heres the comofix log:
ComboFix 08-04-26.3 - steve 2008-04-29 17:42:38.4 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1309 [GMT 1:00]
Running from: C:\Users\steve\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
G:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-29 )))))))))))))))))))))))))))))))
.
2008-04-29 17:38 . 2008-04-29 17:39 238,877,230 --a------ C:\Windows\MEMORY.DMP
2008-04-29 00:41 . 2008-04-29 00:42 <DIR> d-------- C:\Users\steve\aircon faults
2008-04-27 13:29 . 2008-04-27 13:29 1,776,621 --a------ C:\Users\steve\ComboFix.exe
2008-04-27 12:39 . 2008-04-27 12:39 53,312 --a------ C:\Windows\System32\rvmsiimg.dll
2008-04-27 12:20 . 2008-04-27 12:20 <DIR> d-------- C:\Windows\System32\Kaspersky Lab
2008-04-27 12:20 . 2008-04-27 12:20 <DIR> d-------- C:\Users\All Users\Kaspersky Lab
2008-04-27 12:20 . 2008-04-27 12:20 <DIR> d-------- C:\ProgramData\Kaspersky Lab
2008-04-27 01:48 . 2008-04-27 01:48 70,578 --a------ C:\Windows\System32\hqiopa.sys
2008-04-27 01:48 . 2008-04-27 01:48 0 --a------ C:\1223042813
2008-04-27 00:34 . 2008-04-27 00:34 <DIR> d-------- C:\Users\steve\AppData\Roaming\KompoZer
2008-04-27 00:29 . 2008-04-27 00:29 <DIR> d-------- C:\Program Files\MagicISO
2008-04-27 00:16 . 2008-04-27 00:16 118,784 --a------ C:\Windows\GREUninstall.exe
2008-04-27 00:16 . 2008-04-27 00:16 8,618 --a------ C:\Windows\mozver.dat
2008-04-27 00:16 . 2008-04-27 00:16 335 --a------ C:\Windows\nsreg.dat
2008-04-26 23:27 . 2008-04-27 00:19 <DIR> d-------- C:\Program Files\EwisoftWeb
2008-04-26 20:30 . 2008-04-27 01:49 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{7ed8d1c0-13bd-11dd-aa06-001e37679f0d}.TMContainer00000000000000000002.regtrans-ms
2008-04-26 20:30 . 2008-04-29 14:10 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{7ed8d1c0-13bd-11dd-aa06-001e37679f0d}.TMContainer00000000000000000001.regtrans-ms
2008-04-26 20:30 . 2008-04-27 01:49 524,288 --ahs---- C:\Windows\ServiceProfiles\LocalService\ntuser.dat{7ed8d1c2-13bd-11dd-aa06-001e37679f0d}.TMContainer00000000000000000002.regtrans-ms
2008-04-26 20:30 . 2008-04-29 14:10 524,288 --ahs---- C:\Windows\ServiceProfiles\LocalService\ntuser.dat{7ed8d1c2-13bd-11dd-aa06-001e37679f0d}.TMContainer00000000000000000001.regtrans-ms
2008-04-26 20:30 . 2008-04-29 14:10 65,536 --ahs---- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{7ed8d1c0-13bd-11dd-aa06-001e37679f0d}.TM.blf
2008-04-26 20:30 . 2008-04-29 14:10 65,536 --ahs---- C:\Windows\ServiceProfiles\LocalService\ntuser.dat{7ed8d1c2-13bd-11dd-aa06-001e37679f0d}.TM.blf
2008-04-26 20:29 . 2008-04-26 20:29 0 --ah----- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.rctemp.LOG2
2008-04-26 20:29 . 2008-04-26 20:29 0 --ah----- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.rctemp.LOG1
2008-04-26 20:29 . 2008-04-26 20:29 0 --ah----- C:\Windows\ServiceProfiles\LocalService\ntuser.dat.rctemp.LOG2
2008-04-26 20:29 . 2008-04-26 20:29 0 --ah----- C:\Windows\ServiceProfiles\LocalService\ntuser.dat.rctemp.LOG1
2008-04-26 20:25 . 2008-04-26 20:25 216,127,484 --a------ C:\BackupRegistry(20080426)cleaner.reg
2008-04-26 19:55 . 2008-04-26 19:55 216,278,948 --a------ C:\BackupRegistry(20080426).reg
2008-04-26 19:45 . 2008-04-26 19:45 <DIR> d-------- C:\Program Files\Yamicsoft
2008-04-26 19:42 . 2008-04-26 19:42 <DIR> d-------- C:\Windows\TweakVI
