Jump to content

Recommended Posts

Hello. So I cannot install Malwarebytes. A weird program named "Windows Security Center 2011" continues to pop up. With that program in my Windows task manager is another program named "yiv.exe" I googled it, and it brought me here. I'm not sure if it's malware or not... Anyway, this program will not let me install Malwarebytes. I've downloaded it, but I can't install it. Is it too late for me? :)

Link to post
Share on other sites

Hello KajiFox! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Follow my instructions step by step if there is a problem somewhere, stop and tell me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.
  • Keep me informed about any changes.
  • Post all of your log files, don't attach them.

Download DDS and save it to your desktop from here, here or here

Double click dds to run the tool.

  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt

    [*]Save both reports to your desktop. Post them back to your topic.

Link to post
Share on other sites

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by FireFox at 0:45:32.67 on Mon 03/28/2011

Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_23

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3050.2182 [GMT -7:00]

.

AV: Norton AntiVirus *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\ibmpmsvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Intel\WiFi\bin\S24EvMon.exe

C:\WINDOWS\system32\Ati2evxx.exe

svchost.exe

svchost.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe

C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

C:\WINDOWS\System32\svchost.exe -k Akamai

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Intel\AMT\LMS.exe

C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PSIService.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

C:\WINDOWS\System32\TPHDEXLG.exe

C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe

C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe

c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe

C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE

c:\program files\lenovo\system update\suservice.exe

C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe

C:\WINDOWS\system32\TpShocks.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe

C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe

C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

C:\Program Files\Lenovo\Zoom\TpScrex.exe

C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe

C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Lenovo\Camera Center\bin\LenovoCameraCenter.exe

C:\Program Files\Lenovo\Client Security Solution\cssauth.exe

C:\Program Files\Microsoft LifeChat\LifeChat.exe

C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe

C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe

C:\Program Files\Alwil Software\Avast5\avastUI.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\PROGRA~1\ThinkPad\UTILIT~1\PWMUIAux.exe

C:\Program Files\Common Files\Java\Java Update\jucheck.exe

C:\Program Files\Windows Live\Toolbar\wltuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\FireFox\Desktop\dds.scr

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.yahoo.com/

uSearch Page =

uSearch Bar =

mDefault_Page_URL = hxxp://lenovo.live.com

uInternet Settings,ProxyOverride = *.local

mSearchAssistant =

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Yahooo Search Protection: {25bc7718-0bfa-40ea-b381-4b2d9732d686} - c:\program files\yahoo!\search protection\ysp.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\16.8.0.41\IPSBHO.DLL

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: BrowserHelper Class: {8a9d74f9-560b-4fe7-abeb-3b2e638e5cd6} - c:\program files\sgpsa\SearchAssistant.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll

BHO: IePasswordManagerHelper Class: {bf468356-bb7e-42d7-9f15-4f3b9bcfced2} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe

uRun: [YSearchProtection] c:\program files\yahoo!\search protection\YspService.exe

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [picon] "c:\program files\common files\intel\privacy icon\PrivacyIconClient.exe" -startup

mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r

mRun: [<NO NAME>]

mRun: [TpShocks] TpShocks.exe

mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe

mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe

mRun: [LENOVO.TPFNF6R] c:\program files\lenovo\hotkey\TPFNF6R.exe

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe

mRun: [LPMailChecker] c:\progra~1\thinkv~1\prdctr\LPMLCHK.exe

mRun: [CameraApplicationLauncher] c:\program files\lenovo\camera center\bin\CameraApplicationLaunchpadLauncher.exe

mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor

mRun: [bLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog

mRun: [CreateLMBCShortCut] "c:\program files\lenovo\mobile broadband connect\UserShortcutCreator.exe"

mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent

mRun: [LifeChat] "c:\program files\microsoft lifechat\LifeChat.exe"

mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Message Center Plus] c:\program files\lenovo\message center plus\MCPLaunch.exe /start

mRun: [smartAudio] c:\program files\conexant\saii\SAIICpl.exe /t

mRun: [LenovoAutoScrollUtility] c:\program files\lenovo\virtscrl\virtscrl.exe

mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

IE: Open with WordPerfect - c:\program files\wordperfect office x3\programs\WPLauncher.hta

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL

IE: {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - c:\program files\yahoo!\search protection\ysp.dll

IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll

DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab

DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} - hxxp://avatar.mabinogi.com:88/renderer/mabiweb.2009.4.9.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: ACNotify - ACNotify.dll

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

LSA: Notification Packages = scecli ACGina

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\docume~1\firefox\applic~1\mozilla\firefox\profiles\p1wqlc8p.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll

FF - component: c:\documents and settings\firefox\application data\mozilla\firefox\profiles\p1wqlc8p.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

FF - component: c:\documents and settings\firefox\application data\mozilla\firefox\profiles\p1wqlc8p.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll

FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll

FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

.

============= SERVICES / DRIVERS ===============

.

