1,105,332 Community Members

IE Running in the background playing audio ads

Member Avatar
Arekhon
Newbie Poster
14 posts since Dec 2010
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

It's become clear in the past couple days that some sort of maliciousness has overtaken my computer. I've run a variety of Malware detectors and my anti-virus, and everything has come up dry.

Here is my most recent hijackthis log. If someone could point me in the right direction with some analysis and set me on the right path towards fixing this I'd really appreciate it. Thanks.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:14:27 AM, on 12/3/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
C:\Program Files\Windows Defender\MsMpEng.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://safesearch.cyberdefender.com/smallsearch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=14196&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Documents and Settings\Administrator\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DriverLoad] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DriverCheck] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [SystemDriverLoad] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [SystemDriver] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [FDriver] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ADriver] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DriverLoad] (User 'Default user')
O4 - Startup: CurseClientStartup.ccip
O4 - Global Startup: Reboot.exe
O8 - Extra context menu item: QQ - C:\Program Files\Tencent\QQIntl\Bin\AddEmotion.htm
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CSIScanner - Unknown owner - C:\Program Files\PrevxCSI\\PrevxCSI.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 8216 bytes

Member Avatar
jholland1964
Posting Expert
5,610 posts since Jul 2008
Reputation Points: 650 [?]
Q&As Helped to Solve: 343 [?]
Skill Endorsements: 3 [?]
Team Colleague
Featured
 
0
 

Hello and welcome to daniweb.
You need to follow the steps given in our Read Me first sticky
http://www.daniweb.com/forums/thread134865.html and then post back here with all the requested logs. Please follow all steps exactly as given.

Before you do those steps though you need to run HiJackthis again and put a check mark next to this entry:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://safesearch.cyberdefender.com/smallsearch.html

Once you have placed that check mark then click the Fix Checked button and Exit HJT. Then begin the steps in the Read Me sticky.

I want you to remove that website, cyberdefender, in the listing above because it is a VERY DANGEROUS website. It is well known for offering bogus security programs which then will not uninstall, they are known for phishing and other scams, their website is also known to contain viruses and other malware. If you have any of their software you are going to have to attempt to remove it, it is very dangerous.

Member Avatar
Arekhon
Newbie Poster
14 posts since Dec 2010
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

Thanks so much for your reply. Here are the requested logs:


MalwareBytes

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5243

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/4/2010 6:00:22 AM
mbam-log-2010-12-04 (09-00-22).txt

Scan type: Full scan (C:\|)
Objects scanned: 458380
Time elapsed: 2 hour(s), 58 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


GMER One


GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-12-03 23:05:53
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD3200AAKS-00SBA0 rev.12.01B01
Running: cw6gl1lj.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pglyipoc.sys


---- System - GMER 1.0.15 ----

SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateKey [0xB7F832A8]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateValueKey [0xB7F8E910]

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 8A0BEA88
Device \Driver\atapi \Device\Ide\IdePort0 8A0BEA88
Device \Driver\atapi \Device\Ide\IdePort1 8A0BEA88
Device \Driver\atapi \Device\Ide\IdePort2 8A0BEA88
Device \Driver\atapi \Device\Ide\IdePort3 8A0BEA88
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-12 8A0BEA88
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target1Lun0 89FB6720
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target2Lun0 89FB6720
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 89FB6720
Device \Driver\d347prt \Device\Scsi\d347prt1 89FB6720
Device \FileSystem\Ntfs \Ntfs 8A575930

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/Eset )
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys

---- Modules - GMER 1.0.15 ----

Module _________ B7EE5000-B7EFD000 (98304 bytes)

---- EOF - GMER 1.0.15 ----

GMER Two

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-04 08:00:22
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD3200AAKS-00SBA0 rev.12.01B01
Running: cw6gl1lj.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pglyipoc.sys


---- System - GMER 1.0.15 ----

SSDT d347bus.sys (PnP BIOS Extension/ ) ZwClose [0xB7F8E818]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwCreateKey [0xB7F8E7D0]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwCreatePagingFile [0xB7F82A20]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateKey [0xB7F832A8]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateValueKey [0xB7F8E910]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwOpenKey [0xB7F8E794]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwQueryKey [0xB7F832C8]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwQueryValueKey [0xB7F8E866]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwSetSystemPowerState [0xB7F8E0B0]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A5D7578

