06-25 12:32 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Ahead
2009-06-24 03:11 . 2009-06-24 03:37 -------- d-----w- C:\HijackThis
2009-06-23 12:42 . 2009-06-23 12:42 0 ----a-w- c:\windows\system32\cd.dat
2009-06-21 04:54 . 2009-06-21 04:54 -------- d-----w- c:\windows\IIS Temporary Compressed Files
2009-06-21 04:52 . 2009-06-21 04:54 -------- d-----w- C:\Inetpub
2009-06-21 01:20 . 2009-06-21 01:21 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft
2009-06-21 01:20 . 2009-06-21 01:20 -------- d-----w- c:\documents and settings\Administrator
2009-06-21 00:56 . 2009-06-21 16:42 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-21 00:03 . 2009-06-21 01:53 -------- d-----w- c:\documents and settings\All Users\Application Data\99516866
2009-06-21 00:03 . 2009-06-21 01:53 -------- d-----w- c:\documents and settings\All Users\Application Data\19506874
2009-06-20 04:06 . 2009-06-24 01:34 -------- d-----w- c:\program files\Hotspot Shield
2009-06-15 03:06 . 2008-07-10 07:49 50200 ----a-w- c:\windows\system32\perf-ReportServer-rsctr.dll
2009-06-15 03:05 . 2009-06-15 03:05 397664 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VSTAHost\SSIS_ScriptComponent\9.0\1033\ResourceCache.dll
2009-06-15 03:05 . 2009-06-15 03:05 397664 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VSTAHost\SSIS_ScriptTask\9.0\1033\ResourceCache.dll
2009-06-15 03:03 . 2008-07-10 09:49 50200 ----a-w- c:\windows\system32\perf-SQLSERVERAGENT-sqlagtctr10.0.1600.22.dll
2009-06-15 03:03 . 2008-07-10 09:49 79896 ----a-w- c:\windows\system32\perf-MSSQLSERVER-sqlctr10.0.1600.22.dll
2009-06-15 02:58 . 2009-06-15 02:58 18368 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VSA\9.0\1033\ResourceCache.dll
2009-06-15 02:58 . 2009-06-15 03:00 121728 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VisualStudio\9.0\1033\ResourceCache.dll
2009-06-15 02:51 . 2009-06-15 02:51 416 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2009-06-15 02:49 . 2009-06-15 02:49 -------- d-----w- c:\program files\Microsoft SDKs
2009-06-15 02:48 . 2009-06-15 02:48 -------- d-----w- c:\program files\Microsoft Synchronization Services
2009-06-15 02:47 . 2009-06-15 02:47 -------- d-----w- c:\program files\Microsoft Analysis Services
2009-06-15 02:44 . 2009-06-15 02:44 -------- d-----w- c:\windows\system32\RsFx
2009-06-15 02:44 . 2009-06-15 02:44 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-06-15 02:42 . 2009-06-15 02:42 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-06-15 02:41 . 2009-06-15 02:55 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2009-06-14 22:11 . 2009-06-15 05:16 88016 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-06-14 22:11 . 2009-06-14 22:11 -------- d-----w- c:\windows\system32\XPSViewer
2009-06-14 22:11 . 2009-06-14 22:11 -------- d-----w- c:\program files\Reference Assemblies
2009-06-14 22:10 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-06-14 22:10 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-06-14 22:10 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-06-14 22:10 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-06-14 22:10 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-06-14 22:10 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-06-14 22:10 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-06-14 22:10 . 2009-06-14 22:26 -------- d-----w- c:\windows\SxsCaPendDel
2009-06-14 22:07 . 2009-06-14 22:07 -------- d-----w- c:\program files\MSXML 6.0
2009-06-11 02:30 . 2009-06-11 02:30 -------- d-----w- c:\program files\iPod
2009-06-11 02:30 . 2009-06-11 02:30 -------- d-----w- c:\program files\iTunes
2009-06-11 02:29 . 2009-06-11 02:29 -------- d-----w- c:\program files\QuickTime
2009-06-11 02:23 . 2009-06-11 02:23 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-06 22:31 . 2009-06-06 22:31 -------- d-----w- C:\spoolerlogs
2009-05-29 23:12 . 2009-05-29 23:12 -------- d-----w- c:\program files\TechSmith
