Laptop randomly uninstalls a bunch of programs

**Jaggy** · August 14th, 2010, 12:20 PM

Hi there,

I have a Lenovo laptop. Here are the specs:
intel (R ) core (TM)2 duo cpu T5250 @ 1.50 GHz
2 gigs of ram
Vista OS

Recently I installed divX plus converter from divX.com and I only installed 2 of the 4 components (the codex and the converter only). The installer told me to reboot and when the laptop finally reboots, a bunch of the shortcuts on my desktop have the cannot find exe icon. I looked in the program files and a bunch of the programs in question had empty folders. Looking throught Add/Remove programs, those programs were gone too. I tried rebooting again and the programs were still gone. Here's a list of some of the programs:
- adaware
- photoshop
- real player
- itunes
- adobe professional and reader
- microsoft office
- vlc media player
- audacity
- winzip
- winrar
Unfortunately, I only notice now that there are no system restore points set up on my laptop.

I updated my Avira antivirus program after uninstalling the divx stuff and did the complete scan in both safe mode and regular mode. Nothing was found.
I am now proceeding to use malwarebytes if that program finds anything.

Im not sure if the uninstalled programs were a result of a virus or something malicious or whether it was due to physical damage that happened to it recently. My laptop dropped on the floor...twice

.

Any help would be greatly appreciated. Thanks.

**Train** · August 14th, 2010, 12:25 PM

That does not sound good.

Follow the instructions here
http://discussions.virtualdr.com/sho...d.php?t=167915
And post in this thread as I will move it the intensive care forum.

**Jaggy** · August 14th, 2010, 01:08 PM

Malwarebytes log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4428

Windows 6.0.6000
Internet Explorer 8.0.6001.18904

14/08/2010 12:52:22 PM
mbam-log-2010-08-14 (12-52-22).txt

Scan type: Quick scan
Objects scanned: 131841
Time elapsed: 8 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

**Jaggy** · August 14th, 2010, 02:24 PM

GMER:

Tried running the scan, but got the blue screen of death. Tried once more, got the blue screen again.

Moving on to Step 3 (DDS)...

**Jaggy** · August 14th, 2010, 02:49 PM

DDS log (posted in two parts because it goes over the character limit on the forums. Sorry):

DDS (Ver_10-03-17.01) - NTFSx86
Run by Emily at 14:43:44.49 on 14/08/2010
Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_20
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.2.1033.18.2038.1136 [GMT -4:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: AntiVir Desktop *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\vsnp2uvc.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\EzButton\EzButton.EXE
C:\Program Files\Lenovo\EnergyCut\utilty.exe
C:\Program Files\Lenovo\EnergyCut\EnergyCut.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Lenovo\VeriFace\PManage.exe
C:\Program Files\Lenovo\ShuttleCenter\PCMService.exe
D:\Program Files\adobeacrobat\Distillr\acrotray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\Emily\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\explorer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\conime.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Emily\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - d:\program files\adobeacrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} -

c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows

live\WindowsLiveLogin.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - d:\program files\adobeacrobat\acrobat\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - d:\program files\adobeacrobat\acrobat\AcroIEFavClient.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - d:\program files\adobeacrobat\acrobat\AcroIEFavClient.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [Google Update] "c:\users\emily\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [snp2uvc] c:\windows\vsnp2uvc.exe
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [EzButton] c:\progra~1\ezbutton\EzButton.EXE
mRun: [EnergyUtility] c:\program files\lenovo\energycut\utilty.exe
mRun: [EnergyCut] c:\program files\lenovo\energycut\EnergyCut.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [VeriFacePassManager] c:\program files\lenovo\veriface\PManage.exe
mRun: [PCMService] "c:\program files\lenovo\shuttlecenter\PCMService.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Acrobat Assistant 7.0] "d:\program files\adobeacrobat\distillr\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [MaxMenuMgr] "d:\program files\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "d:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\emily\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3

\program\quickstart.exe
StartupFolder: c:\users\emily\appdata\roaming\micros~1\windows\startm~1\programs\startup\skysca~1.lnk - c:\program files\common

files\skyscape\SmartUpdate.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}

