Webuser Forums: search engine blocked

I have followed your last instructions and completed both SDfix.exe and Combofix.exe.
Here are the reports.

SDFix: Version 1.180
Run by Graham on 08/05/2008 at 12:30

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\DOCUME~1\Graham\desktop\SDFix

Checking Services :

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting

Checking Files :

No Trojan Files Found

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1359.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-08 12:34:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Mozilla Firefox"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"="C:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe:*:Enabled:Zoo Tycoon 2 Executable"
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"="C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe:*:Enabled:tvprunner"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :

File Backups: - C:\DOCUME~1\Graham\desktop\SDFix\backups\backups.zip

Files with Hidden Attributes :

Sun 9 Dec 2007 6,219,320 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Mon 18 Dec 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 18 Feb 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv03.tmp"
Thu 8 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\BITD.tmp"
Mon 18 Dec 2006 4,348 A..H. --- "C:\Documents and Settings\Graham\desktop\Safe-Share Downloads\License Backup\drmv1key.bak"
Mon 11 Feb 2008 20 A..H. --- "C:\Documents and Settings\Graham\desktop\Safe-Share Downloads\License Backup\drmv1lic.bak"
Mon 18 Dec 2006 400 A..H. --- "C:\Documents and Settings\Graham\desktop\Safe-Share Downloads\License Backup\drmv2key.bak"
Mon 11 Feb 2008 1,536 A..H. --- "C:\Documents and Settings\Graham\desktop\Safe-Share Downloads\License Backup\drmv2lic.bak"

Finished!

ComboFix 08-05-07.1 - Graham 2008-05-08 12:58:32.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.425 [GMT 1:00]
Running from: C:\Documents and Settings\Graham\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Graham\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\ebjvjago.dll
C:\WINDOWS\system32\ebofvokm.dll
C:\WINDOWS\system32\etropeoj.dll
C:\WINDOWS\system32\ghetckti.dll
C:\WINDOWS\system32\ghtaulyy.ini
C:\WINDOWS\system32\gmytkdcc.dll
C:\WINDOWS\system32\iifebBqq.dll
C:\WINDOWS\system32\ltgijepq.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mkovfobe.ini
C:\WINDOWS\system32\pqenmggi.dll
C:\WINDOWS\system32\qoMcBUmm.dll
C:\WINDOWS\system32\vxeknerk.dll
C:\WINDOWS\system32\wehsqdrp.dll
C:\WINDOWS\system32\wvUlliHy.dll
C:\WINDOWS\system32\xumgbwqf.dll
C:\WINDOWS\system32\yHillUvw.ini
C:\WINDOWS\system32\yHillUvw.ini2

.
((((((((((((((((((((((((( Files Created from 2008-04-08 to 2008-05-08 )))))))))))))))))))))))))))))))
.

2008-05-08 12:57 . 2008-05-08 12:57 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
2008-05-08 12:27 . 2008-05-08 12:27 <DIR> d-------- C:\WINDOWS\ERUNT
2008-05-08 12:26 . 2008-05-08 12:26 <DIR> d-------- C:\desktop
2008-05-08 12:22 . 2008-05-07 05:11 <DIR> d-------- C:\SDFix
2008-05-07 15:37 . 2008-05-07 15:37 2,112 --a------ C:\WINDOWS\system32\lnhvxrwh.exe
2008-05-07 15:28 . 2008-05-07 15:28 53,312 --a------ C:\WINDOWS\system32\uoivvaed.dll
2008-05-07 14:58 . 2008-05-07 14:58 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-07 14:29 . 2008-05-07 14:29 53,312 --a------ C:\WINDOWS\system32\psomlciv.dll
2008-05-06 19:51 . 2008-05-08 12:39 <DIR> d-------- C:\Program Files\Mozilla Firefox 3 Beta 5
2008-05-05 19:11 . 2008-05-05 19:11 53,312 --a------ C:\WINDOWS\system32\yukgarlk.dll
2008-05-04 19:12 . 2008-05-04 19:12 53,312 --a------ C:\WINDOWS\system32\cfbirrqv.dll
2008-05-04 16:31 . 2008-05-04 16:31 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-05-01 16:37 . 2008-05-01 16:37 <DIR> d-------- C:\Program Files\uTorrent
2008-05-01 16:37 . 2008-05-01 16:38 <DIR> d-------- C:\Documents and Settings\Graham\Application Data\uTorrent
2008-04-22 03:19 . 2008-05-07 15:16 109,767 --a------ C:\WINDOWS\BM731a594b.xml
2008-04-20 20:10 . 2008-04-20 20:10 <DIR> d-------- C:\Documents and Settings\Graham\Application Data\.BitTornado
2008-04-20 20:09 . 2008-04-20 20:17 <DIR> d-------- C:\Program Files\BitTornado
2008-04-16 22:40 . 2008-04-16 22:40 <DIR> d-------- C:\Program Files\DNA
2008-04-16 22:40 . 2008-05-08 13:00 <DIR> d-------- C:\Documents and Settings\Graham\Application Data\DNA
2008-04-15 18:34 . 2008-04-15 18:34 <DIR> d-------- C:\Documents and Settings\Graham\Application Data\Leadertech
2008-04-14 15:09 . 2008-04-14 15:10 <DIR> d-------- C:\Documents and Settings\Graham\Application Data\Joost
2008-04-14 15:08 . 2008-04-14 15:10 <DIR> d-------- C:\Program Files\Joost
2008-04-12 21:19 . 2008-04-12 21:19 <DIR> d-------- C:\Program Files\14 East