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/Eset )
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys

Device \Driver\Cdrom \Device\CdRom0 8A104258
Device \FileSystem\Rdbss \Device\FsWrap 8A166BA8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 8A104520
Device \Driver\atapi \Device\Ide\IdePort0 8A104520
Device \Driver\atapi \Device\Ide\IdePort1 8A104520
Device \Driver\atapi \Device\Ide\IdePort2 8A104520
Device \Driver\atapi \Device\Ide\IdePort3 8A104520
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-12 8A104520
Device \Driver\Cdrom \Device\CdRom1 8A104258
Device \Driver\Cdrom \Device\CdRom2 8A104258
Device \Driver\Cdrom \Device\CdRom3 8A104258
Device \FileSystem\Srv \Device\LanmanServer 89F0A8D0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A166908
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A166908
Device \FileSystem\Npfs \Device\NamedPipe 8A148448
Device \FileSystem\Msfs \Device\Mailslot 8A1611D0
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target1Lun0 8A0D37A8
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target2Lun0 8A0D37A8
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 8A0D37A8
Device \Driver\d347prt \Device\Scsi\d347prt1 8A0D37A8
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 8A148620
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 8A148620
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 8A148620
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 8A148620
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 8A148620
Device \FileSystem\Cdfs \Cdfs 897D4928

---- Modules - GMER 1.0.15 ----

Module _________ B7EE5000-B7EFD000 (98304 bytes)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@khjeh 0x20 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@hj34z0 0x2D 0xF7 0xE6 0x56 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf41@khjeh 0x20 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf41@hj34z0 0x2D 0xF7 0xE6 0x56 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf42
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf42@khjeh 0x20 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf42@hj34z0 0x2D 0xF7 0xE6 0x56 ...

---- EOF - GMER 1.0.15 ----

DDS.txt


DDS (Ver_10-11-27.01) - NTFSx86
Run by Administrator at 9:05:01.75 on Sat 12/04/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1284 [GMT -8:00]

AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ventrilo\Ventrilo.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.ask.com?o=14196&l=dis
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - No File
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Aim6]
uRun: [Octoshape Streaming Services] "c:\documents and settings\administrator\application data\octoshape\octoshape streaming services\OctoshapeClient.exe" -inv:bootrun
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [DAEMON Tools-1033] "c:\program files\d-tools\daemon.exe" -lang 1033
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [DriverLoad]
dRun: [DriverCheck]
dRun: [SystemDriverLoad]
dRun: [SystemDriver]
dRun: [FDriver]
dRun: [ADriver]
StartupFolder: c:\documents and settings\administrator\start menu\programs\startup\CurseClientStartup.ccip
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Reboot.exe
uPolicies-system: NoDispAppearancePage = 0 (0x0)
dPolicies-system: NoDispAppearancePage = 0 (0x0)
IE: QQ - c:\program files\tencent\qqintl\bin\AddEmotion.htm
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\1uouz73f.default\
FF - prefs.js: browser.startup.homepage - hxxp://penny-arcade.com/
FF - plugin: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\1uouz73f.default\extensions\npdyyno@dyyno.com\plugins\npDyyno.dll
FF - plugin: c:\documents and settings\administrator\application data\mozilla\plugins\npoctoshape.dll
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Simple Dyyno Launcher: NPDyyno@dyyno.com - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\1uouz73f.default\extensions\NPDyyno@dyyno.com
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\1uouz73f.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\1uouz73f.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Extension: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\1uouz73f.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

============= SERVICES / DRIVERS ===============

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2007-7-13 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2007-7-13 5248]
R0 pxark;pxark;c:\windows\system32\drivers\pxark.sys [2008-3-29 17408]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2007-11-14 30728]
R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2007-11-14 455936]
S2 CSIScanner;CSIScanner;"c:\program files\prevxcsi\\prevxcsi.exe" /service --> c:\program files\prevxcsi\\PrevxCSI.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-9-20 1684736]
S3 FLASHSYS;FLASHSYS;c:\program files\msi\live update 4\lu4\FlashSys.sys [2010-3-3 9216]
S3 MsibiosDevice;MsibiosDevice;c:\program files\msi\live update 4\lu4\msibios.sys [2010-3-3 18432]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-1-25 42000]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-3-6 24652]

