Inactive Keeps refreshing in Mozilla, and on Desktop...virus maybe?

Status
Not open for further replies.
S

schuby

Like the title says, my browser constantly refreshes itself in Firefox without me doing anything, and on the desktop it does a refresh-like thing everytime I click an icon. Also, in Task manager something seems to be going haywire in the CPU usage...it'll go from using nothing to a bunch of random numbers back to nothing again. Weird thing is sometimes nothing is wrong when I use the computer, and sometimes this stuff happens. Really random when it does. I think it started after I downloaded a music file off of Mediafire. Also Google wouldn't let me use it for a while after the problem started.

Hope I posted these right. Thanks!

Malwarebytes' Log

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5195

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

11/26/10 05:34 PM
mbam-log-2010-11-26 (17-34-20).txt

Scan type: Quick scan
Objects scanned: 143068
Time elapsed: 5 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

GMER Log

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-11-26 21:09:11
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 ST9320421AS rev.SD14
Running: 248bcyiv.exe; Driver: C:\Users\MICHAE~1\AppData\Local\Temp\uwlorkow.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x805E8BAE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x805E89D2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x805E8B0C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntkrnlpa.exe!ZwLoadDriver 82989DF0 7 Bytes JMP 805E8B10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 829F528F 5 Bytes JMP 805E45D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 82A4E063 5 Bytes JMP 805E5FFA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!NtCreateSection 82A4F905 7 Bytes JMP 805E89D6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 82AAF90A 7 Bytes JMP 805E8BB2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1780] kernel32.dll!SetUnhandledExceptionFilter 76F7A84F 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\services.exe[656] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00130002
IAT C:\Windows\system32\services.exe[656] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00130000
IAT C:\Windows\Explorer.EXE[2372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73857817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [738AA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7385BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7384F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [738575E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7384E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73888395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7385DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7384FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7384FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [738471CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [738DCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7387C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7384D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73846853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7384687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73852AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat AsDsm.sys (Data Security Manager Driver/ASUSTek Computer Inc)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001d60c5c31d
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001d60c5c31d (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001d60c5c31d (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001d60c5c31d (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\001d60c5c31d (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\001d60c5c31d (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\BTHPORT\Parameters\Keys\001d60c5c31d (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\BTHPORT\Parameters\Keys\001d60c5c31d (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\BTHPORT\Parameters\Keys\001d60c5c31d (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\BTHPORT\Parameters\Keys\001d60c5c31d (not active ControlSet)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 61: copy of MBR
Disk \Device\Harddisk0\DR0 sector 62: copy of MBR

---- Files - GMER 1.0.15 ----

File C:\ADSM_PData_0150 0 bytes
File C:\ADSM_PData_0150\DB 0 bytes
File C:\ADSM_PData_0150\DB\SI.db 624 bytes
File C:\ADSM_PData_0150\DB\UL.db 16 bytes
File C:\ADSM_PData_0150\DB\VL.db 16 bytes
File C:\ADSM_PData_0150\DB\WAL.db 2048 bytes
File C:\ADSM_PData_0150\DragWait.exe 315392 bytes executable
File C:\ADSM_PData_0150\_avt 512 bytes

---- EOF - GMER 1.0.15 ----


DDS Attach Log


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-11-26.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 7/10/2009 12:12:52 AM
System Uptime: 11/26/2010 5:13:06 PM (4 hours ago)

Motherboard: PEGATRON CORPORATION | | F50Sf
Processor: Intel(R) Core(TM)2 Duo CPU T6500 @ 2.10GHz | CPU 1 | 2100/200mhz

Err:510

C: is FIXED (NTFS) - 149 GiB total, 92.266 GiB free.
D: is FIXED (NTFS) - 137 GiB total, 137.006 GiB free.
E: is CDROM ()

Err:510

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0000
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter
PNP Device ID: ROOT\*6TO4MP\0000
Service: tunnel

Err:510

RP391: 11/24/2010 12:45:31 PM - Scheduled Checkpoint
RP392: 11/25/2010 2:11:38 PM - Restore Operation
RP393: 11/26/2010 1:24:45 PM - Windows Update