2008-04-26 19:42 . 2008-04-26 19:42 0 --a------ C:\Windows\System32\tviresource.val
2008-04-26 19:08 . 2008-04-26 19:08 410,976 --a------ C:\Windows\System32\deploytk.dll
2008-04-26 17:21 . 2008-04-26 17:36 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{b63d8326-13a9-11dd-b243-001e37679f0d}.TMContainer00000000000000000002.regtrans-ms
2008-04-26 17:21 . 2008-04-26 18:12 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{b63d8326-13a9-11dd-b243-001e37679f0d}.TMContainer00000000000000000001.regtrans-ms
2008-04-26 17:21 . 2008-04-26 17:36 524,288 --ahs---- C:\Windows\ServiceProfiles\LocalService\ntuser.dat{b63d8328-13a9-11dd-b243-001e37679f0d}.TMContainer00000000000000000002.regtrans-ms
2008-04-26 17:21 . 2008-04-26 18:12 524,288 --ahs---- C:\Windows\ServiceProfiles\LocalService\ntuser.dat{b63d8328-13a9-11dd-b243-001e37679f0d}.TMContainer00000000000000000001.regtrans-ms
2008-04-26 17:21 . 2008-04-26 17:36 524,288 --ahs---- C:\Users\steve\ntuser.dat{b63d832a-13a9-11dd-b243-001e37679f0d}.TMContainer00000000000000000002.regtrans-ms
2008-04-26 17:21 . 2008-04-26 18:12 524,288 --ahs---- C:\Users\steve\ntuser.dat{b63d832a-13a9-11dd-b243-001e37679f0d}.TMContainer00000000000000000001.regtrans-ms
2008-04-26 17:21 . 2008-04-26 18:12 65,536 --ahs---- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{b63d8326-13a9-11dd-b243-001e37679f0d}.TM.blf
2008-04-26 17:21 . 2008-04-26 18:12 65,536 --ahs---- C:\Windows\ServiceProfiles\LocalService\ntuser.dat{b63d8328-13a9-11dd-b243-001e37679f0d}.TM.blf
2008-04-26 17:21 . 2008-04-26 18:12 65,536 --ahs---- C:\Users\steve\ntuser.dat{b63d832a-13a9-11dd-b243-001e37679f0d}.TM.blf
2008-04-26 17:20 . 2008-04-26 17:20 262,144 --ah----- C:\Users\steve\ntuser.dat_TU_58328.LOG1
2008-04-26 17:20 . 2008-04-26 17:20 0 --ah----- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat_TU_87191.LOG2
2008-04-26 17:20 . 2008-04-26 17:20 0 --ah----- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat_TU_87191.LOG1
2008-04-26 17:20 . 2008-04-26 17:20 0 --ah----- C:\Windows\ServiceProfiles\LocalService\ntuser.dat_TU_23579.LOG2
2008-04-26 17:20 . 2008-04-26 17:20 0 --ah----- C:\Windows\ServiceProfiles\LocalService\ntuser.dat_TU_23579.LOG1
2008-04-26 17:20 . 2008-04-26 17:20 0 --ah----- C:\Users\steve\ntuser.dat_TU_58328.LOG2
2008-04-26 16:10 . 2008-04-26 16:10 <DIR> d-------- C:\Users\steve\New Folder(547)
2008-04-26 16:10 . 2008-04-26 16:10 <DIR> d-------- C:\Users\steve\my letters
2008-04-26 14:48 . 2008-04-26 14:48 <DIR> d-------- C:\Users\steve\AppData\Roaming\TuneUp Software
2008-04-26 14:48 . 2008-04-26 14:48 <DIR> d-------- C:\Users\All Users\TuneUp Software
2008-04-26 14:48 . 2008-04-26 14:48 <DIR> d-------- C:\ProgramData\TuneUp Software
2008-04-26 14:47 . 2008-04-26 14:48 <DIR> d-------- C:\Program Files\TuneUp Utilities 2007
2008-04-26 13:51 . 2008-04-26 15:42 <DIR> d-------- C:\Users\maximum bob
2008-04-26 13:06 . 2008-04-26 13:06 <DIR> d-------- C:\Program Files\NeoSmart Technologies
2008-04-26 03:46 . 2008-04-26 15:07 <DIR> d-------- C:\Program Files\Wise Registry Cleaner 3
2008-04-26 02:09 . 2008-03-01 14:51 524,288 --ahs---- C:\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
2008-04-26 02:09 . 2008-04-26 00:39 524,288 --ahs---- C:\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
2008-04-26 02:09 . 2008-04-26 00:39 65,536 --ahs---- C:\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
