Thanks Pancake. this is my combofix log:

ComboFix 08-06-20.4 - Tendekai Kachere 2008-06-29 0:17:36.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.152 [GMT 1:00]
Running from: C:\Documents and Settings\Tendekai Kachere\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Tendekai Kachere\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\BM33fc4321.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\AutoRun.inf
C:\WINDOWS\system32\bqfuxaly.ini
C:\WINDOWS\system32\drivers\fad.sys
C:\WINDOWS\system32\ffughhox.dll
C:\WINDOWS\system32\fiqjfdoc.ini
C:\WINDOWS\system32\ftltyyxs.ini
C:\WINDOWS\system32\fyqohwxp.dll
C:\WINDOWS\system32\geBTmNdd.dll
C:\WINDOWS\system32\gkdplklx.ini
C:\WINDOWS\system32\hjlipkun.ini
C:\WINDOWS\system32\instsrv.exe
C:\WINDOWS\system32\JQrXayxx.ini
C:\WINDOWS\SYSTEM32\JQrXayxx.ini2
C:\WINDOWS\system32\kphesesd.dll
C:\WINDOWS\system32\loimnwqh.dll
C:\WINDOWS\system32\lqoobfen.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\nfecorfi.ini
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pqpenije.ini
C:\WINDOWS\system32\tfnbsdut.dll
C:\WINDOWS\system32\trymvdmp.dll
C:\WINDOWS\system32\vuaayoxf.dll
C:\WINDOWS\system32\wvUoPjgh.dll
C:\WINDOWS\system32\xukqdghb.dll
C:\WINDOWS\system32\xxyaXrQJ.dll
C:\WINDOWS\system32\yayxxuUm.dll
.
((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-28 )))))))))))))))))))))))))))))))
.
2008-06-28 00:15 . 2008-06-28 00:15 81,920 --a------ C:\WINDOWS\SYSTEM32\ifrocefn.dll
2008-06-28 00:14 . 2008-06-28 00:14 102,912 --a------ C:\WINDOWS\SYSTEM32\clwpxf.dll
2008-06-28 00:14 . 2008-06-28 00:14 102,912 --a------ C:\WINDOWS\SYSTEM32\agbgvppy.dll
2008-06-28 00:13 . 2008-06-28 00:13 90,112 --a------ C:\WINDOWS\SYSTEM32\qtmmthkw.dll
2008-06-27 10:33 . 2008-06-27 10:33 <DIR> d-------- C:\Deckard
2008-06-26 23:19 . 2008-06-26 23:19 105,984 --a------ C:\WINDOWS\SYSTEM32\cudcapen.dll
2008-06-26 23:16 . 2008-06-26 23:16 91,136 --a------ C:\WINDOWS\SYSTEM32\agbyiynh.dll
2008-06-26 12:31 . 2008-06-26 12:31 <DIR> d-------- C:\Documents and Settings\Tendekai Kachere\Application Data\iolo
2008-06-26 12:31 . 2008-06-26 12:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iolo
2008-06-26 01:14 . 2008-06-27 10:33 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-26 01:13 . 2008-06-26 19:50 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-06-26 01:13 . 2008-06-26 01:13 <DIR> d-------- C:\Documents and Settings\Tendekai Kachere\Application Data\PC Tools
2008-06-26 01:13 . 2008-06-10 21:22 81,288 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\iksyssec.sys
2008-06-26 01:13 . 2008-06-02 15:19 66,952 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\iksysflt.sys
2008-06-26 01:13 . 2008-06-02 15:19 42,376 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ikfilesec.sys
2008-06-26 01:13 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\kcom.sys
2008-06-25 22:23 . 2008-06-25 22:23 105,984 --a------ C:\WINDOWS\SYSTEM32\bqneilyk.dll
2008-06-25 22:21 . 2008-06-25 22:21 91,648 --a------ C:\WINDOWS\SYSTEM32\bqifnuaq.dll
2008-06-25 21:26 . 2008-06-25 21:26 105,984 --a------ C:\WINDOWS\SYSTEM32\vrmiinod.dll
2008-06-25 21:24 . 2008-06-25 21:25 91,648 --a------ C:\WINDOWS\SYSTEM32\lyaypcts.dll
2008-06-24 20:44 . 2008-06-24 20:44 99,328 --a------ C:\WINDOWS\SYSTEM32\nfygcyeh.dll
2008-06-24 20:44 . 2008-06-24 20:44 81,408 --a------ C:\WINDOWS\SYSTEM32\xlklpdkg.dll
2008-06-24 20:42 . 2008-06-24 20:42 91,648 --a------ C:\WINDOWS\SYSTEM32\pskpwdup.dll
2008-06-24 12:51 . 2008-06-24 12:51 <DIR> d-------- C:\Program Files\Windows Defender
2008-06-23 20:32 . 2008-06-23 20:32 99,328 --a------ C:\WINDOWS\SYSTEM32\akalrtlr.dll
2008-06-23 20:29 . 2008-06-23 20:29 90,624 --a------ C:\WINDOWS\SYSTEM32\hcbavmtx.dll
2008-06-23 18:03 . 2008-06-23 18:03 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-06-23 00:01 . 2008-06-23 20:35 53,192 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\rp_skt32.sys
