You will need to download ComboFix.exe. Download Combofix from any of the links below. You must rename it before saving it. Name it ComFx, and Save it to your desktop.


http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe


* IMPORTANT !!! Save ComboFix.exe to your Desktop
It is important that it is saved and renamed following this process directly to your desktop**


Disable your AntiVirus and AntiSpyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with our tools. More help on your specific AV here: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Double click on ComFx.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes to continue scanning for malware.
When finished, it shall produce a log for you. Please include the ComboFix.txt in your reply.

Caution.....
Never use this program to remove files.Only use it with help from an experienced user.Wrongful use can damage your computer.

Attached: ComboFix.txt (Originally named log.txt but renamed to ComboFix.txt)

ComboFix 09-11-05.05 - ****** 07/11/2009 9:14.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.65.1033.18.3062.1894 [GMT 8:00]
Running from: c:\users\******\Desktop\ComFx.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Norton Internet Security *disabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-4106996838-825450678-1481988376-1000
c:\$recycle.bin\S-1-5-21-4106996838-825450678-1481988376-500
c:\$recycle.bin\S-1-5-21-690173381-2085086516-3594547541-1004
c:\$recycle.bin\S-1-5-21-690173381-2085086516-3594547541-1005
c:\$recycle.bin\S-1-5-21-690173381-2085086516-3594547541-1007
c:\$recycle.bin\S-1-5-21-690173381-2085086516-3594547541-500
.
((((((((((((((((((((((((( Files Created from 2009-10-07 to 2009-11-07 )))))))))))))))))))))))))))))))
.
2009-11-07 01:23 . 2009-11-07 01:23 -------- d-----w- c:\users\******\AppData\Local\temp
2009-11-07 01:23 . 2009-11-07 01:23 -------- d-----w- c:\users\Wai Mey\AppData\Local\temp
2009-11-07 01:23 . 2009-11-07 01:23 -------- d-----w- c:\users\Wai Mey.******-PC\AppData\Local\temp
2009-11-07 01:23 . 2009-11-07 01:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-07 00:14 . 2009-10-16 03:30 84912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009110 6.003\NAVENG.SYS
2009-11-07 00:14 . 2009-10-16 03:30 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009110 6.003\NAVENG32.DLL
2009-11-07 00:14 . 2009-10-16 03:30 1647984 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009110 6.003\NAVEX32A.DLL
2009-11-07 00:14 . 2009-10-16 03:30 1323568 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009110 6.003\NAVEX15.SYS
2009-11-07 00:14 . 2009-10-16 03:30 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009110 6.003\EECTRL.SYS
2009-11-07 00:14 . 2009-10-16 03:30 2747952 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009110 6.003\CCERASER.DLL
2009-11-07 00:14 . 2009-10-16 03:30 259440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009110 6.003\ECMSVR32.DLL
2009-11-07 00:14 . 2009-10-16 03:30 102448 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009110 6.003\ERASER.SYS
2009-11-07 00:14 . 2009-10-28 22:37 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091105. 001\IDSvix86.sys
2009-11-07 00:14 . 2009-10-28 22:37 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091105. 001\IDSXpx86.sys
2009-11-07 00:14 . 2009-10-28 22:37 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091105. 001\Scxpx86.dll
2009-11-07 00:14 . 2009-10-28 22:37 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091105. 001\IDSxpx86.dll
2009-11-07 00:14 . 2009-10-28 22:37 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091105. 001\IDSviA64.sys
2009-10-31 14:31 . 2009-10-31 14:31 -------- d-----w- c:\programdata\DAEMON Tools Lite
2009-10-31 14:31 . 2009-10-31 14:31 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-10-31 14:15 . 2009-10-31 14:33 -------- d-----w- c:\users\******\AppData\Roaming\DAEMON Tools Lite
2009-10-28 22:37 . 2009-10-28 22:37 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\ID Svix86.sys
2009-10-28 22:37 . 2009-10-28 22:37 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091102. 002\IDSvix86.sys
2009-10-28 22:37 . 2009-10-28 22:37 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\ID SXpx86.sys
2009-10-28 22:37 . 2009-10-28 22:37 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091102. 002\IDSXpx86.sys
2009-10-28 22:37 . 2009-10-28 22:37 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Sc xpx86.dll
2009-10-28 22:37 . 2009-10-28 22:37 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091102. 002\Scxpx86.dll