2008-04-25 22:41 . 2008-04-25 22:41 24,576 --a------ C:\Windows\System32\VundoFixSVC.exe
2008-04-25 21:32 . 1999-12-21 07:58 21,312 --a------ C:\Windows\choice.exe
2008-04-25 21:17 . 2007-09-12 18:58 58,792 --a------ C:\Windows\System32\wbload.dll
2008-04-25 21:16 . 2008-04-25 21:16 3,932,214 --a------ C:\Windows\InvaderDark1280.bmp
2008-04-25 20:55 . 2008-04-25 20:55 3,932,214 --a------ C:\Windows\AW_XenoMorph1280.bmp
2008-04-25 20:54 . 2005-02-01 15:20 5,760,056 --a------ C:\Windows\Darkstar.bmp
2008-04-25 20:30 . 2008-04-27 03:59 <DIR> d-------- C:\Program Files\Common Files\Stardock
2008-04-25 20:30 . 2008-04-26 19:57 <DIR> d-------- C:\Program Files\AlienGUIse
2008-04-25 20:30 . 2007-07-11 15:06 42,672 --a------ C:\Windows\System32\wbsys.dll
2008-04-25 20:30 . 2008-04-25 20:30 56 --a------ C:\Windows\wb.ini
2008-04-25 16:35 . 2008-04-27 03:59 <DIR> d-------- C:\Users\steve\.SunDownloadManager
2008-04-25 00:30 . 2008-04-25 00:30 <DIR> d-------- C:\Program Files\Effective Studios
2008-04-24 18:42 . 2008-04-24 18:42 <DIR> d-------- C:\PerfLogs
2008-04-24 16:58 . 2008-01-19 08:33 2,623,488 --a------ C:\Windows\System32\SLsvc.exe
2008-04-24 16:58 . 2008-01-19 08:36 1,541,120 --a------ C:\Windows\System32\onex.dll
2008-04-24 16:55 . 2008-01-19 08:35 4,875,776 --a------ C:\Windows\System32\NlsData0009.dll
2008-04-24 16:54 . 2008-01-19 08:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll
2008-04-24 16:53 . 2008-01-19 08:35 3,072,000 --a------ C:\Windows\System32\networkmap.dll
2008-04-24 16:52 . 2008-01-19 08:32 5,714,432 --a------ C:\Windows\System32\logon.scr
2008-04-24 16:51 . 2008-01-19 07:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
2008-04-24 16:50 . 2008-01-19 08:33 599,552 --a------ C:\Windows\System32\vsp1cln.exe
2008-04-24 16:50 . 2008-01-05 12:31 145,455 --a------ C:\Windows\System32\perfmon.msc
2008-04-24 16:50 . 2008-01-05 12:22 144,909 --a------ C:\Windows\System32\fsmgmt.msc
2008-04-24 16:50 . 2008-01-05 12:34 15,181 --a------ C:\Windows\System32\gatherWirelessInfo.vbs
2008-04-24 16:50 . 2008-01-05 12:21 12,198 --a------ C:\Windows\System32\gatherWiredInfo.vbs
2008-04-24 16:50 . 2008-01-19 08:31 7,680 --a------ C:\Windows\System32\spwizres.dll
2008-04-24 16:50 . 2008-01-19 08:28 7,168 --a------ C:\Windows\System32\f3ahvoas.dll
2008-04-24 16:50 . 2008-01-19 06:37 2,048 --a------ C:\Windows\System32\wertargets.wtl
2008-04-24 16:50 . 2008-01-05 12:39 150 --a------ C:\Windows\System32\RacUREx.xml
2008-04-24 16:50 . 2008-01-05 12:31 3 --a------ C:\Windows\System32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf
2008-04-24 16:49 . 2008-01-19 08:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
2008-04-24 16:49 . 2008-01-19 08:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll
2008-04-24 16:49 . 2008-01-19 08:36 218,624 --a------ C:\Windows\System32\wdscore.dll
2008-04-24 16:49 . 2008-01-19 08:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
2008-04-24 16:49 . 2008-01-19 08:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
2008-04-24 16:48 . 2008-01-19 08:34 305,152 --a------ C:\Windows\System32\msdelta.dll
2008-04-24 16:48 . 2008-01-19 08:34 258,560 --a------ C:\Windows\System32\dpx.dll
2008-04-24 16:48 . 2008-01-19 08:34 246,784 --a------ C:\Windows\System32\drvstore.dll
2008-04-24 16:48 . 2006-11-02 10:45 181,760 --a------ C:\Windows\System32\fsquirt.exe