2009-05-29 23:11 . 2009-06-25 01:24 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-05-26 18:42 . 2009-05-26 18:42 -------- d-----w- C:\suchitra
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-23 23:32 . 2008-10-25 23:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-06-21 16:14 . 2008-05-14 01:31 -------- d-----w- c:\program files\lx_cats
2009-06-21 04:43 . 2009-05-09 20:25 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-06-21 03:17 . 2009-06-21 03:17 -------- d-----w- c:\documents and settings\Administrator\Application Data\dvdcss
2009-06-21 01:43 . 2009-06-21 01:43 -------- d-----w- c:\documents and settings\Administrator\Application Data\Subversion
2009-06-21 01:21 . 2009-06-21 01:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-06-21 00:45 . 2009-03-31 02:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-17 16:27 . 2009-03-31 02:18 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 16:27 . 2009-03-31 02:18 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-16 18:29 . 2008-05-09 01:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-15 02:48 . 2008-05-09 01:55 -------- d-----w- c:\program files\Microsoft SQL Server
2009-06-15 02:40 . 2008-05-04 02:47 -------- d-----w- c:\program files\Microsoft.NET
2009-06-14 01:09 . 2009-01-06 03:21 -------- d-----w- c:\program files\SimpleCenter
2009-06-11 02:38 . 2009-03-04 02:20 141 ----a-w- c:\windows\system32\09wutili.sys
2009-06-11 02:30 . 2008-05-04 18:58 -------- d-----w- c:\program files\Common Files\Apple
2009-06-03 01:43 . 2009-05-25 21:14 -------- d-----w- c:\program files\Veoh Networks
2009-05-28 02:15 . 2009-05-25 02:11 -------- d-----w- c:\program files\Mozilla Sunbird
2009-05-25 21:51 . 2009-05-25 21:51 -------- d-----w- c:\program files\FLV Player
2009-05-25 03:09 . 2009-05-25 03:09 -------- d-----w- c:\program files\GtkSharp
2009-05-25 03:08 . 2009-05-25 03:06 -------- d-----w- c:\program files\Mono-2.4
2009-05-25 01:49 . 2009-05-25 01:24 -------- d-----w- c:\program files\Notepad++
2009-05-25 00:18 . 2009-05-25 00:18 -------- d-----w- c:\program files\Simplify Media
2009-05-19 16:23 . 2008-05-28 23:15 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-05-19 04:34 . 2009-05-19 04:34 -------- d-----w- c:\program files\Monsters
2009-05-19 04:25 . 2009-05-19 04:25 2317122 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\516F50703CB54254A8091825E1EAFE03\OneekoSetup.exe
2009-05-19 04:25 . 2009-05-19 04:25 16384 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\516F50703CB54254A8091825E1EAFE03\UninstallOneeko.exe
2009-05-19 04:25 . 2009-05-19 04:25 1532928 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\516F50703CB54254A8091825E1EAFE03\OneekoSkypeExtra.exe
2009-05-18 20:58 . 2008-05-04 04:59 -------- d-----w- c:\program files\Google
2009-05-18 15:28 . 2009-05-18 15:28 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-18 15:27 . 2009-05-18 15:27 -------- d-----w- c:\program files\Bonjour
2009-05-16 14:50 . 2009-05-16 14:50 -------- d-----w- c:\program files\Common Files\PCSuite
2009-05-16 14:50 . 2009-05-16 14:50 -------- d-----w- c:\program files\Common Files\Nokia
2009-05-16 14:50 . 2009-05-15 01:22 -------- d-----w- c:\program files\Nokia
2009-05-16 14:49 . 2009-05-16 14:49 -------- d-----w- c:\program files\PC Connectivity Solution
2009-05-16 14:48 . 2009-05-16 14:48 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstCCD.exe
2009-05-16 14:48 . 2009-05-16 14:48 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-05-16 14:48 . 2009-05-16 14:48 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCS.exe
2009-05-16 14:47 . 2009-05-16 14:48 34396584 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Nokia_PC_Suite_7_1_26_0_eng.exe
2009-05-16 14:47 . 2009-05-15 01:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-05-15 01:23 . 2009-05-15 01:23 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2009-05-15 01:21 . 2009-05-15 01:21 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstCCD.exe