2009-10-28 22:37 . 2009-10-28 22:37 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\ID Sxpx86.dll
2009-10-28 22:37 . 2009-10-28 22:37 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091102. 002\IDSxpx86.dll
2009-10-28 22:37 . 2009-10-28 22:37 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\ID SviA64.sys
2009-10-28 22:37 . 2009-10-28 22:37 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091102. 002\IDSviA64.sys
2009-10-28 00:26 . 2009-09-10 15:29 311296 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-28 00:26 . 2009-09-10 17:40 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-10-28 00:26 . 2009-09-10 17:39 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-10-28 00:26 . 2009-09-10 15:29 8147968 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-27 05:24 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-27 05:24 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-27 05:24 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-27 05:24 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-20 06:18 . 2009-10-20 06:18 -------- d-----w- c:\users\Wai Mey.******-PC\AppData\Local\Google
2009-10-20 06:18 . 2009-10-20 06:18 -------- d-----w- c:\users\Wai Mey.******-PC\AppData\Local\Winamp Toolbar
2009-10-20 05:59 . 2009-10-20 06:00 114360 ----a-w- c:\users\Wai Mey.******-PC\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-20 05:59 . 2009-10-20 06:00 -------- d-----w- c:\users\Wai Mey.******-PC\AppData\Local\PowerCinema
2009-10-16 19:04 . 2009-10-16 19:04 8192 d-----w- c:\windows\SQL9_KB970892_ENU
2009-10-16 09:46 . 2009-08-27 13:57 56320 ----a-w- c:\windows\system32\iesetup.dll
2009-10-16 09:46 . 2009-08-27 11:24 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-10-14 05:01 . 2009-09-10 17:38 216576 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-14 04:59 . 2009-08-05 14:28 3467864 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-14 04:59 . 2009-08-05 14:28 3502152 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-14 04:57 . 2009-08-31 15:16 428032 ----a-w- c:\windows\system32\EncDec.dll
2009-10-14 04:57 . 2009-08-31 15:21 292352 ----a-w- c:\windows\system32\psisdecd.dll
2009-10-14 04:57 . 2009-08-31 15:17 1244672 ----a-w- c:\windows\system32\mcmde.dll
2009-10-14 04:57 . 2009-09-04 12:38 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-10-14 04:57 . 2009-09-14 09:50 130048 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-14 04:57 . 2009-04-02 11:50 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-11-07 01:12 . 2009-03-22 13:10 4096 d-----w- c:\users\******\AppData\Roaming\Free Download Manager
2009-11-07 01:09 . 2008-12-02 07:30 -------- d-----w- c:\users\******\AppData\Roaming\gtk-2.0
2009-11-07 00:49 . 2008-07-24 14:02 49152 d-----w- c:\users\******\AppData\Roaming\uTorrent
2009-11-07 00:46 . 2008-03-02 07:55 12 ----a-w- c:\windows\bthservsdp.dat
2009-11-06 12:14 . 2008-05-18 05:07 5972 ----a-w- c:\users\******\AppData\Local\d3d9caps.dat
2009-10-31 14:33 . 2008-10-16 14:05 -------- d-----w- c:\users\******\AppData\Roaming\DAEMON Tools
2009-10-31 14:15 . 2008-10-16 14:06 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-10-16 23:14 . 2008-05-04 13:41 4096 d-----w- c:\program files\Ahead
2009-10-16 19:09 . 2008-03-02 08:16 12288 d-----w- c:\programdata\Microsoft Help
2009-10-16 19:04 . 2008-03-02 08:31 -------- d-----w- c:\program files\Microsoft SQL Server
2009-10-15 19:10 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-10-12 10:51 . 2008-03-02 07:54 12288 d--h--w- c:\program files\InstallShield Installation Information
2009-09-30 07:36 . 2008-12-12 12:40 4096 d-----w- c:\users\Wai Mey\AppData\Roaming\Free Download Manager
2009-09-24 04:27 . 2008-04-03 00:13 5972 ----a-w- c:\users\Wai Mey\AppData\Local\d3d9caps.dat
2009-09-10 16:12 . 2008-07-04 06:18 4096 d-----w- c:\program files\Microsoft Silverlight
2009-08-29 03:41 . 2009-09-03 05:50 1686528 ----a-w- c:\windows\system32\gameux.dll
2009-08-29 03:40 . 2009-09-03 05:50 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 23:31 . 2009-09-03 05:50 4247552 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-27 14:02 . 2009-10-16 09:45 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 13:57 . 2009-10-16 09:45 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-27 13:56 . 2009-10-16 09:45 72704 ----a-w- c:\windows\system32\admparse.dll
2009-08-27 09:51 . 2009-10-16 09:45 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-08-26 13:07 . 2009-08-26 13:07 471664 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbC5D0.tmp.exe