2008-04-24 16:48 . 2008-01-19 08:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
2008-04-24 16:48 . 2006-11-02 10:39 6,656 --a------ C:\Windows\System32\kbd106.dll
2008-04-23 19:07 . 2008-04-23 19:07 <DIR> d--h----- C:\Windows\Content.IE5
2008-04-23 18:54 . 2008-04-23 18:54 691 --a------ C:\Users\steve\AppData\Roaming\GetValue.vbs
2008-04-23 18:54 . 2008-04-23 18:54 35 --a------ C:\Users\steve\AppData\Roaming\SetValue.bat
2008-04-23 18:26 . 2003-06-05 21:13 53,248 --a------ C:\Windows\System32\Process.exe
2008-04-23 18:26 . 2004-07-31 18:50 51,200 --a------ C:\Windows\System32\dumphive.exe
2008-04-23 03:18 . 2008-04-27 03:59 <DIR> d-------- C:\Users\steve\AppData\Roaming\WinPatrol
2008-04-23 03:18 . 2008-04-23 03:18 <DIR> d-------- C:\Program Files\BillP Studios
2008-04-23 02:03 . 2008-03-29 18:32 50,768 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2008-04-23 02:00 . 2008-04-23 02:00 130 --a------ C:\Windows\ODBC.INI
2008-04-23 01:50 . 2008-04-23 01:50 <DIR> d-------- C:\Program Files\Alwil Software
2008-04-23 01:00 . 2007-12-10 14:53 81,288 --a------ C:\Windows\System32\drivers\iksyssec.sys
2008-04-23 01:00 . 2007-12-10 14:53 66,952 --a------ C:\Windows\System32\drivers\iksysflt.sys
2008-04-23 01:00 . 2007-12-10 14:53 41,864 --a------ C:\Windows\System32\drivers\ikfilesec.sys
2008-04-23 01:00 . 2007-12-10 14:53 29,576 --a------ C:\Windows\System32\drivers\kcom.sys
2008-04-23 00:59 . 2008-04-23 00:59 <DIR> d-------- C:\Users\steve\AppData\Roaming\PC Tools
2008-04-23 00:59 . 2008-04-27 12:41 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-04-23 00:31 . 2008-04-23 00:31 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-04-23 00:24 . 2008-04-23 00:24 <DIR> dr------- C:\Windows\System32\config\systemprofile\Documents
2008-04-22 23:35 . 2008-04-22 23:35 <DIR> d--h----- C:\Windows\PIF
2008-04-22 23:24 . 2008-04-23 02:58 <DIR> d-------- C:\Users\All Users\Avira
2008-04-22 23:24 . 2008-04-23 02:58 <DIR> d-------- C:\ProgramData\Avira
2008-04-22 23:00 . 2008-04-23 02:18 <DIR> d-------- C:\Users\steve\AppData\Roaming\SUPERAntiSpyware.com
2008-04-22 23:00 . 2008-04-22 23:00 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-04-22 23:00 . 2008-04-22 23:00 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-04-22 21:52 . 2008-04-22 21:52 <DIR> d-------- C:\Users\steve\AppData\Roaming\WildPackets
2008-04-22 21:52 . 2005-12-05 14:08 607,432 -ra------ C:\Windows\System32\cfx4032.ocx
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-28 02:09 --------- d-----w C:\Users\steve\AppData\Roaming\uTorrent
2008-04-28 00:05 88 --sh--r C:\Users\All Users\D172C11D73.sys
2008-04-28 00:05 88 --sh--r C:\ProgramData\D172C11D73.sys
2008-04-28 00:05 2,828 --sha-w C:\Users\All Users\KGyGaAvL.sys
2008-04-28 00:05 2,828 --sha-w C:\ProgramData\KGyGaAvL.sys
2008-04-27 22:51 77,371 ----a-w C:\Users\steve\AppData\Roaming\nvModes.dat
2008-04-27 12:30 --------- d---a-w C:\ProgramData\TEMP
2008-04-27 02:59 --------- d-----w C:\Users\steve\AppData\Roaming\dvdcss
2008-04-26 23:09 --------- d-----w C:\ProgramData\Microsoft Help
2008-04-26 02:05 --------- d-----w C:\Program Files\Java
2008-04-24 17:54 174 --sha-w C:\Program Files\desktop.ini
2008-04-24 17:43 --------- d-----w C:\Program Files\Windows Sidebar
2008-04-24 17:43 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-04-24 17:43 --------- d-----w C:\Program Files\Windows Mail
