Hello jp_fal and welcome to the PCHF

Our security team will be with you as soon as possible.....thanks for your patience

I see the culprits.....

Please download Malwarebytes' Anti-Malware from one of these places:
|MG| Malwarebytes Anti-Malware 1.41 Download
Malwarebytes Anti-Malware - Reviews and free Malwarebytes Anti-Malware downloads at Download.com


Double Click mbam-setup.exe to install the application.
If it will not run make a copy of the MBAM.exe and rename MBAM.exe to xxx.exe and run that.Keep the genuine MBAM.exe as we may need to run that later as is.
* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
PLEASE NOTE:
If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.
Once that Malwarebytes' Anti-Malware is done removing the malware and you have rebooted the computer, browse around and see if you are still having that problem.

================================================== ===================================


You will need to download ComboFix.exe. Download Combofix from any of the links below. You must rename it before saving it. Name it ComFx, and Save it to your desktop.


http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe


* IMPORTANT !!! Save ComboFix.exe to your Desktop
It is important that it is saved and renamed following this process directly to your desktop**


Disable your AntiVirus and AntiSpyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with our tools. More help on your specific AV here: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Double click on ComFx.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes to continue scanning for malware.
When finished, it shall produce a log for you. Please include the ComboFix.txt in your reply.

Caution.....
Never use this program to remove files.Only use it with help from an experienced user.Wrongful use can damage your computer.

SUCCESS
many thanks. Malwarebytes got my registry & task manager back working again. I ran combofix just to be on the safe side. Here's the log if you're curious but I think everything is okay now.