\SC_Acrobat.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma

Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - d:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - d:\program files\winzip\WZQKPICK.EXE
IE: Convert link target to Adobe PDF - d:\program files\adobeacrobat\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - d:\program files\adobeacrobat\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - d:\program files\adobeacrobat\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - d:\program files\adobeacrobat\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - d:\program files\adobeacrobat\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - d:\program files\adobeacrobat\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - d:\program files\adobeacrobat\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - d:\program files\adobeacrobat\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - d:\progra~1\micros~1\office10\EXCEL.EXE/3000
IE: {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - c:\program files\lenovo\veriface\OpenWnd.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\emily\appdata\roaming\mozilla\firefox\profiles\0rr64awa.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\emily\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\emily\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\emily\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin2.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin3.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin4.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin5.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin6.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin7.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5

\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name",

"chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description",

"chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-6-6 64288]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-12-13 28544]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-5-17 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-5-17 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-5-17 267432]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-5-17 60936]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [2007-10-26 11776]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-2-8 179712]
R3 CapFilt;CapFilt;c:\windows\system32\drivers\CapFilt.sys [2007-10-26 17536]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-7-12 1352832]
S2 FreeAgentGoNext Service;Seagate Service;"d:\program files\seagatemanager\sync\freeagentservice.exe" --> d:\program

files\seagatemanager\sync\FreeAgentService.exe [?]

=============== Created Last 30 ================

2010-08-14 17:42:04 243886436 ----a-w- c:\windows\MEMORY.DMP
2010-08-13 23:58:55 0 dc-h--w- c:\programdata\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-08-13 23:32:57 0 d-----w- c:\program files\DivX
2010-08-13 23:32:24 0 d-----w- c:\programdata\DivX

(to be cont'd..)

**Jaggy** · August 14th, 2010, 02:50 PM

DDS log cont'd:

==================== Find3M ====================

2010-07-12 08:55:39 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-07-12 08:55:38 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-06-23 04:07:49 86016 ----a-w- c:\windows\inf\infstor.dat
2010-06-23 04:07:49 51200 ----a-w- c:\windows\inf\infpub.dat
2010-06-23 04:07:48 86016 ----a-w- c:\windows\inf\infstrng.dat
2010-05-21 18:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-18 20:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 20:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2008-12-20 16:57:11 174 --sha-w- c:\program files\desktop.ini
2008-07-05 03:20:30 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-10-17 14:03:03 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-10-14 19:33:41 393216 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-10-14 18:22:04 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat

============= FINISH: 14:44:57.81 ===============

**Jaggy** · August 14th, 2010, 02:53 PM

ATTACH log:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 26/10/2007 12:05:28 AM
System Uptime: 14/08/2010 2:31:19 PM (0 hours ago)

Motherboard: LENOVO | | IGT30
Processor: Intel(R) Core(TM)2 Duo CPU T5250 @ 1.50GHz | U2E1 |

1500/mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 29 GiB total, 3.014 GiB free.
D: is FIXED (NTFS) - 106 GiB total, 8.49 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0011
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0011
Service: tunnel

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office system
AC3Filter (remove only)
Activation Assistant for the 2007 Microsoft Office suites
Ad-Aware
Adobe Acrobat 7.0 Professional
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop 7.0
Adobe Reader 8.1.6
ALPS Touch Pad Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
Avira AntiVir Personal - Free Antivirus
Bonjour
Broadcom Gigabit Integrated Controller
Business Contact Manager for Outlook 2007 SP1
CCleaner
Chinese Traditional Fonts Support For Adobe Reader 8
DivX Player
Easy Button
EasyCapture
EnergyCut
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
Google Talk Plugin
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ImgBurn
Intel(R) Graphics Media Accelerator Driver
iTunes
Java Auto Updater
Java(TM) 6 Update 20
Java(TM) 6 Update 3
Junk Mail filter update
LAME v3.98.2 for Audacity
LiveUpdate 3.2 (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft Office XP Professional with FrontPage
Microsoft Search Enhancement Pack
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Motorola SM56 Data Fax Modem
Mozilla Firefox (3.6.8)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OpenOffice.org 3.1
Panda ActiveScan 2.0
Power2Go 5.0
QuickTime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.0
Rhapsody Player Engine
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
Seagate Manager Installer
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
ShuttleCenter
smARTupdate
Spelling Dictionaries Support For Adobe Reader 8
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office Outlook 2007 (KB969907)
Update for Outlook 2007 Junk Email Filter (kb972691)
USB Video Device
VeriFace
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.0.3
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Upload Tool
Windows Media Player Firefox Plugin
WinRAR archiver
WinZip 11.1
Xvid 1.1.3 final uninstall