2008-04-24 17:43 --------- d-----w C:\Program Files\Windows Journal
2008-04-24 17:43 --------- d-----w C:\Program Files\Windows Defender
2008-04-24 17:43 --------- d-----w C:\Program Files\Windows Collaboration
2008-04-24 17:43 --------- d-----w C:\Program Files\Windows Calendar
2008-04-24 16:13 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-04-24 16:13 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-04-23 20:36 --------- d-----w C:\Program Files\ImTOO
2008-04-23 02:51 --------- d-----w C:\Program Files\CONEXANT
2008-04-22 20:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-20 16:29 --------- d-----w C:\ProgramData\Roxio
2008-03-24 19:01 --------- d-----w C:\ProgramData\DVD Shrink
2008-03-23 01:48 --------- d-----w C:\Program Files\Common Files\snpstd3
2008-03-23 01:45 --------- d-----w C:\Program Files\Mingjong
2008-03-23 01:44 --------- d-----w C:\Program Files\camtool
2008-03-22 04:08 --------- d-----w C:\Users\steve\AppData\Roaming\muvee Technologies
2008-03-22 04:08 --------- d-----w C:\ProgramData\muvee Technologies
2008-03-22 03:57 --------- d-----w C:\Users\steve\AppData\Roaming\ESTsoft
2008-03-22 03:57 --------- d-----w C:\Program Files\ESTsoft
2008-03-22 03:55 --------- d-----w C:\Users\steve\AppData\Roaming\PeerNetworking
2008-03-22 03:38 --------- d-----w C:\Users\steve\AppData\Roaming\gtk-2.0
2008-03-22 03:31 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-03-22 01:59 --------- d-----w C:\Program Files\WinAVIVideoConverter
2008-03-21 23:19 --------- d-----w C:\Program Files\SlySoft
2008-03-21 23:16 --------- d-----w C:\Users\steve\AppData\Roaming\SlySoft
2008-03-21 23:15 --------- d-----w C:\ProgramData\SlySoft
2008-03-21 22:54 --------- d-----w C:\ProgramData\Sonic
2008-03-21 22:23 --------- d-----w C:\Program Files\DVD Decrypter
2008-03-21 22:22 --------- d-----w C:\Program Files\DVD Shrink
2008-03-21 22:14 --------- d-----w C:\Program Files\uTorrent
2008-03-20 23:59 --------- d-----w C:\Users\steve\AppData\Roaming\Roxio
2008-03-14 23:06 --------- d-----w C:\ProgramData\Symantec
2008-03-14 20:28 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-14 20:22 --------- d-----w C:\ProgramData\Napster
2008-03-09 20:29 --------- d-----w C:\Program Files\Lionhead Studios
2008-03-09 16:56 43,520 ----a-w C:\Windows\System32\CmdLineExt03.dll
2008-03-09 16:56 --------- d-----w C:\Users\steve\AppData\Roaming\Atari
2008-03-09 16:55 --------- d-----w C:\Users\steve\AppData\Roaming\Leadertech
2008-03-09 16:48 --------- d-----w C:\Program Files\Atari
2008-03-09 01:48 --------- d-----w C:\Program Files\AviSynth 2.5
2008-03-09 01:47 --------- d-----w C:\Program Files\eRightSoft
2008-03-08 17:09 0 ----a-w C:\Users\steve\AppData\Roaming\wklnhst.dat
2008-03-08 10:22 --------- d-----w C:\Users\steve\AppData\Roaming\vlc
2008-03-08 10:21 --------- d-----w C:\Program Files\VideoLAN
2008-03-05 23:07 --------- d-----w C:\Program Files\Infogrames
2008-03-05 14:56 --------- d-----w C:\ProgramData\InstallShield
2008-03-05 14:47 --------- d-----w C:\Program Files\The Creative Assembly
2008-03-05 14:47 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-04 01:34 2,125,312 ----a-w C:\Windows\System32\CnxtAp32.dll
2008-03-04 01:32 188,416 ----a-w C:\Windows\system32\drivers\CHDRT32.sys
2008-03-03 01:49 --------- d-----w C:\Users\steve\AppData\Roaming\Corel
