Skynet virus removal

Kaspersky detected some skynet viruses on my computer, but couldn't remove them.

I did a combofix scan, and i have the log here.

What do i do to delete the virus?

ComboFix 09-08-22.06 - Philip Yeung 08/23/2009 19:21.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.893.528 [GMT -7:00]
Running from: c:\documents and settings\Philip Yeung\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
* Created a new restore point
.
/wow section - STAGE 32A

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-603682670-807078939-456122966-1003
c:\windows\Downloaded Program Files\PurpleBean.exe
c:\windows\Installer\13c1bd.msi
c:\windows\Installer\24fde8.msp
c:\windows\ONSPCLCK.exe
c:\windows\system32\drivers\SKYNETriurrvit.sys
c:\windows\system32\drivers\Sonyhcp.dll
c:\windows\system32\SKYNETcchxnseq.dll
c:\windows\system32\SKYNETdavntqbu.dat
c:\windows\system32\SKYNETfasrshky.dat
c:\windows\system32\SKYNETibavhevi.dat
c:\windows\system32\SKYNETmdxvcpfu.dll
c:\windows\system32\SKYNETmqeexuet.dll
c:\windows\system32\SKYNETnbqpfwor.dll
c:\windows\system32\SKYNETnqevwbwu.dll
c:\windows\system32\SKYNETpqparstt.dat
c:\windows\system32\SKYNETpylptego.dll
c:\windows\system32\SKYNETqfuxjvrj.dll
c:\windows\system32\SKYNETqxtnnsee.dll
c:\windows\system32\SKYNETrjuykxns.dll
c:\windows\system32\SKYNETtdltapqj.dat
c:\windows\system32\SKYNETterttxhi.dat
c:\windows\system32\SKYNETuyptxotu.dll
c:\windows\system32\SKYNETwrtlilrm.dat
c:\windows\system32\SKYNETwxwaoevs.dat
c:\windows\system32\SKYNETxvbcvpxo.dat
c:\windows\system32\SKYNETyarmtasw.dat
c:\windows\system32\SKYNETycbvttnp.dat
c:\windows\system32\TIControlPanel.cpl.manifest
c:\windows\system32\wr26412.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SKYNETqowupkro
-------\Legacy_SKYNETqowupkro

((((((((((((((((((((((((( Files Created from 2009-07-24 to 2009-08-24 )))))))))))))))))))))))))))))))
.