2009-08-21 14:12 . 2009-04-11 11:38 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-08-18 19:11 . 2009-08-22 02:02 25648 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2009-08-17 15:33 . 2009-08-17 15:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-14 17:16 . 2009-09-09 12:31 213592 ----a-w- c:\windows\system32\drivers\netio.sys
2009-08-14 16:42 . 2009-09-09 12:31 167424 ----a-w- c:\windows\system32\tcpipcfg.dll
2009-08-14 16:40 . 2009-09-09 12:31 103936 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-14 16:40 . 2009-09-09 12:31 15360 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 14:25 . 2009-09-09 12:31 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 14:25 . 2009-09-09 12:31 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 14:25 . 2009-09-09 12:31 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 14:25 . 2009-09-09 12:31 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 14:25 . 2009-09-09 12:31 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 14:25 . 2009-09-09 12:31 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 14:25 . 2009-09-09 12:31 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 14:24 . 2009-09-09 12:31 813568 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 14:23 . 2009-09-09 12:31 22016 ----a-w- c:\windows\system32\netiougc.exe
2008-09-21 06:37 . 2008-09-21 06:37 0 ----a-w- c:\program files\codecpack.v.1.0.2021.exe
2008-09-21 06:36 . 2008-09-21 06:36 0 ----a-w- c:\program files\codecpack.v.1.0.202.exe
2008-03-02 11:23 . 2008-03-02 11:19 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-03-09 1232896]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2009-02-10 39408]
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-02-09 270128]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"Free Download Manager"="d:\program files\Free Download Manager\fdm.exe" [2008-05-20 2474031]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2006-11-02 2159104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-05-23 1006264]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2006-12-29 569344]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]
"EzButton"="c:\progra~1\EzButton\EzButton.EXE" [2007-04-14 502544]
"EnergyUtility"="c:\program files\Lenovo\EnergyCut\utilty.exe" [2007-04-28 1581056]
"EnergyCut"="c:\program files\Lenovo\EnergyCut\EnergyCut.exe" [2007-03-10 1167360]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-21 159744]
"LenovoTheme"="c:\program files\Lenovo\LenovoThemeFactory\LenovoThemeVista.e xe" [2007-04-25 424960]
"PCMService"="c:\program files\Lenovo\ShuttleCenter\PCMService.exe" [2007-05-25 417792]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]
"Persistence"="c:\windows\system32\igfxpers.ex e" [2008-01-02 133656]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-21 144784]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.e xe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-11 34672]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-07-09 36352]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-10-12 413696]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-12-05 4710400]
c:\users\******\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Startup\
MagicDisc.lnk - d:\program files\MagicDisc\MagicDisc.exe [2009-6-17 576000]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-5-4 113664]
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2007-3-30 719664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager]
SetupExecute REG_MULTI_SZ \0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\rootrepeal.sys]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\NIS\1007020 .00B\SymEFA.sys [9/9/2009 8:21 PM 310320]
R0 Wdkbdmou;Lenovo RMCT KbdMou Service;c:\windows\System32\drivers\Wdkbdmou.sys [6/2/2007 3:00 AM 5120]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\NIS\1007020.00B \BHDrvx86.sys [9/9/2009 8:21 PM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\NIS\1007020.0 0B\cchpx86.sys [9/9/2009 8:20 PM 482432]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091105. 001\IDSvix86.sys [7/11/2009 8:14 AM 343088]
R2 AnyComm.DirectRouter;AnyComm.DirectRouter;c:\windo ws\System32\IgrsSvcs.exe -k IgrsSvcs --> c:\windows\System32\IgrsSvcs.exe -k IgrsSvcs [?]
R2 IGRS;IGRS;c:\program files\Lenovo\AnyComm\common\IGRS.exe [13/4/2007 12:29 AM 31744]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe [9/9/2009 8:20 PM 117640]
R2 SheSvc;AnyComm Software Update;c:\windows\System32\IgrsSvcs.exe -k IgrsSvcs --> c:\windows\System32\IgrsSvcs.exe -k IgrsSvcs [?]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\System32\drivers\AcpiVpc.sys [2/3/2008 4:11 PM 11776]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [9/2/2007 4:03 AM 179712]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [26/8/2009 11:57 AM 102448]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\NIS\1007020.00B \symndisv.sys [9/9/2009 8:21 PM 48688]