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1008000.029\SymEFA.sys [2010-1-28 310320]

R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2008-5-14 19496]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-2-4 294608]

R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nav\1008000.029\BHDrvx86.sys [2010-1-28 259632]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nav\1008000.029\cchpx86.sys [2010-1-28 482432]

R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100901.003\IDSXpx86.sys [2010-9-2 331640]

R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2010-11-26 13480]

R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2006-4-29 14336]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-2-4 17744]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-2-4 40384]

R2 Norton AntiVirus;Norton AntiVirus;c:\program files\norton antivirus\engine\16.8.0.41\ccSvcHst.exe [2010-1-28 117640]

R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2009-6-6 53248]

R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2009-4-16 63928]

R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2008-11-24 520192]

R2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\common files\intel\privacy icon\uns\UNS.exe [2009-6-6 2058776]

R3 5U875UVC;Integrated Camera;c:\windows\system32\drivers\5U875.sys [2009-6-6 72448]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2009-6-6 243856]

R3 LenovoRd;LenovoRd;c:\windows\system32\drivers\LenovoRd.sys [2009-6-6 81280]

R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2008-2-22 37312]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-4 135664]

S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2009-4-16 45496]

S2 SessionLauncher;SessionLauncher;c:\docume~1\admini~1\locals~1\temp\dx9\sessionlauncher.exe --> c:\docume~1\admini~1\locals~1\temp\dx9\SessionLauncher.exe [?]

S3 AhnRptTfFRegFNT;AhnRptTfFRegFNT;\??\c:\docume~1\firefox\locals~1\temp\nsu17.tmp\tffregnt.sys --> c:\docume~1\firefox\locals~1\temp\nsu17.tmp\TfFRegNt.sys [?]

S3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100902.023\NAVENG.SYS [2010-9-2 85424]

S3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100902.023\NAVEX15.SYS [2010-9-2 1362608]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-4-15 1120752]

.

=============== File Associations ===============

.

regfile="regedit.exe" "%1"

.

=============== Created Last 30 ================

.

2011-03-28 06:35:34 335872 --sha-w- c:\docume~1\firefox\locals~1\applic~1\yiv.exe

2011-03-28 06:35:34 335872 --sha-w- c:\docume~1\firefox\locals~1\applic~1\jnl.exe

2011-03-24 02:52:36 138536 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2011-03-24 02:52:29 270408 ----a-w- c:\windows\system32\PnkBstrB.xtr

2011-03-24 02:52:26 -------- d-----w- c:\docume~1\firefox\locals~1\applic~1\PunkBuster

2011-03-24 02:43:53 -------- d-----w- c:\docume~1\firefox\locals~1\applic~1\Ubisoft Game Launcher

2011-03-24 02:43:49 -------- d-----w- c:\docume~1\firefox\applic~1\Ubisoft

2011-03-24 02:24:58 270408 ----a-w- c:\windows\system32\PnkBstrB.exe

2011-03-24 02:24:58 270408 ----a-w- c:\windows\system32\PnkBstrB.ex0

2011-03-24 02:24:57 75136 ----a-w- c:\windows\system32\PnkBstrA.exe

2011-03-24 02:24:51 -------- d-----w- c:\docume~1\firefox\applic~1\PunkBuster

2011-03-19 02:08:30 -------- d-----w- c:\program files\Lame For Audacity

2011-03-17 07:39:21 -------- d-----w- c:\program files\Audacity

2011-03-13 01:30:20 25048 ----a-w- c:\program files\mozilla firefox\components\browserdirprovider.dll

2011-03-13 01:30:20 140248 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll

2011-03-02 07:06:39 -------- d-----w- c:\docume~1\firefox\applic~1\MSNInstaller

.

==================== Find3M ====================

.

2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll

2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll

2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll

2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe

2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll

2011-01-13 08:47:35 38848 ----a-w- c:\windows\avastSS.scr

2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys

.

============= FINISH: 0:46:10.56 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_11-03-05.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 6/6/2009 11:26:31 PM

System Uptime: 3/27/2011 3:44:08 PM (9 hours ago)

.

Motherboard: LENOVO | | 2081CTO

Processor: Intel Pentium III Xeon processor | None | 2393/266mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 292 GiB total, 245.419 GiB free.

D: is Removable

E: is CDROM (CDFS)

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: 1394 Net Adapter

Device ID: V1394\NIC1394\2A3DA5A361B03

Manufacturer: Microsoft

Name: 1394 Net Adapter

PNP Device ID: V1394\NIC1394\2A3DA5A361B03

Service: NIC1394

.

==== System Restore Points ===================

.