2008-06-22 23:58 . 2007-04-19 11:36 48,384 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\rp_pkt32.sys
2008-06-22 23:57 . 2008-06-22 23:57 <DIR> d-------- C:\Program Files\Raxco
2008-06-22 23:57 . 2008-06-22 23:57 <DIR> d-------- C:\Program Files\Common Files\Authentium
2008-06-22 23:57 . 2008-06-22 23:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Raxco
2008-06-22 23:56 . 2008-06-22 23:56 <DIR> d-------- C:\Program Files\Common Files\Scanner
2008-06-22 23:56 . 2008-06-22 23:56 <DIR> d-------- C:\Program Files\CA
2008-06-22 23:38 . 2008-06-22 23:55 <DIR> d-------- C:\Program Files\Virgin Broadband
2008-06-22 23:38 . 2008-06-23 00:02 <DIR> d-------- C:\Documents and Settings\Tendekai Kachere\Application Data\Virgin Broadband
2008-06-22 23:38 . 2008-06-22 23:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Virgin Broadband
2008-06-22 23:33 . 2008-06-22 23:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ZKS_COMPANY_NAME
2008-06-22 17:07 . 2008-06-22 17:07 99,328 --a------ C:\WINDOWS\SYSTEM32\eukgxsiw.dll
2008-06-22 17:04 . 2008-06-22 17:04 90,624 --a------ C:\WINDOWS\SYSTEM32\tmnqartl.dll
2008-06-21 16:34 . 2008-06-21 16:34 99,328 --a------ C:\WINDOWS\SYSTEM32\jgnmbcrg.dll
2008-06-21 16:32 . 2008-06-21 16:32 90,624 --a------ C:\WINDOWS\SYSTEM32\eogafiqq.dll
2008-06-20 23:55 . 2008-06-20 23:56 41,723 ---hs---- C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
2008-06-20 23:42 . 2008-06-20 23:42 <DIR> d-------- C:\WINDOWS\SYSTEM32\modtrux01
2008-06-20 23:42 . 2008-06-20 23:42 <DIR> d-------- C:\temp\syschk3
2008-06-19 21:29 . 2008-06-26 00:31 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-19 21:29 . 2008-06-19 21:29 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-31 16:07 . 2008-05-31 16:07 <DIR> d-------- C:\Documents and Settings\Tendekai Kachere\Application Data\ArcSoft
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-06-26 19:05 --------- d-----w C:\Program Files\Modem On Hold
2008-06-26 19:05 --------- d-----w C:\Program Files\Microsoft Works
2008-06-26 12:02 --------- d-----w C:\Program Files\DivX
2008-06-26 11:41 --------- d-----w C:\Program Files\Common Files\Real
2008-06-24 11:41 --------- d-----w C:\Documents and Settings\Tendekai Kachere\Application Data\MSN6
2008-06-22 22:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-22 17:22 --------- d-----w C:\Program Files\Yahoo!
2008-06-22 17:20 --------- d-----w C:\Program Files\Nokia
2008-06-22 12:25 --------- d-----w C:\Documents and Settings\Tendekai Kachere\Application Data\uTorrent
2008-06-18 21:56 --------- d-----w C:\Program Files\Sports Interactive
2008-06-13 15:06 --------- d-----w C:\Program Files\OFFICE11
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-31 16:38 --------- d-----w C:\Documents and Settings\Tendekai Kachere\Application Data\HPAppData
2008-05-10 08:31 --------- d-----w C:\Program Files\Common Files\ArcSoft
2008-05-10 08:31 --------- d-----w C:\Program Files\ArcSoft
2008-05-10 07:50 --------- d-----w C:\Program Files\Philips
2008-05-10 07:50 --------- d-----w C:\Documents and Settings\Tendekai Kachere\Application Data\InstallShield
2008-05-09 06:53 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-09 06:52 --------- d-----w C:\Documents and Settings\Tendekai Kachere\Application Data\AdobeUM
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 17:01 --------- d-----w C:\Program Files\BearShare Applications
2008-01-15 21:52 140,800 --sh--w C:\Program Files\Common Files\Yazzle1281OinAdmin.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56 15360]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 17:21 1449984]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-19 08:59 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-19 08:59 126976]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 20:15 290816]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 11:43 53248]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 20:12 221184]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-03-15 01:04 122933]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01 110592]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-09-02 02:45 98304]