Thanks again

ComboFix 09-10-11.03 - ***** 12/10/2009 22:43.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.353.1033.18.2008.911 [GMT 1:00]
Running from: c:\users\*****\Desktop\ComFx.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-2707268345-353831247-3212873955-500
c:\windows\Installer\1581c.msi
Q:\AUTORUN.INF
S:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2009-09-12 to 2009-10-12 )))))))))))))))))))))))))))))))
.
2009-10-12 21:58 . 2009-10-12 21:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-12 21:39 . 2009-10-12 21:39 6736 ----a-w- c:\windows\system32\drivers\PROCEXP90.SYS
2009-10-12 20:47 . 2009-10-12 20:47 -------- d-----w- c:\users\*****\AppData\Roaming\Malwarebytes
2009-10-12 20:47 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-12 20:47 . 2009-10-12 20:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-12 20:47 . 2009-10-12 20:47 -------- d-----w- c:\programdata\Malwarebytes
2009-10-12 20:47 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-05 22:18 . 2009-10-05 22:19 -------- d-----w- c:\users\*****\AppData\Roaming\CopyTransDoctor
2009-10-05 22:16 . 2009-10-05 22:16 -------- d-----w- c:\users\*****\AppData\Roaming\CopyTrans
2009-10-02 22:46 . 2009-10-01 09:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-09-16 04:16 . 2009-09-16 04:16 -------- d-----w- c:\users\*****\AppData\Roaming\Intel
2009-09-13 07:31 . 2009-08-14 14:16 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-09-13 07:31 . 2009-08-14 16:29 17920 ----a-w- c:\windows\system32\netevent.dll
2009-09-13 07:31 . 2009-08-14 14:16 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-09-13 07:31 . 2009-08-14 14:16 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-09-13 07:31 . 2009-08-14 14:16 10240 ----a-w- c:\windows\system32\finger.exe
2009-09-13 07:31 . 2009-08-14 14:16 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-09-13 07:31 . 2009-08-14 14:16 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-09-13 07:31 . 2009-08-14 17:01 220232 ----a-w- c:\windows\system32\drivers\netio.sys
2009-09-13 07:31 . 2009-08-14 16:29 104960 ----a-w- c:\windows\system32\netiohlp.dll
2009-09-13 07:31 . 2009-08-14 14:16 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-09-13 07:30 . 2009-08-14 17:01 900168 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-09-13 07:30 . 2009-08-14 17:01 98376 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2009-09-13 07:30 . 2009-08-14 16:23 438272 ----a-w- c:\windows\system32\IKEEXT.DLL
2009-09-13 07:30 . 2009-08-14 16:22 595456 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2009-09-13 07:30 . 2009-08-14 16:21 328704 ----a-w- c:\windows\system32\BFE.DLL
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-10-12 22:00 . 2008-12-04 02:24 2981 ----a-w- c:\windows\bthservsdp.dat
2009-10-12 21:21 . 2009-06-27 00:53 -------- d-----w- c:\users\*****\AppData\Roaming\Skype
2009-10-12 19:45 . 2009-06-27 00:55 -------- d-----w- c:\users\*****\AppData\Roaming\skypePM
2009-10-12 07:42 . 2009-08-12 08:20 680 ----a-w- c:\users\*****\AppData\Local\d3d9caps.dat
2009-10-05 22:17 . 2009-09-08 01:10 -------- d-----w- c:\users\*****\AppData\Roaming\WindSolutions
2009-09-13 07:30 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-13 07:30 . 2008-12-04 03:08 -------- d-----w- c:\programdata\Microsoft Help
2009-09-08 01:10 . 2009-09-08 01:10 -------- d-----w- c:\program files\WindSolutions
2009-09-08 01:10 . 2009-09-08 01:10 -------- d-----w- c:\programdata\WindSolutions
2009-09-07 00:26 . 2009-09-07 00:25 -------- d-----w- c:\program files\MagicDVDRipper
2009-09-05 10:06 . 2009-07-12 12:47 -------- d-----w- c:\users\*****\AppData\Roaming\vlc
2009-09-04 06:49 . 2009-09-04 06:49 -------- d-----w- c:\programdata\WindowsSearch
2009-09-03 09:33 . 2009-09-03 09:33 -------- d-----w- c:\programdata\Panda Software
2009-09-03 00:33 . 2009-09-03 00:33 249 ----a-w- c:\windows\system32\PavCPL.dat
2009-09-03 00:30 . 2009-09-03 00:30 -------- d-----w- c:\users\*****\AppData\Roaming\Panda Security
2009-09-03 00:30 . 2008-12-04 02:28 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-03 00:30 . 2009-09-03 00:30 -------- d-----w- c:\programdata\Panda Security
2009-09-03 00:30 . 2009-09-03 00:30 -------- d-----w- c:\program files\Panda Security
2009-09-03 00:25 . 2009-04-20 23:10 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-09-02 23:59 . 2009-09-02 23:59 -------- d-----w- c:\program files\Trend Micro
2009-08-28 12:39 . 2009-09-06 03:07 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 10:15 . 2009-09-06 03:07 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-19 01:21 . 2009-08-19 01:21 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-08-15 04:16 . 2009-07-27 06:24 -------- d-----w- c:\users\*****\AppData\Roaming\dvdcss
2009-07-18 16:06 . 2009-08-02 02:40 827904 ----a-w- c:\windows\system32\wininet.dll
2009-07-18 16:01 . 2009-08-02 02:40 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 09:46 . 2009-08-02 02:40 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 14:35 . 2009-08-13 00:20 71680 ----a-w- c:\windows\system32\atl.dll
2008-12-04 02:07 . 2008-12-04 02:06 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