=============== File Associations ===============

chm.file="hh.exe" %1
txtfile=c:\windows\notepad.exe %1

=============== Created Last 30 ================

2010-12-03 18:29:36 -------- d-----w- c:\docume~1\alluse~1\applic~1\SecTaskMan
2010-11-30 20:23:45 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-11-30 20:01:20 -------- d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes
2010-11-30 20:01:15 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-30 20:01:14 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-11-30 20:01:11 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-30 20:01:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-30 07:32:14 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-11-30 07:32:14 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-11-30 07:32:09 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-11-20 18:59:52 -------- d-----w- c:\program files\Autodesk
2010-11-20 18:59:52 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Autodesk
2010-11-16 06:55:06 -------- d-----w- c:\docume~1\admini~1\applic~1\Oberon Media
2010-11-16 06:54:02 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Oberon Media
2010-11-06 19:37:34 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2010-11-06 19:37:34 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2010-11-06 01:17:50 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Octoshape

==================== Find3M ====================

2010-11-05 19:46:24 233960 ----a-w- c:\windows\system32\PnkBstrB.xtr
2010-11-05 19:46:24 233960 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-10-05 22:16:50 138056 ----a-w- c:\docume~1\admini~1\applic~1\PnkBstrK.sys
2010-10-05 21:05:08 2601752 ----a-w- c:\windows\system32\pbsvc_moh.exe
2010-09-18 20:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 11:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 09:29:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl

============= FINISH: 9:06:06.73 ===============

Attach.txt


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-11-27.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/13/2007 4:24:42 PM
System Uptime: 12/3/2010 11:20:48 PM (10 hours ago)

Motherboard: ECS | | IC780M-A
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4600+ | CPU 1 | 2394/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 298 GiB total, 26.342 GiB free.
D: is CDROM ()
E: is CDROM (CDFS)
F: is CDROM (CDFS)
G: is CDROM (CDFS)

==== Disabled Device Manager Items =============

Class GUID:
Description:
Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1002\5&189B28C4&0&0001
Manufacturer:
Name:
PNP Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1002\5&189B28C4&0&0001
Service:

==== System Restore Points ===================

RP1155: 9/6/2010 5:45:12 AM - System Checkpoint
RP1156: 9/7/2010 6:45:11 AM - System Checkpoint
RP1157: 9/8/2010 7:45:13 AM - System Checkpoint
RP1158: 9/9/2010 8:45:12 AM - System Checkpoint
RP1159: 9/10/2010 9:45:11 AM - System Checkpoint
RP1160: 9/11/2010 10:45:12 AM - System Checkpoint
RP1161: 9/12/2010 10:45:45 AM - System Checkpoint
RP1162: 9/13/2010 8:44:13 AM - Software Distribution Service 3.0
RP1163: 9/14/2010 12:54:22 PM - System Checkpoint
RP1164: 9/15/2010 8:25:22 PM - System Checkpoint
RP1165: 9/16/2010 8:35:59 PM - System Checkpoint
RP1166: 9/17/2010 5:03:30 PM - Removed Rosetta Stone V3.
RP1167: 9/17/2010 9:55:16 PM - Installed Rosetta Stone Version 3
RP1168: 9/17/2010 9:57:24 PM - Software Distribution Service 3.0
RP1169: 9/17/2010 10:57:06 PM - Removed Rosetta Stone Version 3
RP1170: 9/17/2010 10:58:00 PM - Installed Rosetta Stone Version 3
RP1171: 9/18/2010 11:06:29 PM - System Checkpoint
RP1172: 9/20/2010 3:56:15 AM - System Checkpoint
RP1173: 9/21/2010 4:03:54 AM - System Checkpoint
RP1174: 9/22/2010 4:06:27 AM - System Checkpoint
RP1175: 9/23/2010 4:07:31 AM - System Checkpoint
RP1176: 9/23/2010 5:48:57 PM - Installed Java(TM) 6 Update 21
RP1177: 9/24/2010 6:06:28 PM - System Checkpoint
RP1178: 9/25/2010 8:38:32 PM - System Checkpoint
RP1179: 9/26/2010 9:56:59 PM - System Checkpoint
RP1180: 9/27/2010 4:57:27 PM - Installed DirectX
RP1181: 9/28/2010 6:54:31 PM - System Checkpoint
RP1182: 9/28/2010 10:18:00 PM - Software Distribution Service 3.0
RP1183: 9/29/2010 10:30:51 PM - System Checkpoint
RP1184: 10/1/2010 2:08:22 AM - System Checkpoint
RP1185: 10/2/2010 2:30:51 AM - System Checkpoint
RP1186: 10/3/2010 2:31:29 AM - System Checkpoint
RP1187: 10/4/2010 2:53:37 AM - System Checkpoint
RP1188: 10/5/2010 3:31:33 AM - System Checkpoint
RP1189: 10/5/2010 3:14:04 PM - Removed Microsoft Visual C++ 2005 Redistributable
RP1190: 10/5/2010 3:14:47 PM - Installed Microsoft Visual C++ 2005 Redistributable
RP1191: 10/5/2010 3:15:01 PM - Installed DirectX
RP1192: 10/6/2010 9:09:14 PM - System Checkpoint
RP1193: 10/7/2010 11:59:04 PM - System Checkpoint
RP1194: 10/9/2010 12:13:23 AM - System Checkpoint
RP1195: 10/10/2010 12:32:34 AM - System Checkpoint
RP1196: 10/11/2010 2:45:35 AM - System Checkpoint
RP1197: 10/12/2010 3:31:32 AM - System Checkpoint
RP1198: 10/13/2010 4:31:34 AM - System Checkpoint
RP1199: 10/14/2010 5:31:33 AM - System Checkpoint
RP1200: 10/15/2010 6:31:32 AM - System Checkpoint
RP1201: 10/16/2010 1:51:27 PM - System Checkpoint
RP1202: 10/17/2010 3:10:23 PM - System Checkpoint
RP1203: 10/18/2010 3:19:54 PM - System Checkpoint
RP1204: 10/19/2010 8:39:23 PM - System Checkpoint
RP1205: 10/20/2010 9:31:51 PM - System Checkpoint
RP1206: 10/21/2010 10:32:56 PM - System Checkpoint
RP1207: 10/23/2010 3:57:10 PM - System Checkpoint
RP1208: 10/24/2010 8:27:55 PM - System Checkpoint
RP1209: 10/25/2010 8:32:48 PM - System Checkpoint
RP1210: 10/26/2010 10:13:00 PM - System Checkpoint
RP1211: 10/27/2010 10:31:43 PM - System Checkpoint
RP1212: 10/28/2010 10:32:48 PM - System Checkpoint
RP1213: 10/29/2010 10:39:28 PM - System Checkpoint
RP1214: 10/30/2010 8:14:35 AM - Installed Java(TM) 6 Update 22
RP1215: 10/31/2010 8:31:12 AM - System Checkpoint
RP1216: 11/1/2010 9:31:11 AM - System Checkpoint
RP1217: 11/2/2010 5:03:53 PM - System Checkpoint
RP1218: 11/3/2010 8:10:30 PM - System Checkpoint
RP1219: 11/4/2010 8:31:12 PM - System Checkpoint
RP1220: 11/5/2010 9:40:38 PM - System Checkpoint
RP1221: 11/6/2010 10:52:08 PM - System Checkpoint
RP1222: 11/7/2010 11:29:56 PM - System Checkpoint
RP1223: 11/9/2010 3:19:23 AM - System Checkpoint
RP1224: 11/10/2010 4:01:53 AM - System Checkpoint
RP1225: 11/11/2010 4:29:57 AM - System Checkpoint
RP1226: 11/12/2010 5:29:56 AM - System Checkpoint
RP1227: 11/13/2010 6:29:57 AM - System Checkpoint
RP1228: 11/14/2010 7:29:17 AM - System Checkpoint
RP1229: 11/15/2010 8:29:16 AM - System Checkpoint
RP1230: 11/16/2010 12:27:34 PM - System Checkpoint
RP1231: 11/17/2010 9:08:11 PM - System Checkpoint
RP1232: 11/18/2010 9:29:16 PM - System Checkpoint
RP1233: 11/19/2010 11:13:48 PM - System Checkpoint
RP1234: 11/20/2010 10:59:28 AM - Installed DirectX 9.0
RP1235: 11/20/2010 10:59:50 AM - Installed Autodesk DWF Viewer 7
RP1236: 11/20/2010 11:01:16 AM - Installed Backburner
RP1237: 11/20/2010 11:01:38 AM - Installed Autodesk 3ds Max 9 32-bit
RP1238: 11/22/2010 12:37:31 AM - System Checkpoint
RP1239: 11/23/2010 2:28:44 AM - System Checkpoint
RP1240: 11/24/2010 2:37:58 AM - System Checkpoint
RP1241: 11/25/2010 3:37:53 AM - System Checkpoint
RP1242: 11/26/2010 4:37:53 AM - System Checkpoint
RP1243: 11/27/2010 4:49:53 AM - System Checkpoint
RP1244: 11/28/2010 5:37:43 AM - System Checkpoint
RP1245: 11/29/2010 5:54:44 AM - System Checkpoint
RP1246: 11/29/2010 11:33:21 PM - Software Distribution Service 3.0
RP1247: 11/30/2010 12:25:45 AM - Removed Autodesk 3ds Max 9 32-bit
RP1248: 11/30/2010 12:27:59 AM - Removed Autodesk DWF Viewer 7
RP1249: 11/30/2010 12:28:30 AM - Removed Backburner
RP1250: 11/30/2010 12:39:32 AM - Removed MapleStory.
RP1251: 11/30/2010 12:42:33 AM - Removed NCsoft Launcher
RP1252: 11/30/2010 12:44:33 AM - Removed Spectromancer
RP1253: 11/30/2010 12:23:13 PM - Installed Windows Defender
RP1254: 11/30/2010 12:23:43 PM - Software Distribution Service 3.0
RP1255: 11/30/2010 12:28:25 PM - Removed Windows Defender
RP1256: 11/30/2010 3:25:56 PM - Installed Windows Defender
RP1257: 11/30/2010 3:26:17 PM - Software Distribution Service 3.0
RP1258: 11/30/2010 6:36:28 PM - Windows Defender Checkpoint
RP1259: 12/1/2010 8:54:14 PM - System Checkpoint
RP1260: 12/2/2010 11:18:32 PM - System Checkpoint
RP1261: 12/3/2010 11:14:17 PM - Removed Windows Defender