==== Event Viewer Messages From Past Week ========

14/08/2010 2:07:07 PM, Error: EventLog [6008] - The previous system

shutdown at 2:04:56 PM on 14/08/2010 was unexpected.
14/08/2010 1:42:03 PM, Error: EventLog [6008] - The previous system

shutdown at 1:40:12 PM on 14/08/2010 was unexpected.
14/08/2010 1:28:18 PM, Error: EventLog [6008] - The previous system

shutdown at 1:26:27 PM on 14/08/2010 was unexpected.
13/08/2010 9:02:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] -

DCOM got error "1084" attempting to start the service WSearch with arguments

"" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
13/08/2010 9:02:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] -

DCOM got error "1084" attempting to start the service WSearch with arguments

"" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
13/08/2010 9:02:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] -

DCOM got error "1068" attempting to start the service netprofm with arguments

"" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
13/08/2010 9:02:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] -

DCOM got error "1068" attempting to start the service netman with arguments ""

in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
13/08/2010 9:02:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] -

DCOM got error "1068" attempting to start the service fdPHost with arguments ""

in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
13/08/2010 9:02:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] -

DCOM got error "1084" attempting to start the service EventSystem with

arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-

00C04FB926AF}
13/08/2010 9:02:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] -

DCOM got error "1084" attempting to start the service ShellHWDetection with

arguments "" in order to run the server: {DD522ACC-F821-461A-A407-

50B198B896DC}
13/08/2010 8:00:00 PM, Error: Service Control Manager [7000] - The Lbd

service failed to start due to the following error: The system cannot find the file

specified.
13/08/2010 7:59:45 PM, Error: Service Control Manager [7030] - The Lavasoft

Ad-Aware Service service is marked as an interactive service. However, the

system is configured to not allow interactive services. This service may not

function properly.
13/08/2010 10:14:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] -

DCOM got error "1053" attempting to start the service iPod Service with

arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-

E8CA06504DDE}
11/08/2010 10:06:34 PM, Error: Service Control Manager [7009] - A timeout

was reached (30000 milliseconds) while waiting for the Windows Media Player

Network Sharing Service service to connect.
11/08/2010 10:06:34 PM, Error: Service Control Manager [7000] - The

Windows Media Player Network Sharing Service service failed to start due to

the following error: The service did not respond to the start or control request in

a timely fashion.
07/08/2010 1:14:49 PM, Error: Service Control Manager [7000] - The Parallel

port driver service failed to start due to the following error: The service cannot

be started, either because it is disabled or because it has no enabled devices

associated with it.