"ntl Netguard"="C:\Program Files\ntl\ntl Netguard\RPS.exe" [ ]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46 57344]
"USB Storage Toolbox"="C:\Program Files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 21:44 65536]
"NSLauncher"="C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2006-11-28 02:12 2658304]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 22:34 49152]
"Broadbandadvisor.exe"="C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" [2007-08-07 18:49 2061552]
"PCguard"="C:\Program Files\Virgin Broadband\PCguard\Rps.exe" [2007-09-05 14:10 310000]
"-FreedomNeedsReboot"="C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe" [2007-09-05 14:10 13552]
"30cf70bd"="C:\WINDOWS\system32\ifrocefn.dll" [2008-06-28 00:15 81920]
"BM33fc4321"="C:\WINDOWS\system32\qtmmthkw.dll " [2008-06-28 00:13 90112]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 08:56 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 08:56 53760 C:\WINDOWS\SYSTEM32\narrator.exe]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 22:26:24 210520]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Documents and Settings\\Tendekai Kachere\\My Documents\\Tendekai\\LimeWire\\LimeWire.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Documents and Settings\\Tendekai Kachere\\My Documents\\Tendekai\\uTorrent.exe"=
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
S3 bDMusicb;bDMusicb;C:\DOCUME~1\TENDEK~1\LOCALS~1\Te mp\bDMusicb.sys []
S3 Radialpoint Security Services;Virgin Broadband PCguard;C:\WINDOWS\system32\dllhost.exe [2004-08-04 08:56]
S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys [2006-11-10 18:23]
S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys [2006-11-10 19:23]
S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys [2006-11-10 19:23]
S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Emgmt.sys [2006-11-10 19:23]
S3 se2End5;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS);C:\WINDOWS\system32\DRIVERS\se2End5.sys [2006-11-10 19:23]
S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Eobex.sys [2006-11-10 19:23]
S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM);C:\WINDOWS\system32\DRIVERS\se2Eunic.sys [2006-11-10 19:24]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{97497e48-f395-11dc-b187-000f1f556a00}]
\Shell\AutoRun\command - ie.exe
\Shell\explore\Command - ie.exe
\Shell\open\Command - ie.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-06-28 23:31:27 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-06-28 22:11:06 C:\WINDOWS\Tasks\WebReg Deskjet F2100 series.job"
- C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe
.
************************************************** ************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-29 00:29:12
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\ifrocefn.dll
-> C:\WINDOWS\system32\qtmmthkw.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Virgin Broadband\PCguard\Fws.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\SYSTEM32\rundll32.exe
C:\WINDOWS\SYSTEM32\rundll32.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Virgin Broadband\PCguard\rpsupdaterr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\WINDOWS\SYSTEM32\msiexec.exe
.
************************************************** ************************
.
Completion time: 2008-06-29 0:40:25 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-28 23:40:04
Pre-Run: 59,861,270,528 bytes free
Post-Run: 59,824,402,432 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOW S
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Micro soft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
229 --- E O F --- 2008-06-24 23:27:53