2008-03-03 01:35 --------- d-----w C:\ProgramData\Corel
2008-03-03 01:35 --------- d-----w C:\Program Files\Common Files\Protexis
2008-03-03 01:33 --------- d-----w C:\Program Files\Common Files\Corel
2008-03-03 01:32 --------- d-----w C:\Program Files\Corel
2008-03-01 08:03 --------- d-----w C:\ProgramData\CyberLink
2008-03-01 07:47 --------- d-----w C:\Users\steve\AppData\Roaming\HP
2008-03-01 07:47 --------- d-----w C:\Users\steve\AppData\Roaming\CyberLink
2008-03-01 07:47 --------- d-----w C:\ProgramData\HP
2008-03-01 07:16 --------- d-----w C:\Program Files\WIDCOMM
2008-03-01 07:14 0 --sha-r C:\Windows\system32\drivers\103C_HP_cNB_Pavilion dv2500 Notebook PC_Y5335KV_0U_Q2CE7473H0K_E454482-031_4A_I30CE_SWistron_V80.39_F.13_T070810_WV3-0_L409_M2046_J160_7Intel_86FD_91.50_#080301_N11AB4353;80864222_(GT887EA#ABU)_XMO
BILE_CN10_Z.MRK
2008-03-01 07:10 --------- d-----w C:\Users\steve\AppData\Roaming\Hewlett-Packard
2008-03-01 07:01 --------- d-sh--w C:\ProgramData\Templates
2008-03-01 07:01 --------- d-sh--w C:\ProgramData\Start Menu
2008-03-01 07:01 --------- d-sh--w C:\ProgramData\Favorites
2008-03-01 07:01 --------- d-sh--w C:\ProgramData\Documents
2008-03-01 07:01 --------- d-sh--w C:\ProgramData\Desktop
2008-03-01 07:01 --------- d-sh--w C:\ProgramData\Application Data
2008-02-29 07:14 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 07:11 988,216 ----a-w C:\Windows\System32\winload.exe
2008-02-29 07:11 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-02-29 06:53 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-02-29 06:53 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:53 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 04:12 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 04:12 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-22 05:05 615,992 ----a-w C:\Windows\System32\ci.dll
2005-05-13 17:12 217,073 --sha-r C:\Windows\meta4.exe
2005-10-24 11:13 66,560 --sha-r C:\Windows\MOTA113.exe
2005-10-13 21:27 422,400 --sha-r C:\Windows\x2.64.exe
2005-10-07 19:14 308,224 --sha-r C:\Windows\System32\avisynth.dll
2005-07-14 12:31 27,648 --sha-r C:\Windows\System32\AVSredirect.dll
2005-06-26 15:32 616,448 --sha-r C:\Windows\System32\cygwin1.dll
2005-06-21 22:37 45,568 --sha-r C:\Windows\System32\cygz.dll
2004-01-25 00:00 70,656 --sha-r C:\Windows\System32\i420vfw.dll
2006-04-27 10:24 2,945,024 --sha-r C:\Windows\System32\Smab.dll
2005-02-28 13:16 240,128 --sha-r C:\Windows\System32\x.264.exe
2004-01-25 00:00 70,656 --sha-r C:\Windows\System32\yv12vfw.dll
.
((((((((((((((((((((((((((((( snapshot@2008-04-27_13.39.31.94 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-27 12:35:02 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-04-29 16:38:57 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-04-26 19:29:44 1,660 ----a-w C:\Windows\bthservsdp.dat
+ 2008-04-29 13:10:35 1,660 ----a-w C:\Windows\bthservsdp.dat
+ 2008-04-29 16:38:58 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-04-29 16:38:58 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-04-27 11:30:01 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat
+ 2008-04-29 16:40:41 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat
- 2008-04-27 12:35:16 212,992 ----a-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-04-29 16:43:02 212,992 ----a-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