==== End Of File ===========================

**Broni** · August 14th, 2010, 03:39 PM

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

**Jaggy** · August 14th, 2010, 05:03 PM

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: (build 6000), 32-bit
Base Board Manufacturer: LENOVO
BIOS Manufacturer: LENOVO
System Manufacturer: LENOVO
System Product Name: LENOVO3000 Y410
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 150):
0x82000000 \SystemRoot\system32\ntkrnlpa.exe
0x823A1000 \SystemRoot\system32\hal.dll
0x802C6000 \SystemRoot\system32\kdcom.dll
0x80266000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8025D000 \SystemRoot\system32\PSHED.dll
0x80255000 \SystemRoot\system32\BOOTVID.dll
0x8021A000 \SystemRoot\system32\CLFS.SYS
0x8051F000 \SystemRoot\system32\CI.dll
0x804A4000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8020D000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80461000 \SystemRoot\system32\drivers\acpi.sys
0x80204000 \SystemRoot\system32\drivers\WMILIB.SYS
0x80459000 \SystemRoot\system32\drivers\msisadrv.sys
0x80434000 \SystemRoot\system32\drivers\pci.sys
0x80425000 \SystemRoot\system32\drivers\volmgr.sys
0x80201000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8041B000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8040B000 \SystemRoot\System32\drivers\mountmgr.sys
0x80404000 \SystemRoot\system32\drivers\intelide.sys
0x807F2000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x807EC000 \SystemRoot\system32\drivers\pavboot.sys
0x807A2000 \SystemRoot\System32\drivers\volmgrx.sys
0x8079A000 \SystemRoot\system32\drivers\atapi.sys
0x8077C000 \SystemRoot\system32\drivers\ataport.SYS
0x8074B000 \SystemRoot\system32\drivers\fltmgr.sys
0x8073B000 \SystemRoot\system32\drivers\fileinfo.sys
0x8072C000 \SystemRoot\system32\DRIVERS\Lbd.sys
0x80722000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8061E000 \SystemRoot\system32\drivers\ndis.sys
0x81FD5000 \SystemRoot\system32\drivers\msrpc.sys
0x81F9C000 \SystemRoot\system32\drivers\NETIO.SYS
0x81E94000 \SystemRoot\System32\Drivers\Ntfs.sys
0x81E2A000 \SystemRoot\System32\Drivers\ksecdd.sys
0x87BCA000 \SystemRoot\system32\drivers\volsnap.sys
0x80616000 \SystemRoot\System32\Drivers\spldr.sys
0x80607000 \SystemRoot\System32\drivers\partmgr.sys
0x81E1B000 \SystemRoot\System32\Drivers\mup.sys
0x87BA5000 \SystemRoot\System32\drivers\ecache.sys
0x81E0A000 \SystemRoot\system32\drivers\disk.sys
0x87B84000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x81E01000 \SystemRoot\system32\drivers\crcdisk.sys
0x8AC1A000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8ACAF000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8AC0C000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8ACB8000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8B008000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8B764000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8AC78000 \SystemRoot\System32\drivers\watchdog.sys
0x8AC01000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8B6D7000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8AC6A000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8AC58000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8BBD8000 \SystemRoot\system32\DRIVERS\NETw4v32.sys
0x8B6A8000 \SystemRoot\system32\DRIVERS\b57nd60x.sys
0x88528000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8AC4A000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8B690000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x88910000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x8B67C000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x8B62B000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x8ADD4000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8891F000 \SystemRoot\system32\DRIVERS\AcpiVpc.sys
0x8B618000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8AC40000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
0x8B60D000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8BBAC000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0x8B602000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8BB94000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8AC2B000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8BB69000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8BAC9000 \SystemRoot\system32\DRIVERS\storport.sys
0x8BABE000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8BAA7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8BA9C000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8BA79000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8892E000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8BA66000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8893D000 \SystemRoot\system32\DRIVERS\termdd.sys
0x88831000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8BA24000 \SystemRoot\system32\DRIVERS\ks.sys
0x8BA1A000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8BA4E000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8BEFC000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x88568000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8C051000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8BECF000 \SystemRoot\system32\drivers\portcls.sys
0x8BEAA000 \SystemRoot\system32\drivers\drmk.sys
0x8C310000 \SystemRoot\system32\DRIVERS\smserial.sys
0x8BF30000 \SystemRoot\system32\drivers\modem.sys
0x8AD12000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8AD57000 \SystemRoot\System32\Drivers\Null.SYS
0x8AD5E000 \SystemRoot\System32\Drivers\Beep.SYS
0x8BE5E000 \SystemRoot\System32\drivers\vga.sys
0x8BE3D000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x888AB000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x888B3000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8BA5B000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8BE0F000 \SystemRoot\System32\Drivers\Npfs.SYS
0x885E7000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8C52B000 \SystemRoot\System32\drivers\tcpip.sys
0x8C038000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8C023000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8C00F000 \SystemRoot\system32\DRIVERS\smb.sys
0x8C219000 \SystemRoot\system32\drivers\afd.sys
0x8C4F9000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8C203000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8BE01000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8C4E6000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8BB0F000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x8C4AB000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8BE9A000 \??\C:\PROGRA~1\EzButton\DPortIO.sys
0x8BA00000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8C494000 \SystemRoot\System32\Drivers\dfsc.sys
0x8C472000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x88****** \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0x8D0D8000 \SystemRoot\system32\DRIVERS\snp2uvc.sys
0x8BF4A000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x8AD96000 \SystemRoot\system32\DRIVERS\sncduvc.SYS
0x88821000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8B719000 \SystemRoot\System32\Drivers\CapFilt.SYS
0x8BF57000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8C260000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8884B000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x96600000 \SystemRoot\System32\win32k.sys
0x8C408000 \SystemRoot\System32\drivers\Dxapi.sys
0x8894C000 \SystemRoot\system32\DRIVERS\monitor.sys
0xA7400000 \SystemRoot\System32\TSDDD.dll
0xA7410000 \SystemRoot\System32\cdd.dll
0x968E5000 \SystemRoot\system32\drivers\luafv.sys
0x968C4000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xA9C52000 \SystemRoot\system32\drivers\spsys.sys
0x88498000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xAA5D5000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xA9CFE000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA9608000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xAA717000 \SystemRoot\system32\drivers\HTTP.sys
0xAA6BC000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xAA597000 \SystemRoot\system32\DRIVERS\bowser.sys
0xAA583000 \SystemRoot\System32\drivers\mpsdrv.sys
0xAA563000 \SystemRoot\system32\drivers\mrxdav.sys
0xAA545000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xAA50C000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xAA4FA000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xAA4D6000 \SystemRoot\System32\DRIVERS\srv2.sys
0xAA485000 \SystemRoot\System32\DRIVERS\srv.sys
0xAB8E2000 \SystemRoot\system32\drivers\peauth.sys
0xA9D12000 \SystemRoot\System32\Drivers\secdrv.SYS
0x8C26B000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA8457000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x779E0000 \Windows\System32\ntdll.dll