RP401: 12/29/2010 5:32:30 PM - System Checkpoint

RP402: 12/31/2010 3:19:35 PM - System Checkpoint

RP403: 1/1/2011 3:00:14 AM - Software Distribution Service 3.0

RP404: 1/3/2011 12:54:19 PM - System Checkpoint

RP405: 1/4/2011 1:23:44 PM - System Checkpoint

RP406: 1/5/2011 12:58:07 AM - Software Distribution Service 3.0

RP407: 1/6/2011 1:14:42 AM - System Checkpoint

RP408: 1/6/2011 1:46:45 AM - Installed Java 6 Update 23

RP409: 1/7/2011 4:00:20 PM - System Checkpoint

RP410: 1/8/2011 12:56:09 AM - Installed DirectX

RP411: 1/9/2011 1:57:14 PM - System Checkpoint

RP412: 1/10/2011 2:41:40 PM - System Checkpoint

RP413: 1/11/2011 6:05:26 PM - System Checkpoint

RP414: 1/12/2011 2:31:54 AM - Software Distribution Service 3.0

RP415: 1/13/2011 2:06:09 PM - System Checkpoint

RP416: 1/14/2011 2:28:57 PM - System Checkpoint

RP417: 1/16/2011 5:03:00 PM - System Checkpoint

RP418: 1/18/2011 5:29:56 PM - System Checkpoint

RP419: 1/19/2011 8:52:37 PM - System Checkpoint

RP420: 1/21/2011 10:51:34 AM - System Checkpoint

RP421: 1/22/2011 10:17:46 PM - System Checkpoint

RP422: 1/23/2011 11:31:27 PM - System Checkpoint

RP423: 1/25/2011 7:50:47 PM - System Checkpoint

RP424: 1/26/2011 9:38:35 PM - System Checkpoint

RP425: 1/29/2011 2:07:18 PM - System Checkpoint

RP426: 1/30/2011 4:32:34 PM - System Checkpoint

RP427: 1/31/2011 5:31:08 PM - System Checkpoint

RP428: 2/1/2011 7:35:35 PM - System Checkpoint

RP429: 2/3/2011 9:20:17 AM - System Checkpoint

RP430: 2/4/2011 11:43:03 AM - System Checkpoint

RP431: 2/4/2011 2:21:42 PM - avast! Free Antivirus Setup

RP432: 2/6/2011 1:46:16 AM - System Checkpoint

RP433: 2/7/2011 9:06:42 AM - System Checkpoint

RP434: 2/8/2011 5:39:24 PM - System Checkpoint

RP435: 2/9/2011 12:03:18 AM - Software Distribution Service 3.0

RP436: 2/11/2011 1:05:44 AM - System Checkpoint

RP437: 2/12/2011 12:44:45 PM - System Checkpoint

RP438: 2/13/2011 3:11:19 PM - System Checkpoint

RP439: 2/15/2011 4:59:01 PM - System Checkpoint

RP440: 2/17/2011 8:19:12 AM - System Checkpoint

RP441: 2/19/2011 7:17:52 PM - System Checkpoint

RP442: 2/20/2011 7:38:18 PM - System Checkpoint

RP443: 2/22/2011 8:19:21 AM - System Checkpoint

RP444: 2/23/2011 6:06:59 PM - System Checkpoint

RP445: 2/25/2011 9:39:36 PM - System Checkpoint

RP446: 2/27/2011 5:12:53 PM - System Checkpoint

RP447: 3/2/2011 7:08:40 PM - System Checkpoint

RP448: 3/4/2011 1:04:11 PM - System Checkpoint

RP449: 3/5/2011 1:26:48 PM - System Checkpoint

RP450: 3/6/2011 10:15:35 PM - System Checkpoint

RP451: 3/8/2011 6:13:21 PM - System Checkpoint

RP452: 3/9/2011 10:50:42 AM - Software Distribution Service 3.0

RP453: 3/12/2011 3:03:54 PM - System Checkpoint

RP454: 3/13/2011 4:06:47 PM - System Checkpoint

RP455: 3/14/2011 4:46:20 PM - System Checkpoint

RP456: 3/15/2011 2:04:58 AM - Software Distribution Service 3.0

RP457: 3/16/2011 1:14:42 PM - System Checkpoint

RP458: 3/17/2011 9:54:29 PM - System Checkpoint

RP459: 3/19/2011 1:10:21 PM - System Checkpoint

RP460: 3/20/2011 1:32:25 PM - System Checkpoint

RP461: 3/21/2011 3:41:20 PM - System Checkpoint

RP462: 3/22/2011 7:14:39 PM - System Checkpoint

RP463: 3/23/2011 7:03:54 PM - Installed Assassin's Creed Brotherhood

RP464: 3/23/2011 7:21:37 PM - Installed DirectX

RP465: 3/23/2011 7:24:17 PM - Installed Ubisoft Game Launcher

RP466: 3/25/2011 1:43:21 AM - Software Distribution Service 3.0

RP467: 3/27/2011 2:17:18 PM - System Checkpoint

.

==== Installed Programs ======================

.

.

Access Help

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 8.2.4

Akamai NetSession Interface

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Assassin's Creed Brotherhood

ATI - Software Uninstall Utility

ATI Catalyst Control Center

ATI Display Driver

Audacity 1.2.6

avast! Free Antivirus

Bonjour

Camera Center

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Localization Chinese Standard

Catalyst Control Center Localization Chinese Traditional

Catalyst Control Center Localization Dutch

Catalyst Control Center Localization French

Catalyst Control Center Localization German

Catalyst Control Center Localization Italian

Catalyst Control Center Localization Japanese

Catalyst Control Center Localization Korean

Catalyst Control Center Localization Portuguese

Catalyst Control Center Localization Spanish

Catalyst Control Center Localization Swedish

ccc-core-preinstall

ccc-core-static

ccc-utility

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Dutch

CCC Help English

CCC Help French

CCC Help German

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Portuguese

CCC Help Spanish

CCC Help Swedish

Client Security - Password Manager

Conexant 20561 SmartAudio HD

DirectXInstallService

Drag-to-Disc

GIMP 2.6.11

Google Toolbar for Internet Explorer

Google Update Helper

Guild Wars

Help Center

High Definition Audio Driver Package - KB888111

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB949764)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

IL Download Manager

Integrated Camera Driver Installer Package Ver.1.18.500.0

Integrated Camera TWAIN

Intel PROSet Wireless

Intel® Management Engine Interface

Intel® Network Connections Drivers

Intel® PROSet/Wireless WiFi Software

Intel

Link to post
Share on other sites

Thanks!