==== Installed Programs ======================

µTorrent
3dsmax ancillary install
AcademicOnline Interactive Mathematics
Acrobat.com
Ad-Aware
Adobe Acrobat 5.0
Adobe AIR
Adobe Digital Editions
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.1
Adobe Shockwave Player 11.5
AIM 6
AiO_Scan_CDA
Alien Swarm
Apple Software Update
ArcGIS Explorer
ATI Catalyst Install Manager
Bloodline Champions Beta
Call of Duty(R) 4 - Modern Warfare(TM)
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
CCleaner (remove only)
Chinese (Simplified) Language Support
Counter-Strike
Curse Client
DAEMON Tools
Day of Defeat
ESET NOD32 Antivirus
EVEREST Ultimate Edition v4.50
FileZilla Client 3.3.3
GOM Player
Guild Wars
Half-Life 2
Half-Life 2: Episode One
Half-Life 2: Episode Two
Heroes of Newerth
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Driver Diagnostics
HP Print Diagnostic Utility
HP PSC & OfficeJet 6.1.A
Java Auto Updater
Java(TM) 6 Update 2
Java(TM) 6 Update 22
Java(TM) 6 Update 5
Java(TM) SE Runtime Environment 6 Update 1
League of Legends
Left 4 Dead
Left 4 Dead 2
Liveupdate4
Magic ISO Maker v4.5 (build 0117)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft XNA Framework Redistributable 3.1
mIRC
Mount and Blade: Warband
Mozilla Firefox (3.6.3)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB925673)
NJStar Chinese WP
NVIDIA Drivers
NVIDIA nView Desktop Manager
NVIDIA PhysX
Octoshape add-in for Adobe Flash Player
Octoshape Streaming Services
OpenOffice.org 3.1
Pirates, Vikings, and Knights II
PokerStars
PokerStars.net
Portal
PunkBuster Services
QFolder
QuickTime
Realtek High Definition Audio Driver
Rosetta Stone Version 3
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Source SDK Base
SpeedFan (remove only)
Spybot - Search & Destroy
Starcraft
StarCraft II
Steam
Stepvoice Recorder 1.7.0.163
Team Fortress 2
Tencent QQ
The Lord of the Rings FREE Trial
Tweak UI
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB980182)
Ventrilo Client
Video Card Stability Test
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.0.5
Warcraft III: All Products
Warhammer 40,000: Dawn of War II
Warhammer 40,000: Dawn of War II - Beta
WebFldrs XP
Winamp
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
WinPcap 4.0
WinRAR archiver
World of Warcraft
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