Processes (total 77):
0 System Idle Process
4 System
396 C:\Windows\System32\smss.exe
472 csrss.exe
512 C:\Windows\System32\wininit.exe
524 csrss.exe
556 C:\Windows\System32\services.exe
572 C:\Windows\System32\lsass.exe
580 C:\Windows\System32\lsm.exe
652 C:\Windows\System32\winlogon.exe
764 C:\Windows\System32\svchost.exe
840 C:\Windows\System32\svchost.exe
888 C:\Windows\System32\svchost.exe
972 C:\Windows\System32\svchost.exe
996 C:\Windows\System32\svchost.exe
1008 C:\Windows\System32\svchost.exe
1144 C:\Windows\System32\audiodg.exe
1172 C:\Windows\System32\svchost.exe
1192 C:\Windows\System32\SLsvc.exe
1256 C:\Windows\System32\svchost.exe
1444 C:\Windows\System32\svchost.exe
1620 C:\Windows\System32\spoolsv.exe
1644 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1656 C:\Windows\System32\svchost.exe
1872 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1888 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1900 C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
1920 C:\Program Files\Bonjour\mDNSResponder.exe
1968 C:\Windows\System32\svchost.exe
2032 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
428 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
460 C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
576 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
896 C:\Windows\System32\svchost.exe
1324 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
1436 C:\Windows\System32\svchost.exe
1712 C:\Windows\System32\SearchIndexer.exe
2352 C:\Windows\System32\taskeng.exe
2388 C:\Windows\System32\dwm.exe
2476 C:\Windows\explorer.exe
2676 C:\Program Files\Windows Defender\MSASCui.exe
2700 C:\Windows\System32\igfxtray.exe
2720 C:\Windows\System32\hkcmd.exe
2728 C:\Windows\System32\igfxpers.exe
2740 C:\Windows\RtHDVCpl.exe
2748 C:\Windows\vsnp2uvc.exe
2756 C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
2764 C:\Program Files\EzButton\EzButton.EXE
2776 C:\Program Files\Lenovo\EnergyCut\utilty.exe
2788 C:\Program Files\Lenovo\EnergyCut\EnergyCut.exe
2800 C:\Program Files\Apoint2K\Apoint.exe
2808 C:\Program Files\Lenovo\VeriFace\PManage.exe
2824 C:\Program Files\Lenovo\ShuttleCenter\PCMService.exe
2856 D:\Program Files\adobeacrobat\Distillr\acrotray.exe
2892 C:\Windows\System32\igfxsrvc.exe
3112 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
3272 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3280 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
3292 C:\Program Files\iTunes\iTunesHelper.exe
3316 C:\Windows\ehome\ehtray.exe
3328 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
3400 C:\Users\Emily\AppData\Local\Google\Update\GoogleUpdate.exe
3520 C:\Windows\ehome\ehmsas.exe
3688 C:\Program Files\Apoint2K\ApMsgFwd.exe
3872 C:\Program Files\OpenOffice.org 3\program\soffice.exe
3884 C:\Program Files\Apoint2K\ApntEx.exe
3892 C:\Program Files\OpenOffice.org 3\program\soffice.bin
3960 C:\Program Files\iPod\bin\iPodService.exe
4092 C:\Windows\System32\wbem\unsecapp.exe
2320 WmiPrvSE.exe
1200 C:\Windows\System32\wuauclt.exe
172 C:\Program Files\Mozilla Firefox\firefox.exe
920 C:\Windows\System32\taskeng.exe
3584 C:\Windows\System32\SearchProtocolHost.exe
3528 C:\Windows\System32\SearchFilterHost.exe
772 C:\Users\Emily\Desktop\MBRCheck.exe
2996 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000007`5343e000 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS541616J9SA00, Rev: SB4OC70P

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979

Done!