Step 1

First of all, you should not have more than one anti-virus program installed as they will conflict and cause problems. You have two so you need to uninstall one of them. Of the two, I would recommend keeping avast! Free Antivirus, so please uninstall Norton AntiVirus.

Step 2

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)

There are 6 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click and choose Run as Admin

You only need to get one of them to run, not all of them.

  1. rkill.exe
  2. rkill.com
  3. rkill.scr
  4. WiNlOgOn.exe
  5. uSeRiNiT.exe

Once you've gotten one of them to run then try to immediately run the Malwarebytes' Anti-Malware and try to install it. If you still have a problem, try to rename it from mbam-setup.exe to firefox.exe or if not firefox.com.

Step 3

  • Launch Malwarebytes' Anti-Malware
  • Go to Update" tab and select Check for Updates.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

In your next reply, please post the following logs:

  1. Malwarebytes' Anti-Malware log
  2. a new fresh DDS log only

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6190

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.11

3/28/2011 1:15:22 AM

mbam-log-2011-03-28 (01-15-16).txt

Scan type: Quick scan

Objects scanned: 164609

Time elapsed: 4 minute(s), 55 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 4

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken.

Folders Infected:

(No malicious items detected)

Files Infected:

c:\documents and settings\FireFox\local settings\application data\jnl.exe (Trojan.FakeAlert) -> No action taken.

c:\documents and settings\FireFox\local settings\application data\yiv.exe (Trojan.FakeAlert) -> No action taken.

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by FireFox at 1:21:49.17 on Mon 03/28/2011

Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_23

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3050.2321 [GMT -7:00]

.

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\ibmpmsvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Intel\WiFi\bin\S24EvMon.exe

svchost.exe

svchost.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe

C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

C:\WINDOWS\System32\svchost.exe -k Akamai

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Intel\AMT\LMS.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PSIService.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

C:\WINDOWS\System32\TPHDEXLG.exe

C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe

C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe

c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe

C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE

c:\program files\lenovo\system update\suservice.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\TpShocks.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe

C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe

C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Lenovo\Zoom\TpScrex.exe

C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe

C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe

C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Lenovo\Client Security Solution\cssauth.exe

C:\Program Files\Lenovo\Camera Center\bin\LenovoCameraCenter.exe

C:\Program Files\Microsoft LifeChat\LifeChat.exe

C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe

C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe

C:\Program Files\Alwil Software\Avast5\avastUI.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\PROGRA~1\ThinkPad\UTILIT~1\PWMUIAux.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Windows Live\Toolbar\wltuser.exe

C:\Documents and Settings\FireFox\Desktop\dds.scr

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.yahoo.com/

uSearch Page =

uSearch Bar =

mDefault_Page_URL = hxxp://lenovo.live.com

uInternet Settings,ProxyOverride = *.local

mSearchAssistant =

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Yahooo Search Protection: {25bc7718-0bfa-40ea-b381-4b2d9732d686} - c:\program files\yahoo!\search protection\ysp.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: BrowserHelper Class: {8a9d74f9-560b-4fe7-abeb-3b2e638e5cd6} - c:\program files\sgpsa\SearchAssistant.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll

BHO: IePasswordManagerHelper Class: {bf468356-bb7e-42d7-9f15-4f3b9bcfced2} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe

uRun: [YSearchProtection] c:\program files\yahoo!\search protection\YspService.exe

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [picon] "c:\program files\common files\intel\privacy icon\PrivacyIconClient.exe" -startup

mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r

mRun: [<NO NAME>]

mRun: [TpShocks] TpShocks.exe

mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe

mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe

mRun: [LENOVO.TPFNF6R] c:\program files\lenovo\hotkey\TPFNF6R.exe

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe

mRun: [LPMailChecker] c:\progra~1\thinkv~1\prdctr\LPMLCHK.exe

mRun: [CameraApplicationLauncher] c:\program files\lenovo\camera center\bin\CameraApplicationLaunchpadLauncher.exe

mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor

mRun: [bLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog

mRun: [CreateLMBCShortCut] "c:\program files\lenovo\mobile broadband connect\UserShortcutCreator.exe"

mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent

mRun: [LifeChat] "c:\program files\microsoft lifechat\LifeChat.exe"

mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Message Center Plus] c:\program files\lenovo\message center plus\MCPLaunch.exe /start

mRun: [smartAudio] c:\program files\conexant\saii\SAIICpl.exe /t

mRun: [LenovoAutoScrollUtility] c:\program files\lenovo\virtscrl\virtscrl.exe

mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

IE: Open with WordPerfect - c:\program files\wordperfect office x3\programs\WPLauncher.hta

