[Resolved] here is my first

ComboFix 09-06-20.02 - Bilosta 06/21/2009 16:00.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2038.1742 [GMT 3:00]
Running from: c:\documents and settings\Bilosta\Desktop\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
 * Resident AV is active

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\SKYNETxnbmolwb.sys
c:\windows\system32\SKYNETbqpqqmkj.dat
c:\windows\system32\SKYNETlclfkawe.dll
c:\windows\system32\SKYNETvmpqagtt.dat
c:\windows\system32\SKYNETyueempdv.dll

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SKYNETornmbciq


(((((((((((((((((((((((((   Files Created from 2009-05-21 to 2009-06-21  )))))))))))))))))))))))))))))))
.

2009-06-21 11:53 . 2009-06-21 11:53	--------	d-----w-	c:\documents and settings\Kurucity\Application Data\ESET
2009-06-21 11:52 . 2009-06-21 11:52	--------	d-----w-	c:\program files\ESET
2009-06-21 11:52 . 2009-06-21 11:52	--------	d-----w-	c:\documents and settings\All Users\Application Data\ESET
2009-06-21 11:50 . 2009-06-21 11:50	--------	d-----w-	c:\program files\InstallShield Installation Information
2009-06-21 11:34 . 2009-06-21 11:34	--------	d-----w-	c:\documents and settings\Kurucity\Local Settings\Application Data\GHISLER
2009-06-21 11:28 . 2009-06-21 11:28	0	----a-w-	c:\windows\nsreg.dat
2009-06-21 11:28 . 2009-06-21 11:28	--------	d-----w-	c:\documents and settings\Kurucity\Local Settings\Application Data\Mozilla
2009-06-21 11:26 . 2009-06-21 11:26	--------	d-sh--w-	c:\documents and settings\Kurucity\IECompatCache
2009-06-21 11:26 . 2009-06-21 11:26	--------	d-sh--w-	c:\documents and settings\Kurucity\PrivacIE
2009-06-21 11:23 . 2009-06-21 11:27	--------	d-----w-	C:\totalcmd
2009-06-21 11:23 . 2009-06-21 11:23	--------	d-----w-	c:\documents and settings\Kurucity\Application Data\GHISLER
2009-06-21 11:23 . 2009-06-11 04:50	545	----a-w-	c:\windows\UC.PIF
2009-06-21 11:23 . 2009-06-11 04:50	545	----a-w-	c:\windows\RAR.PIF
2009-06-21 11:23 . 2009-06-11 04:50	545	----a-w-	c:\windows\PKZIP.PIF
2009-06-21 11:23 . 2009-06-11 04:50	545	----a-w-	c:\windows\PKUNZIP.PIF
2009-06-21 11:23 . 2009-06-11 04:50	545	----a-w-	c:\windows\NOCLOSE.PIF
2009-06-21 11:23 . 2009-06-11 04:50	545	----a-w-	c:\windows\LHA.PIF
2009-06-21 11:23 . 2009-06-11 04:50	545	----a-w-	c:\windows\ARJ.PIF
2009-06-21 11:22 . 2008-04-13 21:17	25856	-c--a-w-	c:\windows\system32\dllcache\usbprint.sys
2009-06-21 11:22 . 2008-04-13 21:17	25856	----a-w-	c:\windows\system32\drivers\usbprint.sys

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-21 07:03 . 2009-06-21 07:03	--------	d-----w-	c:\program files\microsoft frontpage
2009-06-21 07:00 . 2009-06-21 07:00	84760	----a-w-	c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-06-21 07:00 . 2009-06-21 07:00	--------	d-----w-	c:\program files\MSBuild
2009-06-21 07:00 . 2009-06-21 07:00	--------	d-----w-	c:\program files\Reference Assemblies
2009-06-21 06:57 . 2009-06-21 06:56	86327	----a-w-	c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-21 06:55 . 2009-06-21 06:55	--------	d-----w-	c:\program files\Windows Media Connect 2
2009-06-21 06:51 . 2009-06-21 06:51	21640	----a-w-	c:\windows\system32\emptyregdb.dat
2009-06-21 06:50 . 2009-06-21 06:50	--------	d-----w-	c:\program files\Windows Live SkyDrive
2009-06-21 06:49 . 2009-06-21 06:49	--------	d-----w-	c:\program files\Microsoft
2009-06-21 06:49 . 2009-06-21 06:49	--------	d-----w-	c:\program files\Windows Live
2009-06-21 06:48 . 2009-06-21 06:48	--------	d-----w-	c:\program files\MSXML 4.0
2009-06-21 06:47 . 2009-06-21 06:47	--------	d-----w-	c:\program files\Microsoft Silverlight
2009-05-14 12:49 . 2009-05-14 12:49	55768	----a-w-	c:\windows\system32\drivers\epfwtdi.sys
2009-05-14 12:49 . 2009-05-14 12:49	33096	----a-w-	c:\windows\system32\drivers\epfwndis.sys
2009-05-14 12:49 . 2009-05-14 12:49 133000	----a-w-	c:\windows\system32\drivers\epfw.sys
2009-05-14 12:47 . 2009-05-14 12:47 107256	----a-w-	c:\windows\system32\drivers\ehdrv.sys
2009-05-14 12:41 . 2009-05-14 12:41 114472	----a-w-	c:\windows\system32\drivers\eamon.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DWPersistentQueuedReporting"="c:\program files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE" [2007-02-26 437160]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-05-14 2029640]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"%windir%\\system32\\sessmgr.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [5/14/2009 3:47 PM 107256]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [5/14/2009 3:47 PM 731840]
.
Contents of the 'Scheduled Tasks' folder

2009-06-21 c:\windows\Tasks\User_Feed_Synchronization-{B5FB382B-BCBD-4300-8133-B432938347A2}.job
- c:\windows\system32\msfeedssync.exe [2008-04-14 03:31]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://linklol.com/homepage/
FF - ProfilePath - 

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota",      5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history",     true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata",    true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords",   false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads",   true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies",     true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache",       true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions",    true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history",                 true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata",                true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords",               false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads",               true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies",                 true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache",                   true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions",                true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps",             false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings",            false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs",    false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-21 16:02
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-06-21 16:03
ComboFix-quarantined-files.txt  2009-06-21 13:03

Pre-Run: 70,562,025,472 bytes free
Post-Run: 70,638,682,112 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

162