i'm about to do the new hijackthis one.

The new HiJackThis log is as follows:

Deckard's System Scanner v20071014.68
Run by Tendekai Kachere on 2008-06-29 00:59:28
Computer is in Normal Mode.
--------------------------------------------------------------------------------
Total Physical Memory: 510 MiB (512 MiB recommended).

-- HijackThis (run as Tendekai Kachere.exe) ------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:00:16, on 29/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Virgin Broadband\PCguard\Fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Documents and Settings\Tendekai Kachere\Desktop\dss.exe
C:\DOCUME~1\TENDEK~1\Desktop\Tendekai Kachere.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Dell UK Portal
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ntl Netguard] "C:\Program Files\ntl\ntl Netguard\RPS.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [30cf70bd] rundll32.exe "C:\WINDOWS\system32\ifrocefn.dll",b
O4 - HKLM\..\Run: [BM33fc4321] Rundll32.exe "C:\WINDOWS\system32\qtmmthkw.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.tesco.net
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.nick.com
O15 - Trusted Zone: http://register-tesco.qa.business.ntl.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.storageguardsoft.com
O15 - Trusted Zone: http://memberservices.tesco.net
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O16 - DPF: NTLSignup - https://tesco.autoregister.net/tesco/NTLSignup.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/inflaterball...GameLoader.dll
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} - http://www.miniclip.com/supergerball...GameLoader.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O16 - DPF: {30CE93AE-4987-483C-9ABE-F2BD5301AB70} - http://64.158.165.49/output/100039/u...s/dbaccess.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by110fd.bay110.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1143397592921
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab55579.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://66.117.37.13/dba250.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Virgin Broadband PCguard Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
O23 - Service: PCguard Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\Fws.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
--
End of file - 11198 bytes
-- Files created between 2008-05-29 and 2008-06-29 -----------------------------
2008-06-29 00:17:19 0 d-------- C:\cmdcons
2008-06-29 00:14:58 68096 --a------ C:\WINDOWS\zip.exe
2008-06-29 00:14:58 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-29 00:14:58 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-29 00:14:58 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-29 00:14:58 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-29 00:14:58 98816 --a------ C:\WINDOWS\sed.exe
2008-06-29 00:14:58 80412 --a------ C:\WINDOWS\grep.exe
2008-06-29 00:14:58 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-28 00:15:53 81920 --a------ C:\WINDOWS\system32\ifrocefn.dll
2008-06-28 00:14:35 102912 --a------ C:\WINDOWS\system32\clwpxf.dll
2008-06-28 00:14:32 102912 --a------ C:\WINDOWS\system32\agbgvppy.dll
2008-06-28 00:13:50 90112 --a------ C:\WINDOWS\system32\qtmmthkw.dll
2008-06-26 23:19:43 105984 --a------ C:\WINDOWS\system32\cudcapen.dll
2008-06-26 23:16:45 91136 --a------ C:\WINDOWS\system32\agbyiynh.dll
2008-06-26 12:31:46 0 d-------- C:\Documents and Settings\Tendekai Kachere\Application Data\iolo
2008-06-26 12:31:46 0 d-------- C:\Documents and Settings\All Users\Application Data\iolo
2008-06-26 01:14:04 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-26 01:13:09 0 d-------- C:\Program Files\Spyware Doctor
2008-06-26 01:13:09 0 d-------- C:\Documents and Settings\Tendekai Kachere\Application Data\PC Tools
2008-06-25 22:23:53 105984 --a------ C:\WINDOWS\system32\bqneilyk.dll
2008-06-25 22:21:46 91648 --a------ C:\WINDOWS\system32\bqifnuaq.dll
2008-06-25 21:26:58 105984 --a------ C:\WINDOWS\system32\vrmiinod.dll
2008-06-25 21:24:59 91648 --a------ C:\WINDOWS\system32\lyaypcts.dll
2008-06-24 20:44:26 99328 --a------ C:\WINDOWS\system32\nfygcyeh.dll
2008-06-24 20:44:21 81408 --a------ C:\WINDOWS\system32\xlklpdkg.dll
2008-06-24 20:42:13 91648 --a------ C:\WINDOWS\system32\pskpwdup.dll
2008-06-24 12:51:06 0 d-------- C:\Program Files\Windows Defender
2008-06-23 20:33:06 0 dr------- C:\Documents and Settings\LocalService\My Documents
2008-06-23 20:32:07 99328 --a------ C:\WINDOWS\system32\akalrtlr.dll
2008-06-23 20:29:54 90624 --a------ C:\WINDOWS\system32\hcbavmtx.dll
2008-06-23 18:03:56 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-06-22 23:57:48 0 d-------- C:\Program Files\Common Files\Authentium
2008-06-22 23:57:08 0 d-------- C:\Program Files\Raxco
2008-06-22 23:57:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Raxco
2008-06-22 23:56:37 0 d-------- C:\Program Files\CA
2008-06-22 23:56:24 0 d-------- C:\Program Files\Common Files\Scanner
2008-06-22 23:38:40 0 d-------- C:\Documents and Settings\Tendekai Kachere\Application Data\Virgin Broadband
2008-06-22 23:38:28 0 d-------- C:\Program Files\Virgin Broadband
2008-06-22 23:38:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Virgin Broadband
2008-06-22 23:33:56 0 d-------- C:\Documents and Settings\All Users\Application Data\ZKS_COMPANY_NAME
2008-06-22 17:07:00 99328 --a------ C:\WINDOWS\system32\eukgxsiw.dll
2008-06-22 17:04:46 90624 --a------ C:\WINDOWS\system32\tmnqartl.dll
2008-06-21 16:34:56 99328 --a------ C:\WINDOWS\system32\jgnmbcrg.dll
2008-06-21 16:32:43 90624 --a------ C:\WINDOWS\system32\eogafiqq.dll
2008-06-20 23:55:44 41723 ---hs---- C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
2008-06-20 23:42:15 0 d-------- C:\WINDOWS\system32\modtrux01
2008-05-31 16:07:08 0 d-------- C:\Documents and Settings\Tendekai Kachere\Application Data\ArcSoft