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL

IE: {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - c:\program files\yahoo!\search protection\ysp.dll

IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll

DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab

DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} - hxxp://avatar.mabinogi.com:88/renderer/mabiweb.2009.4.9.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: ACNotify - ACNotify.dll

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

LSA: Notification Packages = scecli ACGina

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\docume~1\firefox\applic~1\mozilla\firefox\profiles\p1wqlc8p.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll

FF - component: c:\documents and settings\firefox\application data\mozilla\firefox\profiles\p1wqlc8p.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

FF - component: c:\documents and settings\firefox\application data\mozilla\firefox\profiles\p1wqlc8p.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll

FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll

FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

.

============= SERVICES / DRIVERS ===============

.

R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2008-5-14 19496]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-2-4 294608]

R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2010-11-26 13480]

R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2006-4-29 14336]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-2-4 17744]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-2-4 40384]

R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2009-6-6 53248]

R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2009-4-16 63928]

R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2008-11-24 520192]

R2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\common files\intel\privacy icon\uns\UNS.exe [2009-6-6 2058776]

R3 5U875UVC;Integrated Camera;c:\windows\system32\drivers\5U875.sys [2009-6-6 72448]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2009-6-6 243856]

R3 LenovoRd;LenovoRd;c:\windows\system32\drivers\LenovoRd.sys [2009-6-6 81280]

R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2008-2-22 37312]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-4 135664]

S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2009-4-16 45496]

S2 SessionLauncher;SessionLauncher;c:\docume~1\admini~1\locals~1\temp\dx9\sessionlauncher.exe --> c:\docume~1\admini~1\locals~1\temp\dx9\SessionLauncher.exe [?]

S3 AhnRptTfFRegFNT;AhnRptTfFRegFNT;\??\c:\docume~1\firefox\locals~1\temp\nsu17.tmp\tffregnt.sys --> c:\docume~1\firefox\locals~1\temp\nsu17.tmp\TfFRegNt.sys [?]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-4-15 1120752]

.

=============== Created Last 30 ================

.

2011-03-28 08:08:49 -------- d-----w- c:\docume~1\firefox\applic~1\Malwarebytes

2011-03-28 08:08:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-03-28 08:08:38 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2011-03-28 08:08:35 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-03-28 08:08:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-03-24 02:52:36 138536 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2011-03-24 02:52:29 270408 ----a-w- c:\windows\system32\PnkBstrB.xtr

2011-03-24 02:52:26 -------- d-----w- c:\docume~1\firefox\locals~1\applic~1\PunkBuster

2011-03-24 02:43:53 -------- d-----w- c:\docume~1\firefox\locals~1\applic~1\Ubisoft Game Launcher

2011-03-24 02:43:49 -------- d-----w- c:\docume~1\firefox\applic~1\Ubisoft

2011-03-24 02:24:58 270408 ----a-w- c:\windows\system32\PnkBstrB.exe

2011-03-24 02:24:58 270408 ----a-w- c:\windows\system32\PnkBstrB.ex0

2011-03-24 02:24:57 75136 ----a-w- c:\windows\system32\PnkBstrA.exe

2011-03-24 02:24:51 -------- d-----w- c:\docume~1\firefox\applic~1\PunkBuster

2011-03-19 02:08:30 -------- d-----w- c:\program files\Lame For Audacity

2011-03-17 07:39:21 -------- d-----w- c:\program files\Audacity

2011-03-13 01:30:20 25048 ----a-w- c:\program files\mozilla firefox\components\browserdirprovider.dll

2011-03-13 01:30:20 140248 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll

2011-03-02 07:06:39 -------- d-----w- c:\docume~1\firefox\applic~1\MSNInstaller

.

==================== Find3M ====================

.

2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll

2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll

2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll

2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe

2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll

2011-01-13 08:47:35 38848 ----a-w- c:\windows\avastSS.scr

2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys

.

============= FINISH: 1:22:38.64 ===============

(Sorry for the wait. Steps 1 - 3 complete.)

Link to post
Share on other sites

(Oh I'm terribly sorry! I posted the log from before I restarted my computer. Here is the log for Malwarebytes after removing the infected files.)

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6190

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.11

3/28/2011 1:15:45 AM

mbam-log-2011-03-28 (01-15-45).txt

Scan type: Quick scan

Objects scanned: 164609

Time elapsed: 4 minute(s), 55 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 4

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

c:\documents and settings\FireFox\local settings\application data\jnl.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\documents and settings\FireFox\local settings\application data\yiv.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by FireFox at 1:21:49.17 on Mon 03/28/2011

Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_23

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3050.2321 [GMT -7:00]

.