Err:510

2007 Microsoft Office system
32 Bit HP CIO Components Installer
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe Color Common Settings
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Reader 9.4.1
Adobe Setup
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASUS AI Recovery
ASUS CopyProtect
ASUS Data Security Manager
ASUS FancyStart
ASUS LifeFrame3
ASUS Live Update
ASUS MultiFrame
ASUS Power4Gear Hybrid
ASUS SmartLogon
ASUS Splendid Video Enhancement Technology
ASUS Touch Pad Extra
ASUS Virtual Camera
Asus_Camera_ScreenSaver
Atheros Client Installation Program
ATK Generic Function Service
ATK Hotkey
ATK Media
ATKOSD2
avast! Free Antivirus
Battlefield 2 Complete Collection
Bonjour
BufferChm
C6300
Choice Guard
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco NAC Agent
Cisco PEAP Module
CyberLink LabelPrint
CyberLink Power2Go
Destination Component
DeviceDiscovery
DivX Setup
EA Download Manager
EA Download Manager UI
Express Gate
Free RAR Extract Frog
GameSpy Comrade
GPBaseService2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 12.0
HP Imaging Device Functions 12.0
HP Photosmart C6300 All-In-One Driver Software 12.0 Rel .4
HP Photosmart Essential 3.5
HP Smart Web Printing
HP Solution Center 13.0
HP Update
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HPSSupply
iTunes
Java Auto Updater
Java(TM) 6 Update 16
Java(TM) 6 Update 18
Java(TM) 6 Update 22
Junk Mail filter update
LightScribe System Software 1.14.17.1
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (Chinese (Simplified)) 2007
Microsoft Office Access MUI (Chinese (Traditional)) 2007
Microsoft Office Access MUI (English) 2007
Microsoft Office Access MUI (French) 2007
Microsoft Office Access MUI (Spanish) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel 2007 Help ¸üР(KB963678)
Microsoft Office Excel 2007 Help Actualización (KB963678)
Microsoft Office Excel 2007 Help §ó·sµ{¦¡ (KB963678)
Microsoft Office Excel MUI (Chinese (Simplified)) 2007
Microsoft Office Excel MUI (Chinese (Traditional)) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Excel MUI (French) 2007
Microsoft Office Excel MUI (Spanish) 2007
Microsoft Office IME (Chinese (Simplified)) 2007
Microsoft Office IME (Chinese (Traditional)) 2007
Microsoft Office Live Add-in 1.5
Microsoft Office Outlook 2007 Help ¸üР(KB963677)
Microsoft Office Outlook 2007 Help Actualización (KB963677)
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (Chinese (Simplified)) 2007
Microsoft Office Outlook MUI (Chinese (Traditional)) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office Outlook MUI (French) 2007
Microsoft Office Outlook MUI (Spanish) 2007
Microsoft Office Powerpoint 2007 Help ¸üР(KB963669)
Microsoft Office Powerpoint 2007 Help Actualización (KB963669)
Microsoft Office Powerpoint 2007 Help §ó·sµ{¦¡ (KB963669)
Microsoft Office PowerPoint MUI (Chinese (Simplified)) 2007
Microsoft Office PowerPoint MUI (Chinese (Traditional)) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint MUI (French) 2007
Microsoft Office PowerPoint MUI (Spanish) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (Arabic) 2007
Microsoft Office Proof (Basque) 2007
Microsoft Office Proof (Catalan) 2007
Microsoft Office Proof (Chinese (Simplified)) 2007
Microsoft Office Proof (Chinese (Traditional)) 2007
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Galician) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Portuguese (Brazil)) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (Chinese (Simplified)) 2007
Microsoft Office Proofing (Chinese (Traditional)) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (French) 2007
Microsoft Office Proofing (Spanish) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (Chinese (Simplified)) 2007
Microsoft Office Publisher MUI (Chinese (Traditional)) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Publisher MUI (French) 2007
Microsoft Office Publisher MUI (Spanish) 2007
Microsoft Office Shared MUI (Chinese (Simplified)) 2007
Microsoft Office Shared MUI (Chinese (Traditional)) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (French) 2007
Microsoft Office Shared MUI (Spanish) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word 2007 Help ¸üР(KB963665)
Microsoft Office Word 2007 Help Actualización (KB963665)
Microsoft Office Word 2007 Help §ó·sµ{¦¡ (KB963665)
Microsoft Office Word MUI (Chinese (Simplified)) 2007
Microsoft Office Word MUI (Chinese (Traditional)) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office Word MUI (French) 2007
Microsoft Office Word MUI (Spanish) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mise à jour Microsoft Office Excel 2007 Help (KB963678)
Mise à jour Microsoft Office Outlook 2007 Help (KB963677)
Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)
Mise à jour Microsoft Office Word 2007 Help (KB963665)
Mozilla Firefox (3.6.12)
MSVCRT
MSVCSetup
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Multimedia Card Reader
MySQL Connector/ODBC 3.51
Network
Norton Internet Security
NVIDIA Drivers
OGA Notifier 2.0.0048.0
OpenOffice.org 3.2
Pando Media Booster
Picasa 3
PS_AIO_04_C6300_Software_Min
PunkBuster Services
QuickTime
Realtek High Definition Audio Driver
Scan
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB2288953)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Shop for HP Supplies
Sid Meier's Civilization 4
SmartWebPrinting
SolutionCenter
Status
Synaptics Pointing Device Driver
Toolbox
TrayApp
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2443839)
USB 2.0 UVC 1.3M WebCam
VC80CRTRedist - 8.0.50727.4053
WebReg
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker Beta
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin
WinFlash
Wireless Console 2
Xfire (remove only)