2009-08-24 02:19 . 2009-08-24 02:19 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat
2009-08-24 02:03 . 2009-08-24 02:03 -------- d-----w- c:\documents and settings\Philip Yeung\Application Data\Malwarebytes
2009-08-24 02:03 . 2009-08-03 20:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-24 02:03 . 2009-08-24 02:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-24 02:03 . 2009-08-03 20:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-24 02:03 . 2009-08-24 02:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-23 18:19 . 2006-12-11 17:20 180224 ----a-w- c:\documents and settings\Philip Yeung\Application Data\U3\000016718671771F\79EB5C19-AB0E-4dd7-BE89-BF96301D35Z8\Exec\U3AppWrapper.exe
2009-08-23 18:19 . 2006-12-11 17:20 983829 ----a-w- c:\documents and settings\Philip Yeung\Application Data\U3\000016718671771F\79EB5C19-AB0E-4dd7-BE89-BF96301D35Z8\Exec\master.exe
2009-08-23 18:19 . 2006-12-11 17:20 72192 ----a-w- c:\documents and settings\Philip Yeung\Application Data\U3\000016718671771F\79EB5C19-AB0E-4dd7-BE89-BF96301D35Z8\Exec\TASKLIST.EXE
2009-08-23 18:19 . 2006-12-11 17:20 72192 ----a-w- c:\documents and settings\Philip Yeung\Application Data\U3\000016718671771F\79EB5C19-AB0E-4dd7-BE89-BF96301D35Z8\Exec\TASKKILL.EXE
2009-08-23 18:19 . 2006-12-11 17:20 325 ----a-w- c:\documents and settings\Philip Yeung\Application Data\U3\000016718671771F\79EB5C19-AB0E-4dd7-BE89-BF96301D35Z8\Exec\stopApp.bat
2009-08-23 18:19 . 2006-12-11 17:20 15 ----a-w- c:\documents and settings\Philip Yeung\Application Data\U3\000016718671771F\79EB5C19-AB0E-4dd7-BE89-BF96301D35Z8\Exec\run_me.bat
2009-08-23 18:19 . 2006-12-11 17:20 40960 ----a-w- c:\documents and settings\Philip Yeung\Application Data\U3\000016718671771F\79EB5C19-AB0E-4dd7-BE89-BF96301D35Z8\Exec\appstop.exe
2009-08-21 19:20 . 2009-08-21 19:20 -------- d-----w- c:\program files\ParetoLogic
2009-08-21 19:20 . 2009-08-21 19:20 -------- d-----w- c:\program files\Common Files\ParetoLogic
2009-08-21 19:20 . 2009-08-21 19:20 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2009-08-21 19:19 . 2009-08-21 19:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Cached Installations
2009-08-21 05:41 . 2009-08-21 05:41 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-08-21 05:41 . 2009-08-21 05:41 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-08-21 05:40 . 2009-08-24 02:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-08-21 05:40 . 2009-08-21 05:40 -------- d-----w- c:\program files\Kaspersky Lab
2009-08-21 05:39 . 2009-08-21 05:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-08-12 17:52 . 2009-08-12 17:52 -------- d-----w- c:\program files\AGEIA Technologies
2009-08-12 17:52 . 2009-08-12 17:52 -------- d-----w- c:\windows\system32\AGEIA
2009-08-12 17:42 . 2009-08-12 18:58 -------- d-----w- c:\windows\nview
2009-08-12 17:42 . 2009-02-18 21:44 453152 ----a-w- c:\windows\system32\nvudisp.exe
2009-08-12 17:41 . 2009-02-17 06:17 453152 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-08-12 16:48 . 2009-08-12 16:48 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2009-08-12 16:27 . 2009-08-12 17:47 -------- d-----w- c:\program files\NVIDIA Corporation
2009-08-12 16:27 . 2009-08-12 16:27 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2009-08-12 16:10 . 2009-08-04 06:13 2061592 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-08-12 16:10 . 2009-08-04 06:13 3476760 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2009-08-12 16:10 . 2009-08-04 06:13 2000152 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgtray.exe
2009-08-12 16:10 . 2009-08-04 06:13 1213720 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgfrw.exe
2009-08-10 04:46 . 2009-08-10 04:46 152576 ----a-w- c:\documents and settings\Philip Yeung\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-08 03:20 . 2009-08-21 05:36 -------- d-----w- c:\program files\Lavasoft
2009-08-07 06:29 . 2009-08-07 06:29 -------- d-----w- c:\documents and settings\Administrator.FAMILYCOMPUTER\Application Data\DivX
2009-08-07 06:29 . 2009-08-07 06:29 -------- d-----w- c:\documents and settings\Administrator.FAMILYCOMPUTER\Application Data\Media Player Classic
2009-08-07 06:03 . 2009-08-07 06:03 1475352 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\prepare\avgupd.dll
2009-08-07 03:41 . 2009-08-21 05:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-08-04 20:23 . 2009-08-04 21:47 -------- d--h--w- C:\$AVG8.VAULT$
2009-08-04 06:13 . 2009-08-04 05:48 12936 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgrkx86.sys
2009-08-04 06:13 . 2009-08-04 05:48 10520 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgrsstx.dll
2009-08-04 06:13 . 2009-08-04 05:48 98440 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgldx86.sys
2009-08-04 06:13 . 2009-08-04 05:48 90632 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgtdix.sys
2009-08-04 06:13 . 2009-08-04 05:48 287000 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgrsx.exe
2009-08-04 06:13 . 2009-08-04 05:48 26824 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgmfx86.sys
2009-08-04 06:10 . 2009-08-04 06:10 1126168 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.exe
2009-08-04 06:10 . 2009-08-04 06:10 758040 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avginet.dll
2009-08-04 06:10 . 2009-08-04 06:10 587032 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgiproxy.exe
2009-08-04 06:10 . 2009-08-04 06:10 1471768 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2009-08-04 05:48 . 2009-08-21 05:36 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-08-04 05:48 . 2009-08-04 05:48 -------- d-----w- c:\program files\AVG
2009-08-04 01:51 . 2009-08-04 02:38 -------- d-----w- c:\documents and settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2009-08-04 01:51 . 2009-08-04 01:51 -------- d-----w- c:\documents and settings\Philip Yeung\Local Settings\Application Data\Downloaded Installations
2009-08-03 16:43 . 2009-08-03 16:43 -------- d-----w- c:\documents and settings\All Users\Application Data\PCSettings
2009-08-03 16:43 . 2009-08-04 02:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-08-03 16:42 . 2009-08-04 01:50 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-08-03 16:32 . 2009-08-03 16:32 -------- d-----w- c:\documents and settings\All Users\Symantec Temporary Files
2009-08-03 03:31 . 2009-08-03 03:31 -------- d--h--w- c:\documents and settings\Philip Yeung\Application Data\IFViewer
2009-07-29 01:03 . 2009-07-29 01:03 -------- d-----w- c:\program files\Red Kawa