2009-03-10 10:47 2079256 ----a-w- c:\program files\Softonic_English\tbSoft.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{930f1200-f5f1-4870-bac6-e233ec8e7023}"= "c:\program files\Softonic_English\tbSoft.dll" [2009-03-10 2079256]
[HKEY_CLASSES_ROOT\clsid\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{930F1200-F5F1-4870-BAC6-E233EC8E7023}"= "c:\program files\Softonic_English\tbSoft.dll" [2009-03-10 2079256]
[HKEY_CLASSES_ROOT\clsid\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-06-02 24264488]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2009-06-27 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"PMHandler"="c:\progra~1\Lenovo\PMDRIV~1\PMHandler .exe" [2009-09-05 108080]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2009-09-04 60192]
"TPWAUDAP"="c:\program files\Lenovo\HOTKEY\TpWAudAp.exe" [2009-09-05 54560]
"SmartAudio"="c:\program files\CONEXANT\SMARTAUDIO\SMAUDIO.EXE" [2009-09-05 2701880]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-11 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-11 170520]
"Persistence"="c:\windows\system32\igfxpers.ex e" [2008-07-11 145944]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-05-25 487424]
"LPManager"="c:\progra~1\Lenovo\LENOVO~2\LPMGR.exe " [2007-04-26 120368]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2008-04-25 244208]
"CameraApplicationLauncher"="c:\program files\Lenovo\Camera Center\bin\CameraApplicationLaunchpadLauncher.exe" [2008-10-07 16384]
"AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2007-02-01 439856]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2008-08-07 431392]
"ACWlIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWlIcon.exe" [2008-08-07 148768]
"TRUUpdater"="c:\program files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe" [2009-01-05 558360]
"WatcherHelper"="c:\program files\Sierra Wireless Inc\3G Watcher\WaHelper.exe" [2009-01-15 58648]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-09-05 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-05 292136]
"APVXDWIN"="c:\program files\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE" [2009-07-15 881920]
"SCANINICIO"="c:\program files\Panda Security\Panda Antivirus Pro 2009\Inicio.exe" [2008-07-07 50432]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2008-8-26 752168]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\PskSvcRetail]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\DomainProfile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{4C48F580-ECA4-4435-BC81-05AC5C36701B}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{70EBB093-B323-439E-AE5E-35B0013D034E}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{67C4F444-24CF-476B-958E-238A861A2492}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{0F3EE6FE-D216-41B2-B6B7-1E3819C080DC}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{F222F8F3-CF48-4E37-AC31-C2A5319AE074}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{11C49B34-A025-45C4-95BA-C04A488C755B}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{26E58A11-6436-4366-8553-18D897277D39}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{7A6ED855-5D40-4A3B-B0A6-E55311B27B87}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{821DAE26-AB67-4532-ACDE-7DBFB1EA6DC5}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{F1F73E64-F94E-4F78-B2C1-1BDEC28B7E13}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{DDAFA77A-945B-45B3-A187-EE2AEC3D257E}f:\\music\\music.exe"= UDP:f:\music\music.exe:Music
"UDP Query User{B5462CAD-EBC1-4CCA-B825-8EA3E5A47D48}f:\\music\\music.exe"= TCP:f:\music\music.exe:Music
"TCP Query User{6DB486F0-FAA1-4AF1-BF23-839FF597BEA9}c:\\program files\\intervideo\\windvd\\windvd.exe"= UDP:c:\program files\intervideo\windvd\windvd.exe:WinDVD
"UDP Query User{7FC5B638-29B3-4C5D-8AB7-F0EC8913EAEA}c:\\program files\\intervideo\\windvd\\windvd.exe"= TCP:c:\program files\intervideo\windvd\windvd.exe:WinDVD
"TCP Query User{161FEBEF-573B-4749-A338-8A3A51D05DCC}f:\\programs\\copytrans_suite_v1.36.e xe"= UDP:f:\programs\copytrans_suite_v1.36.exe:CopyTran s_Suite_v1.36
"UDP Query User{4EE8B2A7-D62E-4FDF-AF69-781C9801FC1B}f:\\programs\\copytrans_suite_v1.36.e xe"= TCP:f:\programs\copytrans_suite_v1.36.exe:CopyTran s_Suite_v1.36
"{CF76E94D-2A79-442C-AC90-D382869668A6}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{75345C03-905C-4679-AFBE-2D61A0D0BC49}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{F152EF72-A95D-4A1B-9075-7596D812A66D}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{648B4FAD-DE15-4AF5-AF35-8542B307CA0E}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{E84BFA22-9808-492F-9A14-F681896D7233}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{730C14AA-B63B-4412-9165-1D1B49D7E337}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{6B8CEC64-B282-485C-B6B7-A4D66540C689}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{6235E152-6C1E-464D-AE19-B999C27B003D}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{4F1B4785-10D9-404F-AD11-A24C3620D21B}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{2B78841D-F300-4F16-B9BF-AF0463114AB7}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{38BCD9E0-26AF-4976-AC2D-4063B8723167}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