-- Find3M Report ---------------------------------------------------------------
2008-06-28 23:11:08 141260 --a------ C:\WINDOWS\hpoins14.dat
2008-06-26 20:05:11 0 d-------- C:\Program Files\Movie Maker
2008-06-26 20:05:04 0 d-------- C:\Program Files\Modem On Hold
2008-06-26 20:05:03 0 d-------- C:\Program Files\Microsoft Works
2008-06-26 20:04:57 0 d-------- C:\Program Files\Messenger
2008-06-26 13:02:36 0 d-------- C:\Program Files\DivX
2008-06-26 12:41:18 0 d-------- C:\Program Files\Common Files\Real
2008-06-24 20:14:44 0 d-------- C:\Documents and Settings\Tendekai Kachere\Application Data\Adobe
2008-06-24 12:41:17 0 d-------- C:\Documents and Settings\Tendekai Kachere\Application Data\MSN6
2008-06-22 23:57:48 0 d-------- C:\Program Files\Common Files
2008-06-22 23:49:22 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-22 18:22:43 0 d-------- C:\Program Files\Yahoo!
2008-06-22 18:20:03 0 d-------- C:\Program Files\Nokia
2008-06-22 13:25:50 0 d-------- C:\Documents and Settings\Tendekai Kachere\Application Data\uTorrent
2008-06-18 22:56:26 0 d-------- C:\Program Files\Sports Interactive
2008-06-13 16:06:14 0 d-------- C:\Program Files\OFFICE11
2008-05-31 17:38:56 0 d-------- C:\Documents and Settings\Tendekai Kachere\Application Data\HPAppData
2008-05-10 09:31:49 0 d-------- C:\Program Files\Common Files\ArcSoft
2008-05-10 09:31:48 0 d-------- C:\Program Files\ArcSoft
2008-05-10 08:50:58 0 d-------- C:\Program Files\Philips
2008-05-10 08:50:34 0 d-------- C:\Documents and Settings\Tendekai Kachere\Application Data\InstallShield
2008-05-09 07:53:58 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-09 07:52:25 0 d-------- C:\Documents and Settings\Tendekai Kachere\Application Data\AdobeUM
2008-05-07 18:01:09 0 d-------- C:\Program Files\BearShare Applications