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-23 18:13 . 2006-10-11 23:31 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS
2009-08-23 03:16 . 2007-06-04 00:57 -------- d-----w- c:\documents and settings\Philip Yeung\Application Data\U3
2009-08-21 16:24 . 2008-02-26 06:24 -------- d-----w- c:\documents and settings\Philip Yeung\Application Data\uTorrent
2009-08-21 06:25 . 2006-10-11 23:13 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-21 06:25 . 2008-06-09 21:33 -------- d-----w- c:\program files\CyberLink
2009-08-14 00:54 . 2009-03-28 16:28 -------- d-----w- c:\program files\Windows Desktop Search
2009-08-13 19:03 . 2009-03-29 23:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-12 17:52 . 2007-02-08 03:35 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-12 17:40 . 2006-12-24 01:50 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-08-12 16:12 . 2009-07-22 17:32 1100 ----a-w- c:\windows\system32\d3d8caps.dat
2009-08-10 04:47 . 2006-10-11 23:16 -------- d-----w- c:\program files\Java
2009-08-05 09:01 . 2006-04-30 05:11 204800 ------w- c:\windows\system32\mswebdvd.dll
2009-08-04 02:38 . 2006-10-11 23:22 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-08-04 01:50 . 2006-10-11 23:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-08-03 03:44 . 2009-04-18 07:53 -------- d-----w- c:\program files\Cheat Engine
2009-07-31 02:22 . 2008-08-11 17:38 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-25 12:23 . 2009-01-07 06:35 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-17 19:01 . 2006-04-30 05:10 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 06:43 . 2006-04-30 05:11 286208 ------w- c:\windows\system32\wmpdxm.dll
2009-07-11 04:49 . 2009-06-04 06:31 -------- d-----w- c:\program files\SystemRequirementsLab
2009-07-11 04:49 . 2008-01-31 00:31 -------- d-----w- c:\documents and settings\Philip Yeung\Application Data\SystemRequirementsLab
2009-07-11 04:49 . 2009-07-11 04:49 207872 ----a-w- c:\documents and settings\Philip Yeung\Application Data\SystemRequirementsLab\SRLProxy_srl_4.dll
2009-07-11 04:49 . 2009-07-11 04:49 207872 ----a-w- c:\documents and settings\Philip Yeung\Application Data\SystemRequirementsLab\SRLProxy_srl_3.dll
2009-07-11 04:49 . 2009-07-11 04:49 207872 ----a-w- c:\documents and settings\Philip Yeung\Application Data\SystemRequirementsLab\SRLProxy_srl_2.dll
2009-07-11 04:49 . 2009-07-11 04:49 207872 ----a-w- c:\documents and settings\Philip Yeung\Application Data\SystemRequirementsLab\SRLProxy_srl_1.dll
2009-07-09 15:52 . 2009-07-09 15:52 59992 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2010 9.0.0.463\English\setup.exe
2009-07-09 15:52 . 2009-07-09 15:52 59976 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2010 9.0.0.463\English\setup.exe
2009-07-03 22:48 . 2009-07-03 22:48 219664 ----a-w- c:\windows\system32\klogon.dll
2009-07-03 22:45 . 2009-07-03 22:45 27507 ----a-w- c:\windows\system32\drivers\klopp.dat
2009-07-03 17:09 . 2006-04-30 05:11 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-03 02:59 . 2009-07-02 19:54 -------- d-----w- c:\documents and settings\All Users\Application Data\ijjigame
2009-07-02 20:19 . 2008-01-09 00:00 -------- d--h--w- c:\documents and settings\Philip Yeung\Application Data\ijjigame