2009-05-15 01:21 . 2009-05-15 01:21 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-05-15 01:21 . 2009-05-15 01:21 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstPCS.exe
2009-05-15 01:21 . 2009-05-15 01:22 33642704 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Nokia_PC_Suite_7_1_18_0_eng_web.exe
2009-05-11 13:36 . 2009-05-11 13:36 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SACore
2009-05-11 13:30 . 2009-05-09 19:59 -------- d-----w- c:\program files\McAfee
2009-05-10 17:04 . 2009-05-10 17:04 286720 ------w- c:\windows\Setup1.exe
2009-05-10 17:03 . 2009-05-10 17:03 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-05-10 16:26 . 2009-05-10 16:25 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-05-09 20:04 . 2009-05-09 20:02 -------- d-----w- c:\program files\SiteAdvisor
2009-05-09 20:03 . 2008-05-04 01:26 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-05-09 20:02 . 2009-05-09 20:02 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-05-09 20:00 . 2009-05-09 19:59 -------- d-----w- c:\program files\Common Files\McAfee
2009-05-09 19:59 . 2009-05-09 19:59 -------- d-----w- c:\program files\McAfee.com
2009-05-07 15:44 . 2001-08-23 12:00 344064 ----a-w- c:\windows\system32\localspl.dll
2009-05-06 02:59 . 2009-05-06 02:59 -------- d--h--w- c:\program files\Zero G Registry
2009-05-02 06:45 . 2008-05-14 01:28 -------- d-----w- c:\program files\Abbyy FineReader 6.0 Sprint
2009-05-02 06:41 . 2009-05-02 06:41 -------- d-----w- c:\program files\Alky for Applications
2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr
2009-04-30 19:45 . 2009-04-30 03:56 -------- d-----w- c:\program files\Oracle
2009-04-29 04:56 . 2001-08-23 12:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-28 17:18 . 2008-06-10 17:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-04-28 02:02 . 2008-06-10 17:07 -------- d-----w- c:\program files\Yahoo!
2009-04-17 09:58 . 2001-08-23 12:00 1846656 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 15:11 . 2001-08-23 12:00 584192 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-11 00:52 . 2009-04-11 00:52 1563688 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\827568A28AD44457A81ABC08309D7D62\YugmaSE-Installer.exe
2009-04-10 20:12 . 2009-01-25 21:19 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-03-27 20:40 . 2009-04-11 00:53 573440 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\827568A28AD44457A81ABC08309D7D62\lib\YugmaHelper.exe
2008-10-23 18:44 . 2008-10-23 18:44 76502424 ----a-w- c:\program files\jdk-6u10-windows-i586-p.exe
2008-10-23 18:18 . 2008-10-23 18:18 16156056 ----a-w- c:\program files\jre-6u10-windows-i586-p.exe
2009-03-15 00:15 . 2009-03-15 00:15 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-10-26 05:03 . 2008-05-05 01:14 900 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-02-14 23:23 . 2009-02-14 23:16 1004 --sha-w- c:\windows\system32\sys_drv.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NeroHomeFirstStart"="c:\program files\Common Files\Ahead\Lib\NMFirstStart.exe" [2005-10-28 10752]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"lxcymon.exe"="c:\program files\Lexmark 3400 Series\lxcymon.exe" [2007-06-25 291504]
"LXCYCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll" [2006-11-21 106496]
"V0330Mon.exe"="c:\windows\V0330Mon.exe" [2007-02-26 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-07 8523776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-07 81920]
"SunJavaUpdateSched"="c:\javajre\bin\jusched.exe" [2008-10-23 136600]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-05-01 68592]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-03-25 645328]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-01-09 1176808]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-05-16 16862720]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-12-07 1626112]