12/4/2010 12:46:11 AM, error: Service Control Manager [7031] - The Eset Service service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
12/4/2010 12:46:08 AM, error: Service Control Manager [7031] - The Eset Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
12/3/2010 11:13:19 AM, error: Service Control Manager [7031] - The Windows Defender service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
12/3/2010 11:13:13 AM, error: Service Control Manager [7034] - The PnkBstrA service terminated unexpectedly. It has done this 1 time(s).
12/3/2010 11:13:01 AM, error: Service Control Manager [7034] - The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 2 time(s).
12/3/2010 11:12:56 AM, error: Service Control Manager [7031] - The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
12/3/2010 11:12:51 AM, error: Service Control Manager [7031] - The Windows Defender service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
12/3/2010 11:12:08 PM, error: Service Control Manager [7000] - The npkcrypt service failed to start due to the following error: The system cannot find the path specified.
11/28/2010 1:52:30 PM, error: Service Control Manager [7031] - The Eset Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
11/28/2010 1:50:54 PM, error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
11/28/2010 1:50:54 PM, error: Service Control Manager [7000] - The npkcrypt service failed to start due to the following error: The system cannot find the file specified.
11/28/2010 1:50:54 PM, error: Service Control Manager [7000] - The msdirect service failed to start due to the following error: The system cannot find the file specified.
11/28/2010 1:50:54 PM, error: Service Control Manager [7000] - The CSIScanner service failed to start due to the following error: The system cannot find the path specified.

==== End Of File ===========================

Member Avatar
jholland1964
Posting Expert
5,610 posts since Jul 2008
Reputation Points: 650 [?]
Q&As Helped to Solve: 343 [?]
Skill Endorsements: 3 [?]
Team Colleague
Featured
 
0
 

Please Run the ESET Online Scanner

http://www.eset.com/onlinescan/scanner.php?i_agree=14
* You can use Internet Explorer to complete this scan and you will need to allow an Active X to be installed or you may use Firefox
* You will need to temporarily Disable your current Anti-virus program.
* Be sure the option to Remove found threats is checked and the option to Scan unwanted applications is Checked.
* When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt.

Member Avatar
Arekhon
Newbie Poster
14 posts since Dec 2010
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

Here is the requested log:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=0d197af82bed434a832cbfa9c335883d
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-12-05 03:45:36
# local_time=2010-12-04 07:45:36 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=260871
# found=5
# cleaned=3
# scan_time=5822
C:\academic\iss2\pb_ie_nt.exe probably a variant of Win32/TrojanDownloader.Banload.DZKPMDV trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\audiosrv.dll a variant of Win32/Agent.RNT trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\Macromed\AUTHORWA\NP32ASW\AW50\authorn.exe probably a variant of Win32/TrojanDownloader.Banload.DZKPMDV trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\Macromed\AUTHORWA\NP32ASW\AW50\notes.exe probably a variant of Win32/TrojanDownloader.Banload.BTNSTXK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
${Memory} a variant of Win32/Agent.RNT trojan 00000000000000000000000000000000 I