2009-07-02 19:55 . 2009-07-02 19:55 220926964 ----a-w- c:\documents and settings\Philip Yeung\Application Data\ijjigame\U_GUNZ_setup.exe
2009-07-02 19:54 . 2008-01-09 00:00 480688 -c--a-w- c:\documents and settings\Philip Yeung\Application Data\ijjigame\ijjistarter2FxB.exe
2009-07-02 19:49 . 2006-11-25 01:49 81232 ----a-w- c:\documents and settings\Philip Yeung\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-01 20:32 . 2009-03-30 00:07 -------- d-----w- c:\program files\Microsoft Works
2009-07-01 19:47 . 2006-12-25 01:48 -------- d-----w- c:\program files\Ahead
2009-07-01 04:21 . 2009-06-30 21:17 -------- d-----w- c:\documents and settings\Philip Yeung\Application Data\dvdcss
2009-06-30 21:16 . 2009-04-01 00:01 -------- d-----w- c:\documents and settings\Philip Yeung\Application Data\DAEMON Tools Lite
2009-06-21 19:11 . 2009-06-21 19:11 10344 ----a-w- c:\windows\system32\drivers\symlcbrd.sys
2009-06-16 14:36 . 2006-04-30 05:11 119808 ------w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2006-04-30 05:10 81920 ------w- c:\windows\system32\fontsub.dll
2009-06-15 21:01 . 2009-06-15 21:01 128016 ----a-w- c:\windows\system32\drivers\kl1.sys
2009-06-12 12:31 . 2006-04-30 05:10 76288 ------w- c:\windows\system32\telnet.exe
2009-06-10 16:19 . 2006-04-30 05:30 2066432 ------w- c:\windows\system32\mstscax.dll
2009-06-10 14:13 . 2006-04-30 05:10 84992 ------w- c:\windows\system32\avifil32.dll
2009-06-10 06:14 . 2006-04-30 05:11 132096 ------w- c:\windows\system32\wkssvc.dll
2009-06-04 06:31 . 2009-06-04 06:31 290816 -c--a-w- c:\documents and settings\Philip Yeung\Application Data\SystemRequirementsLab\SRLProxy_nvd_4.dll
2009-06-04 06:31 . 2009-06-04 06:31 290816 -c--a-w- c:\documents and settings\Philip Yeung\Application Data\SystemRequirementsLab\SRLProxy_nvd_3.dll
2009-06-04 06:31 . 2009-06-04 06:31 290816 -c--a-w- c:\documents and settings\Philip Yeung\Application Data\SystemRequirementsLab\SRLProxy_nvd_2.dll
2009-06-04 06:31 . 2009-06-04 06:31 290816 ----a-w- c:\documents and settings\Philip Yeung\Application Data\SystemRequirementsLab\SRLProxy_nvd_1.dll
2009-06-03 19:09 . 2006-04-30 05:11 1291264 ------w- c:\windows\system32\quartz.dll
2009-04-01 05:47 . 2009-04-01 02:00 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
2007-06-21 18:00 . 2006-11-25 01:48 88 --sh--r- c:\windows\system32\4D6021DBCD.sys
2008-10-12 23:08 . 2006-11-25 01:48 4184 -csha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2006-12-11 536576]
"LPManager"="c:\progra~1\Lenovo\LENOVO~2\LPMGR.exe" [2006-07-03 110592]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-17 221184]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2006-07-15 2341632]
"AMSG"="c:\progra~1\THINKV~1\AMSG\amsg.exe" [2005-11-22 507904]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-13 483328]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-18 86016]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2009-07-03 303376]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-12-20 16860672]
"Mouse Suite 98 Daemon"="ICO.EXE" - c:\windows\system32\ico.exe [2005-04-13 49152]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-08 61952]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-02-18 1657376]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2006-12-24 25214]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck lsdelete