"BCMSMMSG"="BCMSMMSG.exe" - c:\windows\BCMSMMSG.exe [2003-08-29 122880]
c:\documents and settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-5-25 113664]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfehidk.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mferkdk.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\lxcycoms.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [3/15/2009 11:07 PM 40464]
S2 gupdate1c98d81f432108;Google Update Service (gupdate1c98d81f432108);c:\program files\Google\Update\GoogleUpdate.exe [2/12/2009 9:16 PM 133104]
S2 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe -service --> c:\windows\system32\lxcycoms.exe -service [?]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [5/9/2009 3:01 PM 210216]
S2 MsDtsServer100;SQL Server Integration Services 10.0;c:\program files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [7/10/2008 1:22 AM 218136]
S2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [7/10/2008 2:22 AM 1106968]
S3 ABIT-IO;ABIT-IO;c:\program files\U-ABIT\abitEQ\ABIT-IO.sys [5/25/2008 5:18 PM 4608]
S3 ALLOW-IO;ALLOW-IO;\??\d:\allow-io.sys --> d:\ALLOW-IO.sys [?]
S3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [11/25/2005 5:43 PM 31896]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [1/25/2007 12:31 PM 42000]
S3 V0330VID;WebCam Vista/Live! Cam Chat;c:\windows\system32\drivers\V0330Vid.sys [5/24/2008 9:21 PM 185183]
S4 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [3/14/2009 7:15 PM 30192]
S4 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [7/10/2008 1:15 AM 31256]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/10/2008 4:49 AM 47128]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;i:\microsoft visual studio\Common7\IDE\Remote Debugger\x86\msvsmon.exe [9/23/2005 7:01 AM 2799808]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [7/10/2008 2:49 AM 242712]
S4 Tomcat6;Apache Tomcat;c:\program files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe [7/21/2008 7:01 PM 57344]
.
Contents of the 'Scheduled Tasks' folder
2009-06-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-04 23:49]
2009-06-24 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-13 02:16]
2009-05-09 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-05-09 15:53]
2009-05-09 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-05-09 15:53]
.
- - - - ORPHANS REMOVED - - - -
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)
HKLM-Run-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
SafeBoot-mfehidk
SafeBoot-mferkdk
SafeBoot-mfetdik
SafeBoot-mfetdik.sys
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*
http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.pctools.com/en/spyware-doctor/purchase/?src=b13/?product=Spyware%20Doctor&subproduct=NRM&version=6%2E0%2E1%2E445&code=0%2D0%2D0%2D0&suversion=6%2E1%2E0%2E48&osversion=5%2E1%2E2600%2E2&osspack=Service%20Pack%202&sulang=en&platform=32
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: antimalwareguard.com
Trusted Zone: gomyhit.com
TCP: {2A25946B-1BBA-4584-B0EC-DB1802D4378C} = 208.67.220.220,208.67.222.222
TCP: {74C6452B-2DE4-488B-99D5-5AA0DAFDA6C1} = 208.67.220.220,208.67.222.222
FF - ProfilePath -
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2009-06-25 13:07
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(1144)
c:\program files\TortoiseSVN\bin\tortoisesvn.dll
c:\program files\TortoiseSVN\bin\intl3_svn.dll
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\windows\system32\taskmgr.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\McAfee.com\Agent\mcagent.exe
.
**************************************************************************
.
Completion time: 2009-06-25 13:09 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-25 18:09
Pre-Run: 17,523,458,048 bytes free
Post-Run: 17,405,247,488 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
334 --- E O F --- 2009-06-22 04:06