**Jaggy** · August 14th, 2010, 05:29 PM

ComboFix 10-08-14.02 - Emily 14/08/2010 17:11:56.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.2.1033.18.2038.1233 [GMT -4:00]
Running from: c:\users\Emily\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: AntiVir Desktop *disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\s.bat

----- BITS: Possible infected sites -----

hxxp://au.download.windowsupj+|Cv+@J:NGD_DQ{zGD_DQ{zGD_DQ{zGD_DQ{z+@J:Nj+|CvppData\Local\Temp\GURE417.exeGoogle Update
.
((((((((((((((((((((((((( Files Created from 2010-07-14 to 2010-08-14 )))))))))))))))))))))))))))))))
.

2010-08-14 21:19 . 2010-08-14 21:19 -------- d-----w- c:\users\Emily\AppData\Local\temp
2010-08-14 21:07 . 2010-08-14 21:09 -------- d-----w- C:\32788R22FWJFW
2010-08-13 23:58 . 2010-08-13 23:59 -------- dc-h--w- c:\programdata\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-08-13 23:58 . 2010-07-12 08:56 2979280 -c--a-w- c:\programdata\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}\Ad-AwareInstall.exe
2010-08-13 23:35 . 2010-08-13 23:35 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-08-13 23:32 . 2010-08-13 23:43 -------- d-----w- c:\program files\DivX
2010-08-13 23:32 . 2010-08-13 23:43 -------- d-----w- c:\programdata\DivX
2010-07-21 04:00 . 2010-07-21 04:00 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.4\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-13 23:55 . 2009-01-27 06:03 -------- d-----w- c:\program files\Lavasoft
2010-07-28 22:13 . 2009-12-24 19:27 -------- d-----w- c:\users\Emily\AppData\Roaming\vlc
2010-07-21 04:05 . 2010-06-23 04:51 -------- d-----w- c:\program files\iTunes
2010-07-21 04:04 . 2010-05-02 22:38 -------- d-----w- c:\program files\iPod
2010-07-21 04:04 . 2009-09-05 03:56 -------- d-----w- c:\program files\Common Files\Apple
2010-07-12 08:55 . 2010-06-06 17:44 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-07-12 08:55 . 2009-01-27 06:24 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-06-30 15:21 . 2010-06-30 15:21 2605008 ----a-w- c:\users\Emily\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2010-06-23 04:04 . 2010-06-23 04:04 -------- d-----w- c:\program files\Bonjour
2010-06-11 20:51 . 2010-06-11 20:51 3055600 ----a-w- c:\users\Emily\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
2010-06-11 20:36 . 2010-06-11 20:36 275952 ----a-w- c:\users\Emily\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
2010-05-21 18:14 . 2009-10-03 05:36 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-20 21:41 . 2010-05-20 21:41 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-05-18 20:35 . 2010-05-18 20:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 20:35 . 2010-05-18 20:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2007-10-26 05:07 241752 ----a-w- c:\program files\Lenovo\VeriFace\IcnOvrly.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"Google Update"="c:\users\Emily\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-05-03 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-05-23 1006264]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-04 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-04 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-04 138008]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-23 4435968]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2006-12-28 569344]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]
"EzButton"="c:\progra~1\EzButton\EzButton.EXE" [2007-04-14 502544]
"EnergyUtility"="c:\program files\Lenovo\EnergyCut\utilty.exe" [2007-07-26 2502656]
"EnergyCut"="c:\program files\Lenovo\EnergyCut\EnergyCut.exe" [2007-07-26 1232896]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-21 159744]
"VeriFacePassManager"="c:\program files\Lenovo\VeriFace\PManage.exe" [2007-10-26 241664]
"PCMService"="c:\program files\Lenovo\ShuttleCenter\PCMService.exe" [2007-08-09 417792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Acrobat Assistant 7.0"="d:\program files\adobeacrobat\Distillr\Acrotray.exe" [2004-12-14 483328]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-07-12 864112]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-05 202256]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-16 141608]

c:\users\Emily\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2009-1-5 25214]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-11-29 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 FreeAgentGoNext Service;Seagate Service;d:\program files\SeagateManager\Sync\FreeAgentService.exe [x]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-07-12 1352832]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-07-12 64288]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-06-19 28544]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2007-06-05 11776]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-02-08 179712]
S3 CapFilt;CapFilt; [x]