{A13075D9-1C24-44B4-8C7F-6187E62B58EF}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{B558292F-B1FC-403A-867B-297053A091B0}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{074373BE-4077-493E-B699-6C863247F46A}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{BB0A67E2-A801-4184-96EB-ED0A8D45F217}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{CAABBB1E-1F72-418F-AA50-D992876545EC}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{30FAE858-7F0F-42B9-A3B8-8C06C9B9D225}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{0434C337-EDF0-451C-9654-49D6FD9214F3}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{23EBA61F-57DE-4B41-9DDA-29490F52514B}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{79C69259-49D2-4785-A54F-922BAD507ED4}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{97A75336-D877-4A67-9D74-68ABF4A8BF00}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{87377024-0574-442A-81E0-A32830A7499D}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{C8DABC48-EEBA-42FF-9342-BFEC181C3295}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{9ED451B7-2F79-4D18-BEDB-7CAA5D6DE9CC}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{5A9C32A3-187B-4BE1-BDB2-115C70C48B93}"= c:\program files\Skype\Phone\Skype.exe:Skype
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\PublicProfile]
"DoNotAllowExceptions"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\Sierra Wireless Inc\\3G Watcher\\SwiApiMux.exe"= c:\program files\Sierra Wireless Inc\3G Watcher\SwiApiMux.exe:*:Enabled:SwiApiMux
"c:\\Program Files\\Sierra Wireless Inc\\3G Watcher\\TRUUpdater.exe"= c:\program files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe:*:Enabled:TRUUpdater
"c:\\Program Files\\Sierra Wireless Inc\\WebUpdater\\SwiApiMux.exe"= c:\program files\Sierra Wireless Inc\WebUpdater\SwiApiMux.exe:*:Enabled:SwiApiMux
"q:\\SWTOOLS\\APPS\\NORTONIS\\US\\Setup.exe"= q:\swtools\APPS\NORTONIS\US\Setup.exe:*:Enabled:ip sec
"f:\\Programs\\CopyTrans_Suite_v1.36.exe"= f:\programs\CopyTrans_Suite_v1.36.exe:*:Enabled:ip sec
"c:\\Windows\\system32\\Dwm.exe"= c:\windows\system32\Dwm.exe:*:Enabled:ipsec
"c:\\Program Files\\iTunes\\iTunes.exe"= c:\program files\iTunes\iTunes.exe:*:Enabled:ipsec
"c:\\Users\\*****\\AppData\\Local\\Temp\\winpnoa.e xe"= c:\users\*****\AppData\Local\Temp\winpnoa.exe:*:En abled:ipsec
"c:\\Users\\*****\\AppData\\Local\\Temp\\winycvpx. exe"= c:\users\*****\AppData\Local\Temp\winycvpx.exe:*:E nabled:ipsec
"c:\\Users\\*****\\AppData\\Local\\Temp\\winbrau.e xe"= c:\users\*****\AppData\Local\Temp\winbrau.exe:*:En abled:ipsec
"c:\\Users\\*****\\AppData\\Local\\Temp\\w10167c.e xe"= c:\users\*****\AppData\Local\Temp\w10167c.exe:*:En abled:ipsec
"c:\\Users\\*****\\AppData\\Local\\Temp\\wingoue.e xe"= c:\users\*****\AppData\Local\Temp\wingoue.exe:*:En abled:ipsec
"c:\\Users\\*****\\AppData\\Local\\Temp\\fvcy.exe" = c:\users\*****\AppData\Local\Temp\fvcy.exe:*:Enabl ed:ipsec
"c:\\Users\\*****\\AppData\\Local\\Temp\\winjcrkv. exe"= c:\users\*****\AppData\Local\Temp\winjcrkv.exe:*:E nabled:ipsec
"c:\\Program Files\\Microsoft Games\\Solitaire\\Solitaire.exe"= c:\program files\Microsoft Games\Solitaire\Solitaire.exe:*:Enabled:ipsec
"c:\\Program Files\\Lenovo\\PM Driver\\PMHandler.exe"= c:\program files\Lenovo\PM Driver\PMHandler.exe:*:Enabled:ipsec
"c:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe"= c:\program files\Microsoft Office\Office12\GrooveMonitor.exe:*:Enabled:ipsec
"c:\\Program Files\\Adobe\\Reader 8.0\\Reader\\reader_sl.exe"= c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe:*:Enabled:ipsec
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= c:\program files\Skype\Plugin Manager\skypePM.exe:*:Enabled:ipsec
"c:\\Windows\\system32\\conime.exe"= c:\windows\system32\conime.exe:*:Enabled:ipsec
"c:\\Program Files\\Windows Sidebar\\sidebar.exe"= c:\program files\Windows Sidebar\sidebar.exe:*:Enabled:ipsec
"c:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolba rNotifier.exe"= c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe:*:Enabled:ipsec
"c:\\Program Files\\Lenovo\\NPDIRECT\\tpfnf7sp.exe"= c:\program files\Lenovo\NPDIRECT\tpfnf7sp.exe:*:Enabled:ipsec
"c:\\Program Files\\Apoint2K\\Apoint.exe"= c:\program files\Apoint2K\Apoint.exe:*:Enabled:ipsec
"c:\\Program Files\\Windows Defender\\MSASCui.exe"= c:\program files\Windows Defender\MSASCui.exe:*:Enabled:ipsec
"c:\\Program Files\\Windows Media Player\\wmpnscfg.exe"= c:\program files\Windows Media Player\wmpnscfg.exe:*:Enabled:ipsec
"c:\\Windows\\System32\\igfxpers.exe"= c:\windows\System32\igfxpers.exe:*:Enabled:ipsec
"c:\\Program Files\\Lenovo\\Rescue and Recovery\\UpdateMonitor.exe"= c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe:*:Enabled:ipsec
"c:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe"= c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe:*:Enabled:ipsec
"c:\\Users\\*****\\AppData\\Local\\Temp\\vgxq.exe" = c:\users\*****\AppData\Local\Temp\vgxq.exe:*:Enabl ed:ipsec
"c:\\Users\\*****\\AppData\\Local\\Temp\\winmhdfus .exe"= c:\users\*****\AppData\Local\Temp\winmhdfus.exe:*: Enabled:ipsec
"c:\\Users\\*****\\AppData\\Local\\Temp\\crevtb.ex e"= c:\users\*****\AppData\Local\Temp\crevtb.exe:*:Ena bled:ipsec
