Application cannot be executed. The file ***.exe is infected....

[Machiavelli999]

I have seen many instances of this being posted and I have the same problem. The only thing I should say is that I literally cannot get anything to run. Meaning I don't have a browser on the infected computer and am typing this from another computer. Please keep this in mind because all of the fixes so far have been instruction to download file "X". I can do this and transfer it via a USB flash drive if that's what you want, but just keep this in mind while giving me directions. Thanks in advance for your help.

[Dr Jay]

Hello, and welcome to Computer Hope.

Please note the following information about the malware forum:

• Only the Malware Specialist Team is allowed to give advice on removing malware from your computer.
  
• From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by the staff I noted above.
  
• Please do not attach logs or post them in Quote/Code boxes unless requested.
  
• Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
• If you have already asked for help somewhere, please post the link to the topic you were helped.
• We try our best to reply quickly, but for any reason we do not reply in two days, reply to this topic with the word BUMP
  
• Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

Please download and run RKill.

Download mirror 1 - Download mirror 2 - Download mirror 3

• Save it to your Desktop.
• Double click the RKill desktop icon.
• It will quickly run and launch a log. If it does not launch a log, try another download link until it does.
• Please post its log in your next reply.
• After it has run successfully, delete RKill.

Note: This tool only kills the active infection, the actual infection will not be gone. Once you reboot the infection will be active again! Please do not reboot until instructed further to do so.


Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.

[Machiavelli999]

Here is the log:



This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as tatyana on 07/24/2010 at 13:23:59.


Processes terminated by Rkill or while it was running:


C:\Users\tatyana\Program Files\DNA\btdna.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\tatyana\Downloads\Desktop\Desktop\Desktop\rkill.exe


Rkill completed on 07/24/2010  at 13:24:06.

[Dr Jay]

Now, ComboFix, please.

[Machiavelli999]

Here is the log from ComboFix



ComboFix 10-07-24.03 - tatyana 07/25/2010  11:50:02.1.2 - x86
Microsoft® Windows Vista™ Home Basic   6.0.6001.1.1252.1.1033.18.2013.916 [GMT -7:00]
Running from: c:\users\tatyana\Downloads\Desktop\Desktop\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\users\tatyana\AppData\Local\vahrdsklv
c:\users\tatyana\AppData\Local\vahrdsklv\kfmqnoctssd.exe
c:\windows\system32\Thumbs.db
Q:\Autorun.inf
S:\AUTORUN.INF

----- BITS: Possible infected sites -----

hxxp://dibs.ddni.net
.
(((((((((((((((((((((((((   Files Created from 2010-06-25 to 2010-07-25  )))))))))))))))))))))))))))))))
.

2010-07-25 19:00 . 2010-07-25 19:06   --------   d-----w-   c:\users\tatyana\AppData\Local\temp
2010-07-23 02:43 . 2010-07-23 02:43   --------   d-----w-   c:\users\tatyana\AppData\Roaming\Avira
2010-07-22 01:35 . 2010-07-22 01:35   --------   d-----w-   c:\programdata\Avira
2010-07-22 01:35 . 2010-07-22 01:35   --------   d-----w-   c:\program files\Avira
2010-07-22 01:35 . 2010-03-01 17:05   124784   ----a-w-   c:\windows\system32\drivers\avipbb.sys
2010-07-22 01:35 . 2010-02-16 21:24   60936   ----a-w-   c:\windows\system32\drivers\avgntflt.sys
2010-07-22 01:35 . 2009-05-11 19:49   51992   ----a-w-   c:\windows\system32\drivers\avgntdd.sys
2010-07-22 01:35 . 2009-05-11 19:49   17016   ----a-w-   c:\windows\system32\drivers\avgntmgr.sys
2010-06-30 03:16 . 2010-06-30 03:16   --------   d-----w-   C:\found.000