R3 wdmirror;wdmirror;c:\windows\System32\drivers\WDMi rror.sys [3/2/2007 3:14 AM 5120]
S3 IncSvc;AnyComm Network Monitor and Configuration;c:\windows\System32\IgrsSvcs.exe -k IgrsSvcs --> c:\windows\System32\IgrsSvcs.exe -k IgrsSvcs [?]
S3 Mkd2kfNt;Mkd2kfNt;c:\windows\System32\drivers\Mkd2 kfNT.sys [18/6/2009 7:02 PM 131072]
S3 Mkd2Nadr;Mkd2Nadr;c:\windows\System32\drivers\Mkd2 Nadr.sys [18/6/2009 7:02 PM 79104]
S3 PS_MDP;AnyComm Presentation Space Helper Service;c:\windows\System32\IgrsSvcs.exe -k IgrsSvcs --> c:\windows\System32\IgrsSvcs.exe -k IgrsSvcs [?]
S3 SHE.WEB;AnyComm Software Update Mini Web Server;c:\windows\System32\IgrsSvcs.exe -k IgrsSvcs --> c:\windows\System32\IgrsSvcs.exe -k IgrsSvcs [?]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - MBR
*Deregistered* - mbr
*Deregistered* - PROCEXP113
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
IgrsSvcs REG_MULTI_SZ AnyComm.DirectRouter SHE.WEB SheSvc IncSvc PS_MDP
<NO NAME> REG_SZ
.
Contents of the 'Scheduled Tasks' folder
2009-11-07 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 20:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.lenovo.com
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Download all with Free Download Manager - file://d:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://d:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://d:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://d:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
.
.
------- File Associations -------
.
regedit=regedit.exe "%1"
.
- - - - ORPHANS REMOVED - - - -
BHO-{344410C8-D36E-30BC-9C9E-CB115CFEF2F8} - c:\windows\system32\xwr69330.dll
HKCU-Run-fsm - (no file)
HKLM-Run-Unattend0000000001{CE1C30CE-8390-4E54-A1C0-A091EBC35790} - c:\windows\test.bat
HKLM-Run-VeriFacePassManager - c:\program files\Lenovo\VeriFace\PManage.exe
HKLM-Run-ALUAlert - c:\program files\Symantec\LiveUpdate\ALuNotify.exe
HKLM-Run-Microsoft WinUpdate - c:\windows\system32\msupdte.exe
HKLM-Run-<NO NAME> - (no file)
AddRemove-AudibleManager - c:\program files\Audible\Bin\Upgrade.exe
AddRemove-Business Contact Manager - c:\program files\Microsoft Small Business\Business Contact Manager\SetupBootstrap\Setup.exe
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
AddRemove-Little Fighter 2 - c:\program files\LittleFighter2\LF2_v1.9c\uninst.exe
AddRemove-Matroska Pack - c:\program files\Matroska Pack\uninstall.exe
AddRemove-Winamp Toolbar for Firefox - c:\users\******\AppData\Roaming\Mozilla\Firefox\Pr ofiles\sgrnyxd8.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\uninstall.exe
AddRemove-{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD} - c:\program files\Apoint2K\Uninstap.exe

************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-07 09:23
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll sfsync02.sys >>UNKNOWN [0x85B231F8]<<
kernel: MBR read successfully
user & kernel MBR OK
************************************************** ************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N orton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\diMaster.dll\" /prefetch:1"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\G arenaPEngine]
"ImagePath"="\??\c:\users\******\AppData\Local\Tem p\CAQE658.tmp"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\m siserver]
"ImagePath"="%systemroot%\system32\msiexec /V"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-690173381-2085086516-3594547541-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ***\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ***\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ***\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ***\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2960)
c:\windows\system32\btmmhook.dll
.
Completion time: 2009-11-07 9:26
ComboFix-quarantined-files.txt 2009-11-07 01:26
Pre-Run: 1,181,655,040 bytes free
Post-Run: 2,934,829,056 bytes free
- - End Of File - - 239886614304C6C38A3852FC568D9B7C

That looks fine.I see no more malware.

Okay, thanks for analysing all of that anyway. I guess I got paranoid and lost my trust in my Norton Internet Security. Or maybe it got resolved after a while or something. It was originally an internet connection problem, not a malware problem. But my internet is working fine now so well, I guess this is resolved. Thanks for the trouble really.

Ok.Good.