Err:510

11/26/2010 5:15:06 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SRTSP SRTSPX
11/26/2010 5:15:06 PM, Error: Service Control Manager [7000] - The Norton Internet Security service failed to start due to the following error: The system cannot find the path specified.
11/26/2010 5:14:56 PM, Error: Microsoft-Windows-LanguagePackSetup [1001] - Application initialization failed. Last error: 0x80070032
11/26/2010 5:10:01 PM, Error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
11/25/2010 2:19:21 PM, Error: Service Control Manager [7022] - The avast! Antivirus service hung on starting.
11/25/2010 2:09:01 PM, Error: EventLog [6008] - The previous system shutdown at 2:07:59 PM on 11/25/2010 was unexpected.
11/25/2010 11:50:07 AM, Error: EventLog [6008] - The previous system shutdown at 2:34:57 AM on 11/25/2010 was unexpected.
11/24/2010 12:45:31 PM, Error: volsnap [20] - The shadow copies of volume C: were aborted because of a failed free space computation.
11/22/2010 2:19:26 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
11/22/2010 2:19:26 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/22/2010 2:19:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Err:510

DDS Log

DDS (Ver_10-11-26.01) - NTFSx86
Run by michael schubert at 21:11:11.88 on Fri 11/26/2010
Internet Explorer: 8.0.6001.18975 BrowserJavaVersion: 1.6.0_22
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.1557 [GMT -7:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

Err:510

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
C:\Program Files\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Program files\P4G\BatteryLife.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\ATK Hotkey\HControlUser.exe
C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files\ATK Hotkey\Hcontrol.exe
C:\Program Files\ATK Hotkey\MsgTranAgt.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe
C:\Windows\System32\ACEngSvr.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Windows\System32\ASUSTPE.exe
C:\Windows\ASScrPro.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Cisco\Cisco NAC Agent\NACAgentUI.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\ATK Hotkey\LOSD.exe
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\ATK Hotkey\KBFiltr.exe
C:\Program Files\ATK Hotkey\WDC.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\michael schubert\Downloads\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

Err:510

uStart Page = hxxp://www.pptos.info/?http://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [DisableS3S4] c:\DisableS3S4.cmd
mRun: [Microsoft Pinyin IME Migration] c:\progra~1\common~1\micros~1\ime12\imesc\IMSCMIG.EXE /INSTALL
mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe"
mRun: [P2Go_Menu] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [HControlUser] "c:\program files\atk hotkey\HcontrolUser.exe"
mRun: [ATKOSD2] c:\program files\asus\atkosd2\ATKOSD2.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ADSMTray] c:\program files\asus\asus data security manager\ADSMTray.exe
mRun: [ATKMEDIA] c:\program files\asus\atk media\DMedia.exe
mRun: [ASUSTPE] c:\windows\system32\ASUSTPE.exe
mRun: [ASUS Camera ScreenSaver] c:\windows\AsScrProlog.exe
mRun: [ASUS Screen Saver Protector] c:\windows\ASScrPro.exe
mRun: [Skytel] c:\program files\realtek\audio\hda\Skytel.exe
mRun: [NACAgentUI] c:\program files\cisco\cisco nac agent\NACAgentUI.exe
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\fancys~1.lnk - c:\windows\installer\{a9feb6d7-9c52-49fc-b956-7ab275b78890}\_5598CE641C54B66A23693F.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
LSA: Notification Packages = scecli c:\program files\asus\asus data security manager\ASPWDFLT
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