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-25 19:06 . 2010-05-30 21:22   --------   d-----w-   c:\users\tatyana\AppData\Roaming\Skype
2010-07-25 19:04 . 2009-03-19 05:05   --------   d-----w-   c:\users\tatyana\AppData\Roaming\DNA
2010-07-22 00:29 . 2009-05-22 21:06   6756   ----a-w-   c:\users\tatyana\AppData\Local\d3d9caps.dat
2010-06-30 03:11 . 2009-04-10 04:27   --------   d-----w-   c:\users\tatyana\AppData\Roaming\BitTorrent
2010-06-29 23:35 . 2010-05-30 21:23   --------   d-----w-   c:\users\tatyana\AppData\Roaming\skypePM
2010-06-16 04:27 . 2010-06-16 04:26   --------   d-----w-   c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-06-16 04:27 . 2010-06-16 04:26   --------   d-----w-   c:\program files\iTunes
2010-06-16 04:26 . 2010-06-16 04:26   --------   d-----w-   c:\program files\iPod
2010-06-16 04:26 . 2009-06-25 04:25   --------   d-----w-   c:\program files\Common Files\Apple
2010-06-16 04:24 . 2010-06-16 04:24   --------   d-----w-   c:\program files\QuickTime
2010-06-16 04:20 . 2010-06-16 04:20   --------   d-----w-   c:\program files\Bonjour
2010-06-16 04:07 . 2010-06-16 04:07   73000   ----a-w-   c:\programdata\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-06-11 23:51 . 2010-06-11 23:51   3055600   ----a-w-   c:\users\tatyana\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
2010-06-11 23:36 . 2010-06-11 23:36   275952   ----a-w-   c:\users\tatyana\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
2010-05-30 21:23 . 2010-05-30 21:23   56   ---ha-w-   c:\programdata\ezsidmv.dat
2010-05-30 21:22 . 2010-05-30 21:22   --------   d-----r-   c:\program files\Skype
2010-05-30 21:22 . 2010-05-30 21:22   --------   d-----w-   c:\program files\Common Files\Skype
2010-05-30 21:22 . 2010-05-30 21:22   --------   d-----w-   c:\programdata\Skype
2010-05-26 16:16 . 2010-06-10 22:55   34304   ----a-w-   c:\windows\system32\atmlib.dll
2010-05-26 14:25 . 2010-06-10 22:55   289792   ----a-w-   c:\windows\system32\atmfd.dll
2010-05-21 21:14 . 2009-10-02 21:56   221568   ------w-   c:\windows\system32\MpSigStub.exe
2010-05-04 18:42 . 2010-06-10 22:55   833024   ----a-w-   c:\windows\system32\wininet.dll
2010-05-04 18:37 . 2010-06-10 22:55   78336   ----a-w-   c:\windows\system32\ieencode.dll
2010-05-04 16:53 . 2010-06-10 22:55   26624   ----a-w-   c:\windows\system32\ieUnatt.exe
2010-05-01 13:53 . 2010-06-10 22:55   2036224   ----a-w-   c:\windows\system32\win32k.sys
2009-03-11 15:59 . 2009-03-11 15:59   8192   --sh--w-   c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"Google Update"="c:\users\tatyana\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-03-19 133104]
"BitTorrent DNA"="c:\users\tatyana\Program Files\DNA\btdna.exe" [2009-11-08 323392]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2007-07-11 569344]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-07-30 60192]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-10 1045800]
"TpShocks"="TpShocks.exe" [2008-06-07 181536]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\LVOSDSVC.exe" [2008-03-24 64368]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-06-04 242976]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-05 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-05 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-05 154136]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-05-24 487424]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2008-04-25 244208]
"RoxioDragToDisc"="c:\program files\Lenovo\Drag-to-Disc\DrgToDsc.exe" [2007-03-13 1116920]
"AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2007-02-01 419376]
"LPManager"="c:\progra~1\Lenovo\LENOVO~2\LPMGR.exe" [2008-06-08 165208]
"LPMailChecker"="c:\progra~1\Lenovo\LENOVO~2\LPMLCHK.exe" [2008-06-08 124248]
"CameraApplicationLauncher"="c:\program files\Lenovo\Camera Center\bin\CameraApplicationLaunchpadLauncher.exe" [2008-08-12 16384]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2008-10-26 632096]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BTVLogEx.DLL" [2008-10-26 214576]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2008-10-27 431392]
"ACWlIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWlIcon.exe" [2008-10-27 148768]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2008-06-25 3077432]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

c:\users\tatyana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

R1 tvtumon;tvtumon;c:\windows\system32\DRIVERS\tvtumon.sys [2008-05-24 48192]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [2008-04-25 362992]
R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2008-04-25 309744]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2008-04-25 166384]
R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe

