Alright, I dragged it onto ComboFix and clicked yes on the update ComboFix thing, it rebooted my computer and posted the log after. And it's doing that thing where I can have to click run as administrator on everything.
Here's the ComboFix log.
ComboFix 10-04-29.01 - Tony 29/04/2010 15:06:32.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.3006.1821 [GMT -4:00]
Running from: c:\users\Tony\Desktop\ComboFix.exe
Command switches used :: c:\users\Tony\Desktop\CFScript.txt
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FILE ::
"c:\windows\System32\SetIEInstalledDate.exe"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\%appdata%
c:\windows\System32\SetIEInstalledDate.exe
.
((((((((((((((((((((((((( Files Created from 2010-03-28 to 2010-04-29 )))))))))))))))))))))))))))))))
.
2010-04-29 19:12 . 2010-04-29 19:15 -------- d-----w- c:\users\Tony\AppData\Local\temp
2010-04-29 19:12 . 2010-04-29 19:12 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-04-29 19:12 . 2010-04-29 19:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-29 19:04 . 2010-04-29 19:05 -------- d-----w- C:\32788R22FWJFW
2010-04-21 06:01 . 2010-04-21 06:01 -------- d-----w- c:\windows\system32\Adobe
2010-04-20 10:12 . 2010-04-20 10:12 -------- d-----w- c:\program files\Common Files\Java
2010-04-20 10:11 . 2010-04-20 10:11 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-20 10:11 . 2010-04-20 10:11 -------- d-----w- c:\program files\Java
2010-04-19 03:03 . 2010-04-19 03:03 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-04-18 17:56 . 2010-04-18 17:56 -------- d-----w- c:\programdata\LightScribe
2010-04-15 19:00 . 2010-04-15 19:00 -------- d-----w- c:\programdata\Alwil Software
2010-04-15 19:00 . 2010-04-15 19:00 -------- d-----w- c:\program files\Alwil Software
2010-04-15 02:17 . 2010-02-23 11:10 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-15 02:17 . 2010-02-23 11:10 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-15 02:17 . 2010-02-23 11:10 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-15 02:17 . 2010-02-18 14:07 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-15 02:17 . 2010-02-18 14:07 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-15 02:17 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-04-15 02:16 . 2010-02-18 14:07 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-15 02:16 . 2010-02-18 13:30 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-15 02:16 . 2010-02-18 11:28 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-14 02:56 . 2010-04-14 02:56 -------- d-----w- c:\program files\Trend Micro
2010-04-14 02:54 . 2010-04-14 02:54 -------- d-----w- c:\program files\ERUNT
2010-04-14 00:40 . 2009-12-23 11:33 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-14 00:18 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll
2010-04-04 15:13 . 2010-04-04 15:14 -------- d-----w- c:\program files\CCleaner
2010-04-03 18:03 . 2010-04-03 18:03 -------- d-----w- C:\ILLUSION
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-29 19:01 . 2010-01-25 21:25 -------- d-----w- c:\users\Tony\AppData\Roaming\Skype
2010-04-29 18:54 . 2010-01-25 21:33 -------- d-----w- c:\users\Tony\AppData\Roaming\skypePM
2010-04-23 21:52 . 2010-03-08 19:57 -------- d-----w- c:\users\Tony\AppData\Roaming\gtk-2.0
2010-04-18 18:34 . 2008-07-01 09:33 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-04-18 18:32 . 2008-07-01 09:33 -------- d-----w- c:\programdata\Symantec
2010-04-16 03:19 . 2009-11-27 03:04 492 ----a-w- c:\users\Tony\AppData\Roaming\wklnhst.dat
2010-04-15 07:21 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-04-15 07:06 . 2008-07-01 10:35 -------- d-----w- c:\programdata\Microsoft Help
2010-04-13 21:38 . 2010-02-06 16:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-13 21:36 . 2010-04-13 21:36 5918776 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-13 20:47 . 2009-12-02 01:20 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-04-11 22:13 . 2009-11-27 03:04 -------- d-----w- c:\users\Tony\AppData\Roaming\Template
2010-04-04 19:38 . 2009-11-17 17:56 77136 ----a-w- c:\users\Tony\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-04 14:51 . 2009-11-23 20:49 27240 ----a-w- c:\users\Tony\AppData\Roaming\nvModes.dat
2010-04-03 18:03 . 2008-07-01 09:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-31 18:37 . 2009-11-25 00:48 7268 ----a-w- c:\users\Tony\AppData\Local\d3d9caps.dat