"c:\\Users\\*****\\AppData\\Local\\Temp\\w269453.e xe"= c:\users\*****\AppData\Local\Temp\w269453.exe:*:En abled:ipsec
"c:\\Users\\*****\\AppData\\Local\\Temp\\7zS92EC.t mp\\SymNRT.exe"= c:\users\*****\AppData\Local\Temp\7zS92EC.tmp\SymN RT.exe:*:Enabled:ipsec
"c:\\Users\\*****\\AppData\\Local\\Temp\\winifkuf. exe"= c:\users\*****\AppData\Local\Temp\winifkuf.exe:*:E nabled:ipsec
"c:\\Users\\*****\\AppData\\Local\\Temp\\winnqivc. exe"= c:\users\*****\AppData\Local\Temp\winnqivc.exe:*:E nabled:ipsec
"c:\\Users\\*****\\AppData\\Local\\Temp\\winqvwx.e xe"= c:\users\*****\AppData\Local\Temp\winqvwx.exe:*:En abled:ipsec
"c:\\Users\\*****\\AppData\\Local\\Temp\\winijtyd. exe"= c:\users\*****\AppData\Local\Temp\winijtyd.exe:*:E nabled:ipsec
"c:\\Users\\*****\\AppData\\Local\\Temp\\soiv.exe" = c:\users\*****\AppData\Local\Temp\soiv.exe:*:Enabl ed:ipsec
"c:\\Users\\*****\\AppData\\Local\\Temp\\winjnvylj .exe"= c:\users\*****\AppData\Local\Temp\winjnvylj.exe:*: Enabled:ipsec
"c:\\Program Files\\Lenovo\\Rescue and Recovery\\br_funcs.exe"= c:\program files\Lenovo\Rescue and Recovery\br_funcs.exe:*:Enabled:ipsec
"c:\\Program Files\\Common Files\\Lenovo\\bmgr\\bmgr32.exe"= c:\program files\Common Files\Lenovo\bmgr\bmgr32.exe:*:Enabled:ipsec
"c:\\Program Files\\Panda Security\\Panda Antivirus Pro 2009\\IFACE.EXE"= c:\program files\Panda Security\Panda Antivirus Pro 2009\IFACE.EXE:*:Enabled:ipsec
"c:\\Program Files\\CONEXANT\\SmartAudio\\SmAudio.exe"= c:\program files\CONEXANT\SmartAudio\SmAudio.exe:*:Enabled:ip sec
"c:\\Windows\\ehome\\ehtray.exe"= c:\windows\ehome\ehtray.exe:*:Enabled:ipsec
"c:\\Program Files\\Lenovo\\HOTKEY\\TpWAudAp.exe"= c:\program files\Lenovo\HOTKEY\TpWAudAp.exe:*:Enabled:ipsec
"c:\\Program Files\\Common Files\\Roxio Shared\\10.0\\SharedCOM\\RoxWatchTray10.exe"= c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe:*:Enabled :ipsec
"c:\\Windows\\System32\\hkcmd.exe"= c:\windows\System32\hkcmd.exe:*:Enabled:ipsec
R0 pavboot;Panda boot driver;c:\windows\System32\drivers\pavboot.sys [03/09/2009 01:28 28544]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\System32\drivers\smiif32.sys [20/05/2008 03:12 13480]
R1 ShldDrv;Panda File Shield Driver;c:\windows\System32\drivers\ShlDrv51.sys [03/09/2009 01:26 41144]
R2 AmFSM;AmFSM;c:\windows\System32\drivers\amm8660.sy s [03/09/2009 01:33 49208]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [12/01/2008 02:50 30312]
R2 FNF5SVC;Fn+F5 Service;c:\program files\Lenovo\HOTKEY\FnF5svc.exe [11/09/2008 07:49 54560]
R2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k Panda --> c:\windows\system32\svchost -k Panda [?]
R2 PavProc;Panda Process Protection Driver;c:\windows\System32\drivers\PavProc.sys [03/09/2009 01:26 179640]
R2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Antivirus Pro 2009\psksvc.exe [03/09/2009 01:32 28928]
R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [11/09/2008 07:49 53325]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [25/05/2008 01:17 520192]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [25/01/2008 03:32 183808]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [04/12/2008 03:32 29736]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\System32\drivers\IntcHdmi.sys [04/12/2008 03:39 112128]
R3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [04/12/2008 03:34 97536]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\System32\drivers\NETw5v32.sys [28/04/2008 15:29 3658752]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\System32\drivers\tvti2c.sys [23/02/2008 00:54 37312]
R3 vm331avs;Lenovo EasyCamera;c:\windows\System32\drivers\vm331avs.sy s [04/12/2008 03:30 974336]
S1 tvtumon;tvtumon;c:\windows\System32\drivers\tvtumo n.sys [25/05/2008 00:28 48192]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [25/04/2008 17:18 362992]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [25/04/2008 17:16 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [25/04/2008 17:15 166384]
S2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\ AppData\Local\Temp\DX9\SessionLauncher.exe --> c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLa uncher.exe [?]
S2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [25/05/2008 00:28 253952]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [24/11/2008 23:31 29263712]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [25/04/2008 17:18 313840]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [25/04/2008 17:15 1120752]
S3 SWNC8U90;Sierra Wireless MUX NDIS Driver (UMTS90);c:\windows\System32\drivers\swnc8u90.sys [02/12/2008 11:10 173312]
S3 SWUMX90;Sierra Wireless USB MUX Driver (UMTS90);c:\windows\System32\drivers\swumx90.sys [17/11/2008 15:33 145280]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
panda REG_MULTI_SZ Gwmsrv
.
Contents of the 'Scheduled Tasks' folder
2009-10-12 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 15:54]
2009-10-12 c:\windows\Tasks\User_Feed_Synchronization-{26EE0FC9-792F-4BAF-92FE-86D178FC36D2}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://g.msn.ie/0SEENIE/SAOS01?FORM=TOOLBR
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-AirCardEnabler - (no file)