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-08 09:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Driving Test Success
2008-05-08 09:32 --------- d-----w C:\Program Files\Driving Test Success 2007-2008
2008-05-06 16:33 --------- d-----w C:\Program Files\LimeWire
2008-05-06 16:33 --------- d-----w C:\Documents and Settings\Graham\Application Data\PLAY AXIS
2008-05-05 14:15 9,168 ----a-w C:\Documents and Settings\Graham\Application Data\wklnhst.dat
2008-05-04 15:31 --------- d-----w C:\Program Files\Common Files\Real
2008-05-01 15:38 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-01 15:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-30 15:21 --------- d-----w C:\Program Files\Common Files\Scanner
2008-04-24 14:16 --------- d-----w C:\Documents and Settings\Graham\Application Data\Vso
2008-04-21 14:12 --------- d-----w C:\Documents and Settings\Graham\Application Data\LimeWire
2008-04-21 06:15 --------- d-----w C:\Documents and Settings\Graham\Application Data\BitTorrent
2008-04-16 21:40 --------- d-----w C:\Program Files\BitTorrent
2008-04-13 13:32 --------- d-----w C:\Program Files\CD Library
2008-04-11 17:29 --------- d-----w C:\Program Files\PowrClik Lite
2008-04-05 11:38 --------- d-----w C:\Program Files\BitComet
2008-04-04 17:53 --------- d-----w C:\Program Files\Azureus
2008-04-04 17:51 --------- d-----w C:\Documents and Settings\Graham\Application Data\Azureus
2008-04-04 17:42 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-04 17:41 2,560 ----a-w C:\WINDOWS\system32\bitcometres.dll
2008-04-03 16:49 --------- d-----w C:\Documents and Settings\Graham\Application Data\Microsoft Games
2008-04-03 16:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Games
2008-04-03 16:46 --------- d-----w C:\Program Files\Microsoft Games
2008-03-30 13:26 --------- d-----w C:\Documents and Settings\Graham\Application Data\Canon
2008-03-25 19:52 --------- d-----w C:\Documents and Settings\Graham\Application Data\GlarySoft
2008-03-25 19:49 --------- d-----w C:\Program Files\Glary Utilities
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-11 19:43 --------- d-----w C:\Program Files\QuickTime
2008-03-11 19:23 --------- d-----w C:\Program Files\Secunia
2008-03-10 16:26 53,192 ----a-w C:\WINDOWS\system32\drivers\rp_skt32.sys
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-19 18:41 96,304 ----a-w C:\Documents and Settings\Graham\Application Data\GDIPFONTCACHEV1.DAT
2008-02-16 08:59 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2007-10-27 16:04 1,417 ----a-w C:\Documents and Settings\english\mini.scr
2007-05-18 15:38 87,608 ----a-w C:\Documents and Settings\Graham\Application Data\inst.exe
2007-05-18 15:38 47,360 ----a-w C:\Documents and Settings\Graham\Application Data\pcouffin.sys
2007-01-26 16:19 774,144 ----a-w C:\Program Files\RngInterstitial.dll
.