.
Contents of the 'Scheduled Tasks' folder

2010-08-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2106239528-3222921034-3804467947-1004Core.job
- c:\users\Emily\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-03 15:19]

2010-08-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2106239528-3222921034-3804467947-1004UA.job
- c:\users\Emily\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-03 15:19]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Convert link target to Adobe PDF - d:\program files\adobeacrobat\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - d:\program files\adobeacrobat\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - d:\program files\adobeacrobat\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - d:\program files\adobeacrobat\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - d:\program files\adobeacrobat\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - d:\program files\adobeacrobat\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - d:\program files\adobeacrobat\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - d:\program files\adobeacrobat\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\0rr64awa.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\users\Emily\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\Emily\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\Emily\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-MaxMenuMgr - d:\program files\SeagateManager\FreeAgent Status\StxMenuMgr.exe
HKLM-Run-QuickTime Task - d:\program files\QuickTime\QTTask.exe
AddRemove-AC3Filter - d:\program files\AC3Filter\uninstall.exe
AddRemove-Adobe Photoshop 7.0 - d:\program files\Adobe\Photoshop 7.0\Uninst.isu
AddRemove-Audacity_is1 - d:\program files\Audacity\unins000.exe
AddRemove-HijackThis - d:\program files\HijackThis.exe
AddRemove-ImgBurn - d:\program files\ImgBurn\uninstall.exe
AddRemove-LAME for Audacity_is1 - d:\program files\LAMEforAudacity\unins000.exe
AddRemove-VLC media player - d:\program files\VLC\uninstall.exe
AddRemove-WinRAR archiver - d:\program files\WinRAR\uninstall.exe
AddRemove-Xvid_is1 - d:\program files\Xvid\unins000.exe
AddRemove-{8ADFC4160D694100B5B8A22DE9DCABD9} - d:\program files\DivXPlayerUninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-14 17:19
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2010-08-14 17:22:24
ComboFix-quarantined-files.txt 2010-08-14 21:22

Pre-Run: 2,788,999,168 bytes free
Post-Run: 2,610,610,176 bytes free

- - End Of File - - 379BFB7B99F0BEC43ACB65E40A6F765B

**Broni** · August 14th, 2010, 05:36 PM

1. Please open Notepad

Click Start , then Run
Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:

Driver::
CapFilt

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=-

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

**Jaggy** · August 14th, 2010, 06:49 PM

I would post the second Combofix log, except now I cannot open ANYTHING on the computer, after the reboot was done.
I tried to open firefox and got this message box:

c:\program files\mozilla firefox\firefox.exe
illegal operation attempted on a registry key that has been marked for deletion

Pretty much any program I try to open on that computer gives the same message, now.

**Broni** · August 14th, 2010, 08:02 PM

illegal operation attempted on a registry key that has been marked for deletion

Restart computer one more time.

**Jaggy** · August 14th, 2010, 08:12 PM

ComboFix 10-08-14.02 - Emily 14/08/2010 18:25:01.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.2.1033.18.2038.1055 [GMT -4:00]
Running from: c:\users\Emily\Desktop\ComboFix.exe
Command switches used :: c:\users\Emily\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: AntiVir Desktop *disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_CapFilt

((((((((((((((((((((((((( Files Created from 2010-07-14 to 2010-08-14 )))))))))))))))))))))))))))))))
.