************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-10-12 23:03
Windows 6.0.6001 Service Pack 1 NTFS
detected NTDLL code modification:
ZwEnumerateKey, ZwClose, ZwEnumerateValueKey, ZwQueryValueKey, ZwOpenFile
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ***\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ***\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ***\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ***\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(4556)
c:\windows\system32\btncopy.dll
c:\program files\Lenovo\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Lenovo\Drag-to-Disc\ShellRes.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe
c:\program files\Panda Security\Panda Antivirus Pro 2009\WebProxy.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\wlanext.exe
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Lenovo\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Panda Security\Panda Antivirus Pro 2009\PsCtrlS.exe
c:\program files\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe
c:\program files\Common Files\Panda Security\PavShld\PavPrSrv.exe
c:\program files\Panda Security\Panda Antivirus Pro 2009\pavsrvx86.exe
c:\program files\Panda Security\Panda Antivirus Pro 2009\AVENGINE.EXE
c:\program files\Lenovo\PM Driver\PMSveH.exe
c:\program files\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\windows\System32\drivers\XAudio.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
.
************************************************** ************************
.
Completion time: 2009-10-12 23:12 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-12 22:12
Pre-Run: 8,718,430,208 bytes free
Post-Run: 10,233,937,920 bytes free
361 --- E O F --- 2009-10-12 19:54

Ok.Just a cleanup to do...


========================================
Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.
It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open *notepad* and copy/paste the red text in the quotebox below into it:
Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.


Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt
Please copy and paste the ComboFix.txt in your next reply please.

*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.Altering this script in any way could damage your computer*