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LaunchU3.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\LaunchU3.exe.lnk
backup=c:\windows\pss\LaunchU3.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\ijji\\ENGLISH\\u_gunz.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"63908:TCP"= 63908:TCP:*:Disabled:SolidNetworkManager
"63908:UDP"= 63908:UDP:*:Disabled:SolidNetworkManager
"56965:TCP"= 56965:TCP:*:Disabled:SolidNetworkManager
"56965:UDP"= 56965:UDP:*:Disabled:SolidNetworkManager

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [12/15/2008 8:41 PM 33808]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [3/28/2009 6:00 PM 13696]
R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [12/11/2008 7:08 AM 3575808]
R2 smi2;smi2;c:\program files\SMI2\smi2.sys [7/14/2006 3:55 PM 3968]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/22/2008 9:48 PM 24652]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [3/30/2009 4:28 PM 1533808]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [5/13/2009 5:46 PM 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [5/16/2009 8:59 PM 19472]
R3 NVHDA;Service for NVIDIA HDMI Audio Driver;c:\windows\system32\drivers\nvhda32.sys [3/28/2009 9:09 AM 26272]
R3 pelmouse;Mouse Suite Driver;c:\windows\system32\drivers\PELMOUSE.SYS [10/11/2006 4:13 PM 16384]
R3 pelusblf;USB Mouse Low Filter Driver;c:\windows\system32\drivers\PELUSBLF.SYS [10/11/2006 4:13 PM 9216]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 maxD20081102;maxD20081102;\??\c:\documents and settings\Philip Yeung\Desktop\binary\max20081102.sys --> c:\documents and settings\Philip Yeung\Desktop\binary\max20081102.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SoRa_DRIVER53;SoRa_DRIVER53;\??\c:\documents and settings\Philip Yeung\Desktop\H\Hack pack\SoRa 4.6\SoRa_.sys --> c:\documents and settings\Philip Yeung\Desktop\H\Hack pack\SoRa 4.6\SoRa_.sys [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - uphcleanhlp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-08-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3971450374-1987798764-102444739-1006Core.job
- c:\documents and settings\Philip Yeung\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-23 02:20]

2009-08-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3971450374-1987798764-102444739-1006UA.job
- c:\documents and settings\Philip Yeung\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-23 02:20]

2009-08-24 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2008-02-22 19:25]

2009-08-21 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2008-02-22 19:25]

2009-08-23 c:\windows\Tasks\User_Feed_Synchronization-{54E501AB-AB24-4C1C-9CF3-1A40BB5C8508}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:31]
.
- - - - ORPHANS REMOVED - - - -

Notify-AtiExtEvent - (no file)

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Convert link target to Adobe PDF
IE: Convert link target to existing PDF
IE: Convert selected links to Adobe PDF
IE: Convert selected links to existing PDF
IE: Convert selection to Adobe PDF
IE: Convert selection to existing PDF
IE: Convert to Adobe PDF
IE: Convert to existing PDF
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} - hxxp://s.nx.com/activex/public_new/nxpm.cab
FF - ProfilePath - c:\documents and settings\Philip Yeung\Application Data\Mozilla\Firefox\Profiles\j9avk0mw.default\
FF - component: c:\program files\Mozilla Firefox\extensions\[email protected]\components\KavLinkFilter.dll
FF - plugin: c:\documents and settings\Philip Yeung\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPSFDMGR.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npssn.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\windows\system32\SolidStateNetworks\SolidStateION\npssn.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-23 19:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3971450374-1987798764-102444739-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3288)
c:\windows\system32\WININET.dll
c:\program files\Lenovo\Client Security Solution\tvtpwm_windows_hook.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\pelscrll.dll
c:\windows\system32\PELCOMM.dll
c:\windows\system32\PELHOOKS.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\UPHClean\uphclean.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Lenovo\Logger\logmon.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\PELMICED.EXE
c:\program files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
c:\program files\Lenovo\Client Security Solution\tvtpwm_tray.exe
.
**************************************************************************
.
Completion time: 2009-08-24 19:41 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-24 02:41

Pre-Run: 190,692,270,080 bytes free
Post-Run: 190,622,580,736 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer

423 --- E O F --- 2009-08-18 23:21

#1
Flowbert

Posted 23 August 2009 - 08:48 PM

Advertisements

#2
Flowbert

Posted 23 August 2009 - 10:29 PM

Similar Topics

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us