2010-08-14 22:32 . 2010-08-14 22:36 -------- d-----w- c:\users\Emily\AppData\Local\temp
2010-08-14 22:32 . 2010-08-14 22:32 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-14 22:32 . 2010-08-14 22:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-14 22:22 . 2010-08-14 22:23 -------- d-----w- C:\32788R22FWJFW
2010-08-13 23:58 . 2010-08-13 23:59 -------- dc-h--w- c:\programdata\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-08-13 23:32 . 2010-08-13 23:43 -------- d-----w- c:\program files\DivX
2010-08-13 23:32 . 2010-08-13 23:43 -------- d-----w- c:\programdata\DivX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-13 23:55 . 2009-01-27 06:03 -------- d-----w- c:\program files\Lavasoft
2010-08-13 23:35 . 2010-08-13 23:35 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-28 22:13 . 2009-12-24 19:27 -------- d-----w- c:\users\Emily\AppData\Roaming\vlc
2010-07-21 04:05 . 2010-06-23 04:51 -------- d-----w- c:\program files\iTunes
2010-07-21 04:04 . 2010-05-02 22:38 -------- d-----w- c:\program files\iPod
2010-07-21 04:04 . 2009-09-05 03:56 -------- d-----w- c:\program files\Common Files\Apple
2010-07-21 04:00 . 2010-07-21 04:00 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.4\SetupAdmin.exe
2010-07-12 08:56 . 2010-08-13 23:58 2979280 -c--a-w- c:\programdata\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}\Ad-AwareInstall.exe
2010-07-12 08:55 . 2010-06-06 17:44 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-07-12 08:55 . 2009-01-27 06:24 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-06-30 15:21 . 2010-06-30 15:21 2605008 ----a-w- c:\users\Emily\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2010-06-23 04:04 . 2010-06-23 04:04 -------- d-----w- c:\program files\Bonjour
2010-06-11 20:51 . 2010-06-11 20:51 3055600 ----a-w- c:\users\Emily\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
2010-06-11 20:36 . 2010-06-11 20:36 275952 ----a-w- c:\users\Emily\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
2010-05-21 18:14 . 2009-10-03 05:36 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-20 21:41 . 2010-05-20 21:41 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-05-18 20:35 . 2010-05-18 20:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 20:35 . 2010-05-18 20:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2007-10-26 05:07 241752 ----a-w- c:\program files\Lenovo\VeriFace\IcnOvrly.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"Google Update"="c:\users\Emily\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-05-03 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-05-23 1006264]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-04 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-04 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-04 138008]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-23 4435968]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2006-12-28 569344]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]
"EzButton"="c:\progra~1\EzButton\EzButton.EXE" [2007-04-14 502544]
"EnergyUtility"="c:\program files\Lenovo\EnergyCut\utilty.exe" [2007-07-26 2502656]
"EnergyCut"="c:\program files\Lenovo\EnergyCut\EnergyCut.exe" [2007-07-26 1232896]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-21 159744]
"VeriFacePassManager"="c:\program files\Lenovo\VeriFace\PManage.exe" [2007-10-26 241664]
"PCMService"="c:\program files\Lenovo\ShuttleCenter\PCMService.exe" [2007-08-09 417792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Acrobat Assistant 7.0"="d:\program files\adobeacrobat\Distillr\Acrotray.exe" [2004-12-14 483328]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-07-12 864112]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-05 202256]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-16 141608]

c:\users\Emily\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2009-1-5 25214]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-11-29 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 FreeAgentGoNext Service;Seagate Service;d:\program files\SeagateManager\Sync\FreeAgentService.exe [x]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-07-12 1352832]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-07-12 64288]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-06-19 28544]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2007-06-05 11776]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-02-08 179712]

.
Contents of the 'Scheduled Tasks' folder

2010-08-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2106239528-3222921034-3804467947-1004Core.job
- c:\users\Emily\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-03 15:19]

2010-08-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2106239528-3222921034-3804467947-1004UA.job
- c:\users\Emily\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-03 15:19]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Convert link target to Adobe PDF - d:\program files\adobeacrobat\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - d:\program files\adobeacrobat\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - d:\program files\adobeacrobat\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - d:\program files\adobeacrobat\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - d:\program files\adobeacrobat\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - d:\program files\adobeacrobat\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - d:\program files\adobeacrobat\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - d:\program files\adobeacrobat\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\0rr64awa.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\users\Emily\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\Emily\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\Emily\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-14 18:36
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3996)
c:\program files\Lenovo\VeriFace\IcnOvrly.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conime.exe
c:\windows\system32\wbem\unsecapp.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2010-08-14 18:41:32 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-14 22:41
ComboFix2.txt 2010-08-14 21:22

Pre-Run: 2,537,119,744 bytes free
Post-Run: 2,203,607,040 bytes free

- - End Of File - - B9C26A01AABF4FAAD7394D3115F57E37

**Broni** · August 14th, 2010, 08:22 PM

Good

What are the current issues?

Uninstall Combofix:
Go Start > Run [Vista users, go Start>"Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall"
Click OK (Vista users - press Enter).
Restart computer.

==========================================================

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:

netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\system32\spool\prtprocs\w32x86\*.tmp
%systemroot%\*. /mp /s
/md5start
/md5stop
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Thread: Laptop randomly uninstalls a bunch of programs

Thread Tools

Search Thread

Display

Laptop randomly uninstalls a bunch of programs

Thread Information

Users Browsing this Thread

Posting Permissions