R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [2008-05-24 253952]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2008-04-25 313840]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-04-25 1120752]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2008-05-14 19496]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2008-05-12 13480]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 DDNIService;DDNIService;c:\program files\DDNI\DIBS\DDNIService.exe [2008-04-08 166376]
S2 LFKAS;Service of LFKA;c:\program files\Lenovo\ATK Hotkey\LFKAS.exe [2008-03-20 208896]
S2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2008-10-26 66848]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2008-08-08 53325]
S2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2008-05-24 520192]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-09-21 112128]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork   REG_MULTI_SZ      PLA DPS BFE mpssvc
.
Contents of the 'Scheduled Tasks' folder

2010-07-24 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 22:54]

2010-07-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3575025562-1746236637-2735068980-1003Core.job
- c:\users\tatyana\AppData\Local\Google\Update\GoogleUpdate.exe [2009-03-19 04:54]

2010-07-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3575025562-1746236637-2735068980-1003UA.job
- c:\users\tatyana\AppData\Local\Google\Update\GoogleUpdate.exe [2009-03-19 04:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5643
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {9BE31822-FDAD-461B-AD51-BE1D1C159921} - hxxp://iptv.kartina.tv/install/VLC%20TV%20Player.cab
FF - ProfilePath - c:\users\tatyana\AppData\Roaming\Mozilla\Firefox\Profiles\wcuktnpp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Kartina.TV\VLC\npvlc.dll
FF - plugin: c:\users\tatyana\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\tatyana\AppData\Roaming\Move Networks\plugins\npqmp071500000347.dll
FF - plugin: c:\users\tatyana\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\tatyana\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\users\tatyana\Program Files\DNA\plugins\npbtdna.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_ everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_a s_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Yahoo Messsenger - c:\users\tatyana\AppData\Roaming\support\svchost.exe
HKCU-Run-xljmvenr - c:\users\tatyana\AppData\Local\vahrdsklv\kfmqnoctssd.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-25 12:05
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(2428)
c:\program files\InterVideo\Common\Bin\IVIVIDEO.ax
c:\program files\Lenovo\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Lenovo\Drag-to-Disc\ShellRes.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Lenovo\ATK Hotkey\ASLDRSrv.exe
c:\program files\Lenovo\ATK Hotkey\GFNEXSrv.exe
c:\windows\system32\WLANExt.exe
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\System32\TPHDEXLG.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Lenovo\ATK Hotkey\LCONTROL.exe
c:\program files\Lenovo\ATK Hotkey\LFKA.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\windows\System32\osk.exe
c:\windows\System32\TpShocks.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\ThinkPad\Utilities\EZEJMNAP.EXE
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\program files\Synaptics\SynTP\SynTPLpr.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Lenovo\LenovoCare\LPMGR.EXE
c:\program files\Lenovo\LenovoCare\LPMLCHK.EXE
c:\windows\System32\rundll32.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\iPod\bin\iPodService.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
c:\progra~1\ThinkPad\UTILIT~1\PWMUIAux.exe
.
**************************************************************************
.
Completion time: 2010-07-25  12:12:34 - machine was rebooted
ComboFix-quarantined-files.txt  2010-07-25 19:12

Pre-Run: 55,938,433,024 bytes free
Post-Run: 56,900,313,088 bytes free

- - End Of File - - C01724B597EFDCBE1E793F2A3E040EFD

[Dr Jay]

Re-running ComboFix to remove infections:

• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Open notepad and copy/paste the text in the codebox below into it:
  

Code: [Select]

DDS::
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5643

• Save this as CFScript.txt, in the same location as ComboFix.exe
  
  
  
  
• Referring to the picture above, drag CFScript into ComboFix.exe
• When finished, it shall produce a log for you at C:\ComboFix.txt
  
• Please post the contents of the log in your next reply.

Please download Malwarebytes Anti-Malware from Malwarebytes.org.
Alternate link: BleepingComputer.com.
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
• Please save the log to a location you will remember.
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  
• Copy and paste the entire report in your next reply.