-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
02/03/2007 17:52 177768 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [19/10/2005 08:59]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [19/10/2005 08:59]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [11/04/2004 20:15]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [11/04/2004 11:43]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [03/09/2003 20:12]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [15/03/2004 01:04]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [19/08/2003 01:01]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/09/2004 02:45]
"ntl Netguard"="C:\Program Files\ntl\ntl Netguard\RPS.exe" []
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [07/06/2005 00:46]
"USB Storage Toolbox"="C:\Program Files\USB Disk Win98 Driver\Res.EXE" [14/09/2005 21:44]
"NSLauncher"="C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [28/11/2006 02:12]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [11/03/2007 22:34]
"Broadbandadvisor.exe"="C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" [07/08/2007 18:49]
"PCguard"="C:\Program Files\Virgin Broadband\PCguard\Rps.exe" [05/09/2007 14:10]
"-FreedomNeedsReboot"="C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe" [05/09/2007 14:10]
"30cf70bd"="C:\WINDOWS\system32\ifrocefn.dll" [28/06/2008 00:15]
"BM33fc4321"="C:\WINDOWS\system32\qtmmthkw.dll " [28/06/2008 00:13]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 08:56]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [27/06/2006 17:21]
[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\runonce]
"RunNarrator"=Narrator.exe
C:\Documents and Settings\Tendekai Kachere\Start Menu\Programs\Startup\
DESKTOP.INI [03/09/2002 09:00:00]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/04/2008 03:38:16]
DESKTOP.INI [03/09/2002 09:00:00]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [11/03/2007 22:26:24]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [17/02/1999 21:05:56]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sdauxservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sdcoreservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{97497e48-f395-11dc-b187-000f1f556a00}]
AutoRun\command- ie.exe
explore\Command- ie.exe
open\Command- ie.exe


-- End of Deckard's System Scanner: finished at 2008-06-29 01:00:58 ------------

Now to the next thing. Hope I get this right.

Thanks for the help so far by the way.

To help clean out Trusted Zones,download and run DELDOMAINS then double click to open the DelDomains.inf .To execute the file: right-click and Select 'Install' from the Menu.


===========================================

Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT.

O4 - HKLM\..\Run: [30cf70bd] rundll32.exe "C:\WINDOWS\system32\ifrocefn.dll",b
O4 - HKLM\..\Run: [BM33fc4321] Rundll32.exe "C:\WINDOWS\system32\qtmmthkw.dll",s
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.nick.com
O15 - Trusted Zone: http://register-tesco.qa.business.ntl.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.storageguardsoft.com
O15 - Trusted Zone: http://memberservices.tesco.net
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)


Reboot...........................

===================================

Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open *notepad* and copy/paste the text in the quotebox below into it:

Save this as CFScript.txt




Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture a file to submit for analysis.

Ensure you are connected to the internet and click OK on the message box. A browser will open. Simply follow the instructions to copy/paste/send the requested file.

I've managed to run SDFix and the report is as follows:


SDFix: Version 1.198
Run by Tendekai Kachere on 29/06/2008 at 01:20
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Checking Services :

Restoring Default Security Values
Restoring Default Hosts File
Rebooting

Checking Files :
Trojan Files Found:
C:\Program Files\Common Files\Yazzle1281OinAdmin.exe - Deleted
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe - Deleted


Removing Temp Files
ADS Check :


Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-29 01:27:35
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :


Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*isabled:Internet Explorer"
"C:\\Documents and Settings\\Tendekai Kachere\\My Documents\\Tendekai\\LimeWire\\LimeWire.exe"="C:\\ Documents and Settings\\Tendekai Kachere\\My Documents\\Tendekai\\LimeWire\\LimeWire.exe:*isa bled:LimeWire"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\ \system32\\sessmgr.exe:*isabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*isabled:Windows Messenger"
"C:\\Documents and Settings\\Tendekai Kachere\\My Documents\\Tendekai\\uTorrent.exe"="C:\\Documents and Settings\\Tendekai Kachere\\My Documents\\Tendekai\\uTorrent.exe:*isabled:æTorr ent"
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"="C:\\Progr am Files\\BearShare Applications\\BearShare\\BearShare.exe:*isabled: BearShare"
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"="C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe:*isabled:@xpsp3res.dll ,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*isabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*isabled:Windows Live Messenger 8.1 (Phone)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files :

File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Sat 16 Jul 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 21 Sep 2005 782 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv17.bak"
Mon 26 Mar 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Mon 12 Feb 2007 161,792 ...H. --- "C:\Documents and Settings\Tendekai Kachere\My Documents\RICS\~WRL1835.tmp"
Wed 22 Mar 2006 19,968 ...H. --- "C:\Documents and Settings\Tendekai Kachere\My Documents\Tendekai\~WRL2724.tmp"
Wed 7 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fd026484 9c01086f3c6b505dc02dbd44\BIT3FF.tmp"
Fri 7 Mar 2008 116,736 A..H. --- "C:\Documents and Settings\Tendekai Kachere\My Documents\Tendekai\BTEC (Word)\~WRL0003.tmp"
Wed 30 Jan 2008 311,808 A..H. --- "C:\Documents and Settings\Tendekai Kachere\My Documents\Tendekai\BTEC (Word)\~WRL0005.tmp"
Thu 31 Jan 2008 312,832 A..H. --- "C:\Documents and Settings\Tendekai Kachere\My Documents\Tendekai\BTEC (Word)\~WRL0006.tmp"
Thu 31 Jan 2008 313,856 A..H. --- "C:\Documents and Settings\Tendekai Kachere\My Documents\Tendekai\BTEC (Word)\~WRL0137.tmp"
Fri 7 Mar 2008 117,760 A..H. --- "C:\Documents and Settings\Tendekai Kachere\My Documents\Tendekai\BTEC (Word)\~WRL0644.tmp"
Thu 31 Jan 2008 313,856 A..H. --- "C:\Documents and Settings\Tendekai Kachere\My Documents\Tendekai\BTEC (Word)\~WRL0899.tmp"
Thu 31 Jan 2008 314,368 A..H. --- "C:\Documents and Settings\Tendekai Kachere\My Documents\Tendekai\BTEC (Word)\~WRL1005.tmp"
Thu 31 Jan 2008 313,856 A..H. --- "C:\Documents and Settings\Tendekai Kachere\My Documents\Tendekai\BTEC (Word)\~WRL1062.tmp"
Fri 7 Mar 2008 117,760 A..H. --- "C:\Documents and Settings\Tendekai Kachere\My Documents\Tendekai\BTEC (Word)\~WRL2016.tmp"
Fri 7 Mar 2008 116,736 A..H. --- "C:\Documents and Settings\Tendekai Kachere\My Documents\Tendekai\BTEC (Word)\~WRL2046.tmp"
Fri 7 Mar 2008 117,760 A..H. --- "C:\Documents and Settings\Tendekai Kachere\My Documents\Tendekai\BTEC (Word)\~WRL2917.tmp"
Thu 31 Jan 2008 310,784 A..H. --- "C:\Documents and Settings\Tendekai Kachere\My Documents\Tendekai\BTEC (Word)\~WRL3184.tmp"
Fri 7 Mar 2008 116,736 A..H. --- "C:\Documents and Settings\Tendekai Kachere\My Documents\Tendekai\BTEC (Word)\~WRL3907.tmp"