Err:510

FF - ProfilePath - c:\users\michae~1\appdata\roaming\mozilla\firefox\profiles\llz2r149.default\
FF - prefs.js: browser.startup.homepage - hxxp://news.bbc.co.uk/
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\gamespy\comrade\npcomrade.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

Err:510

R0 lullaby;lullaby;c:\windows\system32\drivers\lullaby.sys [2009-7-10 15416]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-8-27 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-8-27 17744]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-8-27 50768]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-29 40384]
R2 NACAgent;Cisco NAC Agent;c:\program files\cisco\cisco nac agent\NACAgent.exe [2010-2-5 742144]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-29 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-29 40384]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\drivers\SiSGB6.sys [2008-9-9 48128]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Norton Internet Security;Norton Internet Security;"c:\program files\norton internet security\engine\16.0.0.125\ccsvchst.exe" /s "norton internet security" /m "c:\program files\norton internet security\engine\16.0.0.125\dimaster.dll" /prefetch:1 --> c:\program files\norton internet security\engine\16.0.0.125\ccSvcHst.exe [?]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-8-27 55264]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2008-12-8 533344]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

Err:510

.txt=

Err:510

11/27/10 12:18 AM -------- d-----w- c:\users\michae~1\appdata\roaming\Malwarebytes
11/27/10 12:18 AM 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
11/27/10 12:18 AM 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
11/27/10 12:18 AM -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
11/27/10 12:18 AM -------- d-----w- c:\progra~2\Malwarebytes
11/26/10 08:25 PM 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{b32e152b-347e-4ae6-8e64-a06b8821fd81}\mpengine.dll
11/25/10 09:33 PM -------- d-----w- c:\windows\pss
11/23/10 09:22 PM 7680 ----a-w- c:\program files\internet explorer\iecompat.dll
11/22/10 09:04 PM 89600 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\HPZPPLHN.DLL
11/12/10 10:46 PM -------- d-----w- c:\program files\iPod
11/12/10 10:46 PM -------- d-----w- c:\program files\iTunes
11/09/10 10:12 PM 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
11/06/10 06:37 PM 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
11/06/10 06:37 PM 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

Err:510

11/25/10 09:14 PM 45056 ----a-w- c:\windows\system32\acovcnt.exe
10/19/10 06:41 PM 222080 ------w- c:\windows\system32\MpSigStub.exe
09/15/10 11:50 AM 472808 ----a-w- c:\windows\system32\deployJava1.dll
09/13/10 01:56 PM 8147456 ----a-w- c:\windows\system32\wmploc.DLL
09/08/10 06:17 PM 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
09/08/10 06:17 PM 69632 ----a-w- c:\windows\system32\QuickTime.qts
09/08/10 06:01 AM 916480 ----a-w- c:\windows\system32\wininet.dll
09/08/10 05:57 AM 43520 ----a-w- c:\windows\system32\licmgr10.dll
09/08/10 05:57 AM 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
09/08/10 05:56 AM 71680 ----a-w- c:\windows\system32\iesetup.dll
09/08/10 05:56 AM 109056 ----a-w- c:\windows\system32\iesysprep.dll
09/08/10 05:04 AM 385024 ----a-w- c:\windows\system32\html.iec
09/08/10 04:26 AM 133632 ----a-w- c:\windows\system32\ieUnatt.exe
09/08/10 04:25 AM 1638912 ----a-w- c:\windows\system32\mshtml.tlb
09/07/10 03:12 PM 38848 ----a-w- c:\windows\avastSS.scr
09/06/10 04:20 PM 125952 ----a-w- c:\windows\system32\srvsvc.dll
09/06/10 04:19 PM 17920 ----a-w- c:\windows\system32\netevent.dll
08/31/10 03:46 PM 954752 ----a-w- c:\windows\system32\mfc40.dll
08/31/10 03:46 PM 954288 ----a-w- c:\windows\system32\mfc40u.dll
08/31/10 03:44 PM 531968 ----a-w- c:\windows\system32\comctl32.dll
08/31/10 01:27 PM 2038272 ----a-w- c:\windows\system32\win32k.sys
04/08/09 05:31 PM 106496 ----a-w- c:\program files\common files\CPInstallAction.dll

Err:510
 
Welcome aboard :)

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

====================================================================

Copy the entire content of the report and paste it in a reply here.