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\ibmpmsvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Intel\WiFi\bin\S24EvMon.exe

svchost.exe

svchost.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe

C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

C:\WINDOWS\System32\svchost.exe -k Akamai

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Intel\AMT\LMS.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PSIService.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

C:\WINDOWS\System32\TPHDEXLG.exe

C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe

C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe

c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe

C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE

c:\program files\lenovo\system update\suservice.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\TpShocks.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe

C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe

C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Lenovo\Zoom\TpScrex.exe

C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe

C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe

C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Lenovo\Client Security Solution\cssauth.exe

C:\Program Files\Lenovo\Camera Center\bin\LenovoCameraCenter.exe

C:\Program Files\Microsoft LifeChat\LifeChat.exe

C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe

C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe

C:\Program Files\Alwil Software\Avast5\avastUI.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\PROGRA~1\ThinkPad\UTILIT~1\PWMUIAux.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Windows Live\Toolbar\wltuser.exe

C:\Documents and Settings\FireFox\Desktop\dds.scr

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.yahoo.com/

uSearch Page =

uSearch Bar =

mDefault_Page_URL = hxxp://lenovo.live.com

uInternet Settings,ProxyOverride = *.local

mSearchAssistant =

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Yahooo Search Protection: {25bc7718-0bfa-40ea-b381-4b2d9732d686} - c:\program files\yahoo!\search protection\ysp.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: BrowserHelper Class: {8a9d74f9-560b-4fe7-abeb-3b2e638e5cd6} - c:\program files\sgpsa\SearchAssistant.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll

BHO: IePasswordManagerHelper Class: {bf468356-bb7e-42d7-9f15-4f3b9bcfced2} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe

uRun: [YSearchProtection] c:\program files\yahoo!\search protection\YspService.exe

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [picon] "c:\program files\common files\intel\privacy icon\PrivacyIconClient.exe" -startup

mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r

mRun: [<NO NAME>]

mRun: [TpShocks] TpShocks.exe

mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe

mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe

mRun: [LENOVO.TPFNF6R] c:\program files\lenovo\hotkey\TPFNF6R.exe

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe

mRun: [LPMailChecker] c:\progra~1\thinkv~1\prdctr\LPMLCHK.exe

mRun: [CameraApplicationLauncher] c:\program files\lenovo\camera center\bin\CameraApplicationLaunchpadLauncher.exe

mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor

mRun: [bLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog

mRun: [CreateLMBCShortCut] "c:\program files\lenovo\mobile broadband connect\UserShortcutCreator.exe"

mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent

mRun: [LifeChat] "c:\program files\microsoft lifechat\LifeChat.exe"

mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Message Center Plus] c:\program files\lenovo\message center plus\MCPLaunch.exe /start

mRun: [smartAudio] c:\program files\conexant\saii\SAIICpl.exe /t

mRun: [LenovoAutoScrollUtility] c:\program files\lenovo\virtscrl\virtscrl.exe

mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

IE: Open with WordPerfect - c:\program files\wordperfect office x3\programs\WPLauncher.hta

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL

IE: {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - c:\program files\yahoo!\search protection\ysp.dll

IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll

DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab

DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} - hxxp://avatar.mabinogi.com:88/renderer/mabiweb.2009.4.9.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: ACNotify - ACNotify.dll

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

LSA: Notification Packages = scecli ACGina

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\docume~1\firefox\applic~1\mozilla\firefox\profiles\p1wqlc8p.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll

FF - component: c:\documents and settings\firefox\application data\mozilla\firefox\profiles\p1wqlc8p.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

FF - component: c:\documents and settings\firefox\application data\mozilla\firefox\profiles\p1wqlc8p.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll

FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll

FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

.

============= SERVICES / DRIVERS ===============

.

R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2008-5-14 19496]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-2-4 294608]

R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2010-11-26 13480]

R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2006-4-29 14336]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-2-4 17744]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-2-4 40384]

R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2009-6-6 53248]

R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2009-4-16 63928]

R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2008-11-24 520192]

R2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\common files\intel\privacy icon\uns\UNS.exe [2009-6-6 2058776]

R3 5U875UVC;Integrated Camera;c:\windows\system32\drivers\5U875.sys [2009-6-6 72448]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2009-6-6 243856]

R3 LenovoRd;LenovoRd;c:\windows\system32\drivers\LenovoRd.sys [2009-6-6 81280]

R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2008-2-22 37312]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-4 135664]

S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2009-4-16 45496]

S2 SessionLauncher;SessionLauncher;c:\docume~1\admini~1\locals~1\temp\dx9\sessionlauncher.exe --> c:\docume~1\admini~1\locals~1\temp\dx9\SessionLauncher.exe [?]

S3 AhnRptTfFRegFNT;AhnRptTfFRegFNT;\??\c:\docume~1\firefox\locals~1\temp\nsu17.tmp\tffregnt.sys --> c:\docume~1\firefox\locals~1\temp\nsu17.tmp\TfFRegNt.sys [?]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-4-15 1120752]

.

=============== Created Last 30 ================

.