- 2008-04-27 11:34:24 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat
+ 2008-04-29 16:41:37 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat
- 2008-04-27 12:35:16 241,664 ----a-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-04-29 16:42:46 241,664 ----a-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
- 2008-04-27 12:26:55 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-04-29 16:40:27 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-04-27 12:26:55 65,536 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-29 16:40:27 65,536 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-04-27 12:26:55 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-04-29 16:40:27 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-04-27 12:33:36 112,240 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-04-29 15:56:20 113,434 ----a-w C:\Windows\System32\perfc009.dat
- 2008-04-27 12:33:36 611,194 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-04-29 15:56:20 612,790 ----a-w C:\Windows\System32\perfh009.dat
- 2008-04-27 03:16:28 9,288 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2004156354-2581284973-3441749290-1000_UserData.bin
+ 2008-04-29 16:43:19 9,360 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2004156354-2581284973-3441749290-1000_UserData.bin
- 2008-04-27 03:16:28 76,580 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-04-29 16:43:19 77,112 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-04-26 18:23:47 47,302 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-04-29 15:54:48 48,324 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-04-26 17:16:13 128,086 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2008-04-27 21:15:10 153,140 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
2008-04-26 19:08 34816 --a------ C:\Program Files\Java\jre6\bin\jp2ssv.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 08:33 125952]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 16:30 249856]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 08:33 1233920]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 08:33 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-03-11 12:21 159744]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 15:37 174872]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-04-24 02:11 176128]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 19:54 50696]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 07:11 49152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-04-26 19:10 148888]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 18:37 79224]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2008-01-27 06:38 316728]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-04-29 11:05 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-04-29 11:05 8429568]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-04-29 11:05 81920]
C:\Users\steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [10/27/2006 4:24:54 AM 98632]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\Program Files\AlienGUIse\wbsrv.dll 2007-09-24 15:57 197912 C:\Program Files\AlienGUIse\WbSrv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i420"= i420vfw.dll