Note. You may get this warning it is ok, just ignore it:
"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"
 
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: PEGATRON CORPORATION
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: ASUSTeK Computer Inc.
System Product Name: F50Sf
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 149):
0x82819000 \SystemRoot\system32\ntkrnlpa.exe
0x82BD2000 \SystemRoot\system32\hal.dll
0x8040A000 \SystemRoot\system32\kdcom.dll
0x80411000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80481000 \SystemRoot\system32\PSHED.dll
0x80492000 \SystemRoot\system32\BOOTVID.dll
0x8049A000 \SystemRoot\system32\CLFS.SYS
0x804DB000 \SystemRoot\system32\CI.dll
0x80601000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8067D000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8068A000 \SystemRoot\system32\drivers\acpi.sys
0x806D0000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806D9000 \SystemRoot\system32\drivers\msisadrv.sys
0x806E1000 \SystemRoot\system32\drivers\pci.sys
0x80708000 \SystemRoot\System32\drivers\partmgr.sys
0x80717000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8071A000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x80724000 \SystemRoot\system32\drivers\volmgr.sys
0x80733000 \SystemRoot\System32\drivers\volmgrx.sys
0x8077D000 \SystemRoot\system32\drivers\pciide.sys
0x80784000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x80792000 \SystemRoot\System32\drivers\mountmgr.sys
0x807A2000 \SystemRoot\system32\drivers\atapi.sys
0x807AA000 \SystemRoot\system32\drivers\ataport.SYS
0x807C8000 \SystemRoot\system32\drivers\fltmgr.sys
0x805BB000 \SystemRoot\system32\drivers\fileinfo.sys
0x805CB000 \SystemRoot\System32\Drivers\AsDsm.sys
0x805D5000 \SystemRoot\system32\DRIVERS\lullaby.sys
0x82E06000 \SystemRoot\System32\Drivers\ksecdd.sys
0x82E77000 \SystemRoot\system32\drivers\ndis.sys
0x82F82000 \SystemRoot\system32\drivers\msrpc.sys
0x82FAD000 \SystemRoot\system32\drivers\NETIO.SYS
0x8A80C000 \SystemRoot\System32\drivers\tcpip.sys
0x8A8F6000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8AA00000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8AB10000 \SystemRoot\system32\drivers\volsnap.sys
0x8AB49000 \SystemRoot\System32\Drivers\spldr.sys
0x8AB51000 \SystemRoot\System32\Drivers\mup.sys
0x8AB60000 \SystemRoot\System32\drivers\ecache.sys
0x8AB87000 \SystemRoot\system32\drivers\disk.sys
0x8AB98000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8ABB9000 \SystemRoot\system32\drivers\crcdisk.sys
0x8ABED000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8ABE2000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8ABF8000 \SystemRoot\system32\DRIVERS\ATKACPI.sys
0x8A911000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8E606000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8EF5C000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x8EF5E000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8A920000 \SystemRoot\System32\drivers\watchdog.sys
0x8A92C000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8A93F000 \SystemRoot\system32\DRIVERS\kbfiltr.sys
0x8A947000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8A952000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8E600000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8A981000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8A98C000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8A996000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8A9D4000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8A9E3000 \SystemRoot\system32\DRIVERS\SiSGB6.sys
0x82FE8000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8A9F3000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8F20D000 \SystemRoot\system32\DRIVERS\athr.sys
0x8F332000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8F3BF000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8F3C3000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8F407000 \SystemRoot\system32\DRIVERS\storport.sys
0x8F448000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8F453000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8F46A000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8F475000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8F498000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8F4A7000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8F4BB000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8F4D0000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8F4E0000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8F4E2000 \SystemRoot\system32\DRIVERS\ks.sys
0x8F50C000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8F516000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8F523000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8F558000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8F60E000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8F84D000 \SystemRoot\system32\drivers\portcls.sys
0x8F87A000 \SystemRoot\system32\drivers\drmk.sys
0x8F89F000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8F8A8000 \SystemRoot\System32\Drivers\Null.SYS
0x8F8AF000 \SystemRoot\System32\Drivers\Beep.SYS
0x8F8BF000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8F8C6000 \SystemRoot\System32\drivers\vga.sys
0x8F8D2000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8F8F3000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8F8FB000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8F903000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8F90E000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8F91C000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8F925000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8F93B000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x8F945000 \SystemRoot\system32\DRIVERS\smb.sys
0x8F959000 \SystemRoot\system32\drivers\afd.sys
0x8F9A1000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x8F9A6000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8F9D8000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8F9EE000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8F569000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8F57C000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8F600000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8F5B8000 \SystemRoot\System32\Drivers\dfsc.sys
0x8F5CF000 \SystemRoot\System32\Drivers\aswSP.SYS
0x805DD000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8FC0D000 \SystemRoot\system32\DRIVERS\snp2uvc.sys
0x8FDBA000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x8FDC7000 \SystemRoot\system32\DRIVERS\sncduvc.SYS
0x8FDCE000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8FDDB000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8FDE6000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x98E90000 \SystemRoot\System32\win32k.sys
0x8FDEE000 \SystemRoot\System32\drivers\Dxapi.sys
0x8ABC2000 \SystemRoot\system32\DRIVERS\monitor.sys
0x990B0000 \SystemRoot\System32\TSDDD.dll
0x990D0000 \SystemRoot\System32\ATMFD.DLL
0x99120000 \SystemRoot\System32\cdd.dll
0x80C0A000 \SystemRoot\system32\drivers\luafv.sys
0x80C25000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x80C5C000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x80C5F000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x80C6F000 \SystemRoot\system32\drivers\spsys.sys
0x80D1F000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x80D49000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x80D53000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x80D66000 \??\C:\Program Files\ATKGFNEX\ASMMAP.sys
0x80D6D000 \SystemRoot\system32\drivers\HTTP.sys
0x80DDA000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA140C000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA1425000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA143A000 \SystemRoot\system32\drivers\mrxdav.sys
0xA145B000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA147A000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA14B3000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA14CB000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA14F3000 \SystemRoot\System32\DRIVERS\srv.sys
0xA2A07000 \SystemRoot\system32\drivers\peauth.sys
0xA2AE5000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA2AEF000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA2AFB000 \SystemRoot\System32\Drivers\fastfat.SYS
0xA2B23000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xA2B39000 \SystemRoot\system32\drivers\tdtcp.sys
0xA2B44000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
0xA2B50000 \SystemRoot\System32\Drivers\RDPWD.SYS
0x771C0000 \Windows\System32\ntdll.dll