2010-03-30 04:46 . 2010-02-06 16:59 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 04:45 . 2010-02-06 16:59 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-26 01:23 . 2010-03-26 01:23 -------- d-----w- c:\program files\Common Files\Skype
2010-03-11 03:18 . 2009-12-23 21:25 77136 ----a-w- c:\users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-08 22:43 . 2010-04-08 20:15 180224 ----a-w- c:\users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\t5nb8j6g.default\extensions\{077a24e9-0db5-435f-9010-5261c53e5925}\plugins\npmabiwebframe.dll
2010-03-08 19:45 . 2010-03-08 19:44 -------- d-----w- c:\program files\GIMP-2.0
2010-03-08 11:23 . 2010-03-03 22:41 69 ----a-w- c:\users\Tony\jagex_runescape_preferences2.dat
2010-03-08 11:23 . 2010-03-03 22:40 41 ----a-w- c:\users\Tony\jagex_runescape_preferences.dat
2010-02-24 14:16 . 2009-11-23 21:33 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 06:39 . 2010-03-31 00:09 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-03-31 00:09 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33 . 2010-03-31 00:09 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55 . 2010-03-31 00:09 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-22 21:05 . 2010-02-22 21:05 98304 ----a-w- c:\programdata\NexonUS\NGM\npNxGameUS.dll
2010-02-22 21:05 . 2010-02-22 21:05 765952 ----a-w- c:\programdata\NexonUS\NGM\NGMDll.dll
2010-02-22 21:05 . 2010-02-22 21:05 401408 ----a-w- c:\programdata\NexonUS\NGM\NGMResource.dll
2010-02-22 21:05 . 2010-02-22 21:05 258352 ----a-w- c:\programdata\NexonUS\NGM\unicows.dll
2010-02-22 21:05 . 2010-02-22 21:05 126976 ----a-w- c:\programdata\NexonUS\NGM\nxgameus.dll
2010-02-22 21:05 . 2010-02-22 21:05 172032 ----a-w- c:\programdata\NexonUS\NGM\NGM.exe
2010-02-20 23:06 . 2010-03-11 22:31 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05 . 2010-03-11 22:31 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 20:53 . 2010-03-11 22:31 411648 ----a-w- c:\windows\system32\drivers\http.sys
2008-07-01 08:13 . 2008-07-01 08:13 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-01 1783136]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-11-20 2590456]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-02-22 2937528]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-04-21 26192680]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-10-09 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-09 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-09 81920]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-08 159744]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-20 468264]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 218408]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
c:\users\Tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):c6,a1,e5,d7,6b,77,ca,01
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-12-01 34384]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 22:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Pavilion&pf=laptop
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\t5nb8j6g.default\
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\t5nb8j6g.default\extensions\{077a24e9-0db5-435f-9010-5261c53e5925}\plugins\npmabiwebframe.dll
FF - plugin: c:\users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\t5nb8j6g.default\extensions\justintvpublisher@justin.tv\platform\WINNT_x86-msvc\plugins\npjustintvpublish.dll
FF - plugin: c:\windows\system32\C2MP\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2010-04-29 15:15
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(6056)
c:\program files\HmelyoffLabs\VHScrCap\VHScrCap.ax
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\windows\system32\conime.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\ERUNT\ERUNT.EXE
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Apoint2K\ApMsgFwd.exe
c:\program files\Apoint2K\Apntex.exe
c:\program files\HmelyoffLabs\VHToolkit\VHMultiCam.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\System32\rundll32.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2010-04-29 15:23:25 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-29 19:23
ComboFix2.txt 2010-04-19 21:49
ComboFix3.txt 2010-04-18 19:13
Pre-Run: 136,631,246,848 bytes free
Post-Run: 136,626,171,904 bytes free
- - End Of File - - 05BE230A59244FD6D138C855877CD083