2011-03-28 08:08:49 -------- d-----w- c:\docume~1\firefox\applic~1\Malwarebytes

2011-03-28 08:08:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-03-28 08:08:38 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2011-03-28 08:08:35 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-03-28 08:08:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-03-24 02:52:36 138536 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2011-03-24 02:52:29 270408 ----a-w- c:\windows\system32\PnkBstrB.xtr

2011-03-24 02:52:26 -------- d-----w- c:\docume~1\firefox\locals~1\applic~1\PunkBuster

2011-03-24 02:43:53 -------- d-----w- c:\docume~1\firefox\locals~1\applic~1\Ubisoft Game Launcher

2011-03-24 02:43:49 -------- d-----w- c:\docume~1\firefox\applic~1\Ubisoft

2011-03-24 02:24:58 270408 ----a-w- c:\windows\system32\PnkBstrB.exe

2011-03-24 02:24:58 270408 ----a-w- c:\windows\system32\PnkBstrB.ex0

2011-03-24 02:24:57 75136 ----a-w- c:\windows\system32\PnkBstrA.exe

2011-03-24 02:24:51 -------- d-----w- c:\docume~1\firefox\applic~1\PunkBuster

2011-03-19 02:08:30 -------- d-----w- c:\program files\Lame For Audacity

2011-03-17 07:39:21 -------- d-----w- c:\program files\Audacity

2011-03-13 01:30:20 25048 ----a-w- c:\program files\mozilla firefox\components\browserdirprovider.dll

2011-03-13 01:30:20 140248 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll

2011-03-02 07:06:39 -------- d-----w- c:\docume~1\firefox\applic~1\MSNInstaller

.

==================== Find3M ====================

.

2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll

2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll

2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll

2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe

2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll

2011-01-13 08:47:35 38848 ----a-w- c:\windows\avastSS.scr

2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys

.

============= FINISH: 1:22:38.64 ===============

(For completeness)

Link to post
Share on other sites

You mean after the restart, right? Here is the DDS log after restart.

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by FireFox at 1:30:38.20 on Mon 03/28/2011

Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_23

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3050.2341 [GMT -7:00]

.

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\ibmpmsvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Intel\WiFi\bin\S24EvMon.exe

svchost.exe

svchost.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe

C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

C:\WINDOWS\System32\svchost.exe -k Akamai

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Intel\AMT\LMS.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PSIService.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

C:\WINDOWS\System32\TPHDEXLG.exe

C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe

C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe

c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe

C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE

c:\program files\lenovo\system update\suservice.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\TpShocks.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe

C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe

C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Lenovo\Zoom\TpScrex.exe

C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe

C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe

C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Lenovo\Client Security Solution\cssauth.exe

C:\Program Files\Lenovo\Camera Center\bin\LenovoCameraCenter.exe

C:\Program Files\Microsoft LifeChat\LifeChat.exe

C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe

C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe

C:\Program Files\Alwil Software\Avast5\avastUI.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\PROGRA~1\ThinkPad\UTILIT~1\PWMUIAux.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Windows Live\Toolbar\wltuser.exe

C:\Program Files\Common Files\Java\Java Update\jucheck.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\FireFox\Desktop\dds.scr

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.yahoo.com/

uSearch Page =

uSearch Bar =

mDefault_Page_URL = hxxp://lenovo.live.com

uInternet Settings,ProxyOverride = *.local

mSearchAssistant =

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Yahooo Search Protection: {25bc7718-0bfa-40ea-b381-4b2d9732d686} - c:\program files\yahoo!\search protection\ysp.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: BrowserHelper Class: {8a9d74f9-560b-4fe7-abeb-3b2e638e5cd6} - c:\program files\sgpsa\SearchAssistant.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll

BHO: IePasswordManagerHelper Class: {bf468356-bb7e-42d7-9f15-4f3b9bcfced2} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe

uRun: [YSearchProtection] c:\program files\yahoo!\search protection\YspService.exe

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [picon] "c:\program files\common files\intel\privacy icon\PrivacyIconClient.exe" -startup

mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r

mRun: [<NO NAME>]

mRun: [TpShocks] TpShocks.exe

mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe

mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe

mRun: [LENOVO.TPFNF6R] c:\program files\lenovo\hotkey\TPFNF6R.exe

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe

mRun: [LPMailChecker] c:\progra~1\thinkv~1\prdctr\LPMLCHK.exe

mRun: [CameraApplicationLauncher] c:\program files\lenovo\camera center\bin\CameraApplicationLaunchpadLauncher.exe

mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor

mRun: [bLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog

mRun: [CreateLMBCShortCut] "c:\program files\lenovo\mobile broadband connect\UserShortcutCreator.exe"

mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent

mRun: [LifeChat] "c:\program files\microsoft lifechat\LifeChat.exe"

mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Message Center Plus] c:\program files\lenovo\message center plus\MCPLaunch.exe /start

mRun: [smartAudio] c:\program files\conexant\saii\SAIICpl.exe /t

mRun: [LenovoAutoScrollUtility] c:\program files\lenovo\virtscrl\virtscrl.exe

mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

IE: Open with WordPerfect - c:\program files\wordperfect office x3\programs\WPLauncher.hta

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL

IE: {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - c:\program files\yahoo!\search protection\ysp.dll

IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll

DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab

DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} - hxxp://avatar.mabinogi.com:88/renderer/mabiweb.2009.4.9.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: ACNotify - ACNotify.dll

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

LSA: Notification Packages = scecli ACGina

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\docume~1\firefox\applic~1\mozilla\firefox\profiles\p1wqlc8p.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll

FF - component: c:\documents and settings\firefox\application data\mozilla\firefox\profiles\p1wqlc8p.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

FF - component: c:\documents and settings\firefox\application data\mozilla\firefox\profiles\p1wqlc8p.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll

FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll

FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

.