Processes (total 98):
0 System Idle Process
4 System
428 C:\Windows\System32\smss.exe
496 csrss.exe
548 C:\Windows\System32\wininit.exe
564 csrss.exe
596 C:\Windows\System32\services.exe
608 C:\Windows\System32\lsass.exe
616 C:\Windows\System32\lsm.exe
764 C:\Windows\System32\svchost.exe
824 C:\Windows\System32\nvvsvc.exe
852 C:\Windows\System32\svchost.exe
888 C:\Windows\System32\svchost.exe
936 C:\Windows\System32\svchost.exe
968 C:\Windows\System32\svchost.exe
992 C:\Windows\System32\svchost.exe
1068 C:\Windows\System32\audiodg.exe
1104 C:\Windows\System32\winlogon.exe
1124 C:\Windows\System32\svchost.exe
1140 C:\Windows\System32\SLsvc.exe
1192 C:\Windows\System32\svchost.exe
1388 C:\Windows\System32\svchost.exe
1500 C:\Windows\System32\nvvsvc.exe
1660 C:\Windows\System32\wlanext.exe
1696 C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
1708 C:\Program Files\ATK Hotkey\AsLdrSrv.exe
1732 C:\Program Files\ATKGFNEX\GFNEXSrv.exe
1764 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
292 C:\Windows\System32\taskeng.exe
436 C:\Windows\System32\spoolsv.exe
504 C:\Windows\System32\svchost.exe
1880 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
500 C:\Program Files\Bonjour\mDNSResponder.exe
1220 C:\Windows\System32\svchost.exe
1748 C:\Windows\System32\svchost.exe
2068 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2096 C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe
2224 C:\Windows\System32\svchost.exe
2372 C:\Windows\System32\svchost.exe
2400 C:\Windows\System32\svchost.exe
2432 C:\Windows\System32\svchost.exe
2508 C:\Windows\System32\taskeng.exe
2516 C:\Windows\System32\svchost.exe
2620 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2636 C:\Windows\System32\dwm.exe
2728 C:\Windows\System32\SearchIndexer.exe
2760 C:\Windows\System32\taskeng.exe
2808 C:\Windows\explorer.exe
2832 C:\Program Files\ASUS\ASUS Live Update\ALU.exe
2860 C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
2872 C:\Program Files\ASUS\ASUS CopyProtect\ASPG.exe
2888 C:\Program Files\P4G\BatteryLife.exe
3160 C:\Program Files\Cisco\Cisco NAC Agent\NACAgentUI.exe
3480 C:\Windows\System32\svchost.exe
3824 C:\Program Files\Windows Defender\MSASCui.exe
3844 C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
3852 C:\Program Files\ATK Hotkey\HControl.exe
3860 C:\Program Files\ATK Hotkey\MsgTranAgt.exe
3868 C:\Program Files\Wireless Console 2\wcourier.exe
3880 C:\Program Files\ASUS\Splendid\ACMON.exe
3968 C:\Program Files\ATK Hotkey\HControlUser.exe
4024 ACEngSvr.exe
2188 C:\Program Files\ATK Hotkey\LOSD.exe
3664 C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
1476 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
1384 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
1484 C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe
1632 C:\Program Files\ASUS\ATK Media\DMedia.exe
1644 C:\Windows\System32\ASUSTPE.exe
3952 C:\Windows\ASScrPro.exe
2456 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
2984 C:\Program Files\ATK Hotkey\ATKOSD.exe
3716 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
3712 C:\Program Files\Common Files\Java\Java Update\jusched.exe
1892 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
4068 C:\Program Files\iTunes\iTunesHelper.exe
3392 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
2972 C:\Windows\ehome\ehtray.exe
724 C:\Program Files\Windows Media Player\wmpnscfg.exe
4008 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
1676 C:\Windows\ehome\ehmsas.exe
3120 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
3144 C:\Program Files\ATK Hotkey\KBFiltr.exe
1600 C:\Program Files\ATK Hotkey\WDC.exe
1344 C:\Program Files\Windows Media Player\wmpnetwk.exe
2104 C:\Program Files\iPod\bin\iPodService.exe
4400 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
4440 C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
4560 C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
5004 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
6040 C:\Windows\System32\wuauclt.exe
4840 C:\Program Files\Mozilla Firefox\firefox.exe
3940 taskeng.exe
4700 C:\Windows\System32\SearchProtocolHost.exe
3360 C:\Windows\System32\SearchFilterHost.exe
696 C:\Windows\explorer.exe
5624 C:\Users\michael schubert\Downloads\MBRCheck.exe
3256 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`ee1af400 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000028`30b37200 (NTFS)