"vidc.yv12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2004156354-2581284973-3441749290-1000]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{EC1B7C31-3CE6-47F7-A9B5-C0D88EB6F23B}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{EAEFFE36-501B-4052-A1CE-96AC429CC8F9}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0BBF0860-3612-4832-A4D2-37805D440466}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{B1DB76DF-1C2A-47BF-85F4-1062F23B5B8E}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{8E864A6C-D82B-498D-87B5-E0388E36825B}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{BE2C8919-321F-4BCA-91C5-66E4F13DE616}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{81043D8E-BF59-40E5-95AA-7D4C19CEFB95}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"{F666193A-7CA1-4BB4-A720-081732B56D39}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{4291D339-3FD8-441A-84B6-D43DCB82466C}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"TCP Query User{5960AC78-1ED4-4428-9063-0BFEDB8FBBE7}C:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 7.0.1.321\\english\\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.321\english\setup.exe:Kaspersky Anti-Virus 7.0 Setup
"UDP Query User{659007F2-F48D-427C-B269-C0765EEBF251}C:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 7.0.1.321\\english\\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.321\english\setup.exe:Kaspersky Anti-Virus 7.0 Setup
"TCP Query User{A0AAE278-ECEA-445F-B0F6-7C1BA58B082E}C:\\program files\\cain\\cain.exe"= UDP:C:\program files\cain\cain.exe:Cain - Password Recovery Utility
"UDP Query User{74F09369-3D4D-4EBF-9991-01E96993FCE3}C:\\program files\\cain\\cain.exe"= TCP:C:\program files\cain\cain.exe:Cain - Password Recovery Utility
"TCP Query User{1DE7BEDD-9E12-49BF-8951-EF6B54168ADB}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{357A7919-64AF-48B3-A806-CC9CC574F1DF}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 18:31]
R1 hqiopa;hqiopa;C:\Windows\system32\hqiopa.sys [2008-04-27 01:48]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 18:35]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 18:32]
R2 JavaQuickStarterService;Java Quick Starter;"C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" []
R2 PSI_SVC_2;Protexis Licensing V2;"c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe" [2007-07-24 12:15]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 06:27]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service;C:\Windows\system32\drivers\CHDRT32.sys [2008-03-04 02:32]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 09:51]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 08:30]
S3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2007-01-02 11:45]
S3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-01-02 11:45]
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-01-02 11:45]
S3 mod7700;DiBcom DIB7700 based TV tuner device;C:\Windows\system32\Drivers\dvb7700all.sys [2007-04-17 11:09]
S3 NPF;NetGroup Packet Filter Driver;C:\Windows\system32\drivers\npf.sys [2007-06-21 21:55]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-04-29 17:45:27
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-04-29 17:46:43
ComboFix-quarantined-files.txt 2008-04-29 16:46:38
ComboFix2.txt 2008-04-27 15:11:40
ComboFix3.txt 2008-04-27 12:41:06
ComboFix4.txt 2008-04-25 23:46:04
Pre-Run: 80,787,415,040 bytes free
Post-Run: 80,746,160,128 bytes free
380 --- E O F --- 2008-04-24 16:16:14
be back in a min just gonna run mbam