============= SERVICES / DRIVERS ===============

.

R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2008-5-14 19496]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-2-4 294608]

R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2010-11-26 13480]

R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2006-4-29 14336]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-2-4 17744]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-2-4 40384]

R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2009-6-6 53248]

R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2009-4-16 63928]

R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2008-11-24 520192]

R2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\common files\intel\privacy icon\uns\UNS.exe [2009-6-6 2058776]

R3 5U875UVC;Integrated Camera;c:\windows\system32\drivers\5U875.sys [2009-6-6 72448]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2009-6-6 243856]

R3 LenovoRd;LenovoRd;c:\windows\system32\drivers\LenovoRd.sys [2009-6-6 81280]

R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2008-2-22 37312]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-4 135664]

S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2009-4-16 45496]

S2 SessionLauncher;SessionLauncher;c:\docume~1\admini~1\locals~1\temp\dx9\sessionlauncher.exe --> c:\docume~1\admini~1\locals~1\temp\dx9\SessionLauncher.exe [?]

S3 AhnRptTfFRegFNT;AhnRptTfFRegFNT;\??\c:\docume~1\firefox\locals~1\temp\nsu17.tmp\tffregnt.sys --> c:\docume~1\firefox\locals~1\temp\nsu17.tmp\TfFRegNt.sys [?]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-4-15 1120752]

.

=============== Created Last 30 ================

.

2011-03-28 08:08:49 -------- d-----w- c:\docume~1\firefox\applic~1\Malwarebytes

2011-03-28 08:08:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-03-28 08:08:38 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2011-03-28 08:08:35 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-03-28 08:08:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-03-24 02:52:36 138536 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2011-03-24 02:52:29 270408 ----a-w- c:\windows\system32\PnkBstrB.xtr

2011-03-24 02:52:26 -------- d-----w- c:\docume~1\firefox\locals~1\applic~1\PunkBuster

2011-03-24 02:43:53 -------- d-----w- c:\docume~1\firefox\locals~1\applic~1\Ubisoft Game Launcher

2011-03-24 02:43:49 -------- d-----w- c:\docume~1\firefox\applic~1\Ubisoft

2011-03-24 02:24:58 270408 ----a-w- c:\windows\system32\PnkBstrB.exe

2011-03-24 02:24:58 270408 ----a-w- c:\windows\system32\PnkBstrB.ex0

2011-03-24 02:24:57 75136 ----a-w- c:\windows\system32\PnkBstrA.exe

2011-03-24 02:24:51 -------- d-----w- c:\docume~1\firefox\applic~1\PunkBuster

2011-03-19 02:08:30 -------- d-----w- c:\program files\Lame For Audacity

2011-03-17 07:39:21 -------- d-----w- c:\program files\Audacity

2011-03-13 01:30:20 25048 ----a-w- c:\program files\mozilla firefox\components\browserdirprovider.dll

2011-03-13 01:30:20 140248 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll

2011-03-02 07:06:39 -------- d-----w- c:\docume~1\firefox\applic~1\MSNInstaller

.

==================== Find3M ====================

.

2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll

2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll

2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll

2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe

2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll

2011-01-13 08:47:35 38848 ----a-w- c:\windows\avastSS.scr

2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys

.

============= FINISH: 1:30:52.25 ===============

Everything seems to be in order actually. Is that really the end of it? I get nervous over things like this.

Link to post
Share on other sites

You mean after the restart, right? Here is the DDS log after restart.

I mean, that require a log file from the DDS after key actions, so that after you making them and generate a new log file from the DDS, I'll see if and what changed.

Everything seems to be in order actually. Is that really the end of it? I get nervous over things like this.

This is why I ask you. DDS shows that the problem is gone.

Link to post
Share on other sites

I'm sorry if I'm a little confused over the first thing you said. It's somewhat late. Let's see if I can tassle with it. You wanted a log after every key action I did. Meaning after the Malwarebytes scan had removed/quarantined the infected files, am I mistaken? (If not, I provided that in my last post. :) )

Again, everything seems to be in order. I cannot thank you enough for everything you have done. (And in the short amount of time too!) You have my eternal gratitude. :)

Link to post
Share on other sites

No, I just want to explain you how I work and how I know what is going on there. Thanks for your kind words!

Last steps for you:

Step 1

Please manually delete DDS, RKill and Malwarebytes' Anti-Malware installer.

Step 2

Keep your software up-to-date:

http://www.bleepingcomputer.com/tutorials/tutorial174.html

Some malware preventions:

http://forums.malwarebytes.org/index.php?showtopic=9365

Safe surfing! :)

Link to post
Share on other sites

Oh! I understand now. Thank you for clarifying.

Also, i was just about to ask about what to do with the DDS, RKill and Malwarebytes' Anti-Malware installer. Step 1 complete.

Step 2 -In process-

But for now I must go to bed. I can't emphasize enough how truly grateful I am.

Goodbye. :)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.