PhysicalDrive0 Model Number: ST9320421AS, Rev: SD14

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 16FACB29D75458833E397367B1DA17929157C2B3


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!


I downloaded (from the second page, the first wasn't working) and installed the Rootkit Unhooker, but when I try to run it, these two errors pop up:
Information: Failed to enable debug privilege, not a critical issue
and
Error: load driver privilege not adjusted

Then it won't load up the scan after that.
 
OK, for now, we have to fix your MBR...

Please download NTBR by noahdfear and save it to your Desktop.
File size: 2.44 MB (2,565,432 bytes)

  • Place a blank CD in your CD drive.
  • Double click on NTBR_CD.exe file and a folder of the same name will appear.
  • Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
  • Follow the prompts to burn the CD.
  • Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
  • If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.
  • Insert the newly created CD into your infected PC and reboot your computer.
  • Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
  • Read the warning and then continue as prompted.
  • You first need to select your keyboard layout - press Enter for English.
  • Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
  • On the following screen enter 5 to select Install Standard MBR code.
  • Enter 1 to overwrite the infected MBR Code with the Standard MBR code.
  • When asked to confirm please do so.
  • Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
  • Eject the disc and then press ctrl+alt+del to reboot the PC.
Once rebooted, run MBRCheck again and post its log.
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
794
uber_beetle
uber_beetle
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni

Latest posts

Back