Wed 13 Feb 2008 50,176 A..H. --- "C:\Documents and Settings\Tendekai Kachere\My Documents\Tendekai\English\~WRL0004.tmp"
Mon 25 Feb 2008 35,328 A..H. --- "C:\Documents and Settings\Tendekai Kachere\My Documents\Tendekai\English\~WRL1640.tmp"
Thu 17 Jan 2008 45,568 A..H. --- "C:\Documents and Settings\Tendekai Kachere\My Documents\Tendekai\English\~WRL2607.tmp"
Fri 22 Feb 2008 27,136 A..H. --- "C:\Documents and Settings\Tendekai Kachere\My Documents\Tendekai\Global Citizenship\~WRL0004.tmp"
Wed 20 Feb 2008 23,040 A..H. --- "C:\Documents and Settings\Tendekai Kachere\My Documents\Tendekai\Global Citizenship\~WRL0005.tmp"
Thu 21 Feb 2008 24,064 A..H. --- "C:\Documents and Settings\Tendekai Kachere\My Documents\Tendekai\Global Citizenship\~WRL2169.tmp"
Thu 21 Feb 2008 23,040 A..H. --- "C:\Documents and Settings\Tendekai Kachere\My Documents\Tendekai\Global Citizenship\~WRL3714.tmp"
Thu 21 Feb 2008 19,968 A..H. --- "C:\Documents and Settings\Tendekai Kachere\My Documents\Tendekai\Global Citizenship\~WRL4002.tmp"
Tue 26 Feb 2008 277,504 A..H. --- "C:\Documents and Settings\Tendekai Kachere\My Documents\Tendekai\History\~WRL0003.tmp"
Tue 26 Feb 2008 277,504 A..H. --- "C:\Documents and Settings\Tendekai Kachere\My Documents\Tendekai\History\~WRL0467.tmp"
Thu 3 Jan 2008 269,824 A..H. --- "C:\Documents and Settings\Tendekai Kachere\My Documents\Tendekai\History\~WRL0897.tmp"
Wed 6 Feb 2008 280,064 A..H. --- "C:\Documents and Settings\Tendekai Kachere\My Documents\Tendekai\History\~WRL3235.tmp"
Mon 18 Sep 2006 0 A.SH. --- "C:\Deckard\System Scanner\20080629005921\backup\WINDOWS\temp\czhoufd g.TMP"
Mon 9 Oct 2006 0 A.SH. --- "C:\Deckard\System Scanner\20080629005921\backup\WINDOWS\temp\mn22q5o n.TMP"
Wed 13 Feb 2008 50,176 A..H. --- "C:\Documents and Settings\Tendekai Kachere\My Documents\Tendekai\Word stuff\English\~WRL0004.tmp"
Thu 17 Jan 2008 45,568 A..H. --- "C:\Documents and Settings\Tendekai Kachere\My Documents\Tendekai\Word stuff\English\~WRL2607.tmp"
Thu 21 Feb 2008 23,040 A..H. --- "C:\Documents and Settings\Tendekai Kachere\My Documents\Tendekai\Word stuff\Global Citizenship\~WRL0005.tmp"
Thu 21 Feb 2008 24,064 A..H. --- "C:\Documents and Settings\Tendekai Kachere\My Documents\Tendekai\Word stuff\Global Citizenship\~WRL2169.tmp"
Thu 21 Feb 2008 23,040 A..H. --- "C:\Documents and Settings\Tendekai Kachere\My Documents\Tendekai\Word stuff\Global Citizenship\~WRL3714.tmp"
Thu 21 Feb 2008 19,968 A..H. --- "C:\Documents and Settings\Tendekai Kachere\My Documents\Tendekai\Word stuff\Global Citizenship\~WRL4002.tmp"
Wed 19 Mar 2008 2,310,656 A..H. --- "C:\Documents and Settings\Tendekai Kachere\My Documents\Tendekai\GCSE I.T\GCSE I.T\Unit 3\Task A\~WRL1945.tmp"
Wed 19 Mar 2008 95,744 A..H. --- "C:\Documents and Settings\Tendekai Kachere\My Documents\Tendekai\GCSE I.T\GCSE I.T\Unit 3\Task E\~WRL0234.tmp"
Thu 17 Apr 2008 58,880 A..H. --- "C:\Documents and Settings\Tendekai Kachere\My Documents\Tendekai\GCSE I.T\GCSE I.T\Unit 3\Task F\~WRL2274.tmp"
Finished!


Once again, I appreciate the help so far. I hope this will help solve the entire problem

I will wait for the new Combofix log..

Sorry for the bother but how do you make HiJackThis fix items? What are the steps? I do not know how to get the file so that I can check the appropriate boxes.