------- Sigcheck -------

2007-10-30 17:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-02-11 18:39 359040 c81d6a930a7805f6daa0c7902b99037e C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2008-04-04 18:42 360064 34a663e7f74ae8b2c992c2513343477e C:\WINDOWS\system32\dllcache\tcpip.sys
2008-04-04 18:42 360064 34a663e7f74ae8b2c992c2513343477e C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-14 17:46 68856]
"com.codeode.cactusspamfilter"="C:\Program Files\Cactus Spam Filter 2.13\cactusspamfilter.exe" [2006-04-30 17:27 749568]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]
"BitComet"="C:\Program Files\BitComet\BitComet.exe" [2008-03-25 07:38 2196280]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-08 09:06 289088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\System32\NeroCheck.exe" [2001-07-09 11:50 155648]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-07-12 06:19 7626752]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 13:10 267048]
"nwiz"="nwiz.exe" [2006-07-12 06:19 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-07-12 06:19 86016]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-01 12:10 16049664 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe]
"Broadbandadvisor.exe"="C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" [2007-08-07 19:49 2061552]
"PCguard"="C:\Program Files\Virgin Broadband\PCguard\Rps.exe" [2007-09-05 15:10 310000]
"-FreedomNeedsReboot"="C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe" [2007-09-05 15:10 13552]
"1 Active Wipe Readme"="C:\Documents and Settings\All Users\Application Data\Road File 1 Active\Program Platform.exe" [2008-05-08 12:41 4549632]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 13:00 15360]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 22:18 443968]

C:\Documents and Settings\Graham\Start Menu\Programs\Startup\
Secunia PSI (RC1).lnk - C:\Program Files\Secunia\PSI (RC1)\psi.exe [2008-02-22 10:09:52 626688]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
blueyonder Instant Support Tool.lnk - C:\Program Files\blueyonder IST\bin\blueyonder-istconfig.exe [2006-12-15 20:33:12 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yv12"= yv12vfw.dll
"VIDC.NTN1"= nuvision.ax
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^blueyonder Instant Support Tool.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\blueyonder Instant Support Tool.lnk

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Reminder.lnk]
backup=C:\WINDOWS\pss\Event Reminder.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-06-07 00:46 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-ra------ 2005-05-03 11:43 69632 C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2005-10-28 22:25 94208 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CORN KNOB CHIN ONLINE]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-04 13:00 15360 C:\WINDOWS\System32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Else Barb Log That]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo R300 Series]
--a------ 2003-09-11 04:00 99840 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Face Way]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-12-11 13:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\memo site kind that]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
--a------ 2001-08-17 04:41 28738 C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
--a------ 2006-04-21 16:41 438359 C:\PROGRA~1\BLUEYO~2\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-07-12 06:19 7626752 C:\WINDOWS\System32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-07-12 06:19 86016 C:\WINDOWS\System32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-07-12 06:19 1519616 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
--a------ 2003-05-08 13:00 49152 C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2007-10-23 22:18 443968 C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2007-09-21 16:34 214296 C:\Program Files\Real\RealPlayer\RealPlay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-ra------ 2006-08-01 12:10 16049664 C:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-ra------ 2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 04:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-09-21 16:34 185632 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22927:TCP"= 22927:TCP:BitComet 22927 TCP
"22927:UDP"= 22927:UDP:BitComet 22927 UDP
"15212:TCP"= 15212:TCP:BitComet 15212 TCP
"15212:UDP"= 15212:UDP:BitComet 15212 UDP

S3 NUVision;Hauppauge WinTV USB Pro (PAL I);C:\WINDOWS\system32\DRIVERS\NUVision.sys [2001-08-14 16:23]
S3 PSI;PSI;C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2008-02-19 09:24]
S3 Radialpoint Security Services;Virgin Broadband PCguard;C:\WINDOWS\system32\dllhost.exe [2004-08-04 13:00]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 13:54]
S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys [2006-11-10 18:23]

.
Contents of the 'Scheduled Tasks' folder
"2008-05-08 12:00:00 C:\WINDOWS\Tasks\A9A0F55191976C35.job"
- c:\docume~1\graham\applic~1\playax~1\seekcashwindow.exe
"2008-05-02 07:34:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-08 13:03:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Virgin Broadband\PCguard\Fws.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Documents and Settings\scsiaccess.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Virgin Broadband\advisor\BroadbandadvisorComHandler.exe
C:\Program Files\Virgin Broadband\PCguard\rpsupdaterr.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-05-08 13:06:48 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-08 12:06:37

Pre-Run: 25,531,326,464 bytes free
Post-Run: 25,529,556,992 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

275 --- E O F --- 2008-04-12 14:01:22

I hope I have completed this correctly and once again thanks for your time on this.

Graham

Post Extras