Member Avatar
jholland1964
Posting Expert
5,610 posts since Jul 2008
Reputation Points: 650 [?]
Q&As Helped to Solve: 343 [?]
Skill Endorsements: 3 [?]
Team Colleague
Featured
 
0
 

Well at least one that is not wanting to be removed. Please do the following:
Please download ComboFix by sUBs from

http://www.bleepingcomputer.com/download/anti-virus/combofix

Please note that the BleepingComputer.com download link will expire in 10 minutes after you click it so if you don’t click within ten minutes after reaching the page you will need to refresh the page.

You must download it to and run it from your Desktop
• Physically disconnect from the internet.
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
• Double click combofix.exe & follow the prompts.
• When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
• Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!

Post back here with that log.

Member Avatar
Arekhon
Newbie Poster
14 posts since Dec 2010
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

When I ran combo fix it didn't produce a log, it restarted my computer without prompts.

Here is the HJT log:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:23:15 PM, on 12/4/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Administrator\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=14196&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Documents and Settings\Administrator\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DriverLoad] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DriverCheck] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [SystemDriverLoad] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [SystemDriver] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [FDriver] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ADriver] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DriverLoad] (User 'Default user')
O4 - Startup: CurseClientStartup.ccip
O4 - Global Startup: Reboot.exe
O8 - Extra context menu item: QQ - C:\Program Files\Tencent\QQIntl\Bin\AddEmotion.htm
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CSIScanner - Unknown owner - C:\Program Files\PrevxCSI\\PrevxCSI.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PEVSystemStart - Unknown owner - C:\ComboFix\PEV.cfxxe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 7596 bytes

Member Avatar
jholland1964
Posting Expert
5,610 posts since Jul 2008
Reputation Points: 650 [?]
Q&As Helped to Solve: 343 [?]
Skill Endorsements: 3 [?]
Team Colleague
Featured
 
0
 

Look here for the combofix log:

C:\ComboFix.txt.

Member Avatar
Arekhon
Newbie Poster
14 posts since Dec 2010
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

I don't have a file named that anywhere on my computer (as far as my search found).

Member Avatar
jholland1964
Posting Expert
5,610 posts since Jul 2008
Reputation Points: 650 [?]
Q&As Helped to Solve: 343 [?]
Skill Endorsements: 3 [?]
Team Colleague
Featured
 
0
 

Then the program didn't run correctly. Did you see various screens as the program ran?
You should have seen a final screen telling you that the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt?

Member Avatar
Arekhon
Newbie Poster
14 posts since Dec 2010
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

The main screen I saw gave me updates as to what parts were done, it counted up to about 50. Then it restarted my computer.

Member Avatar
jholland1964
Posting Expert
5,610 posts since Jul 2008
Reputation Points: 650 [?]
Q&As Helped to Solve: 343 [?]
Skill Endorsements: 3 [?]
Team Colleague
Featured
 
0
 

Look for this folder C:\Qoobox\
Don't open it if you find it just tell me if it is in C drive.
Just open C drive and look for it, don't do a search. It's a .txt file

Member Avatar
Arekhon
Newbie Poster
14 posts since Dec 2010
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

Look for this folder C:\Qoobox\
Don't open it if you find it just tell me if it is in C drive.
Just open C drive and look for it, don't do a search. It's a .txt file

There is a folder named C:\Qoobox\. Is the text file in it and should I open it to find out?

Member Avatar
jholland1964
Posting Expert
5,610 posts since Jul 2008
Reputation Points: 650 [?]
Q&As Helped to Solve: 343 [?]
Skill Endorsements: 3 [?]
Team Colleague
Featured
 
0
 

No don't open it. Will have to consult with others on this and one of us will post back with instructions.

Member Avatar
jholland1964
Posting Expert
5,610 posts since Jul 2008
Reputation Points: 650 [?]
Q&As Helped to Solve: 343 [?]
Skill Endorsements: 3 [?]
Team Colleague
Featured
 
0
 

Did you manually look through "C" drive for this combofix.txt file or just do a search?

Member Avatar
Arekhon
Newbie Poster
14 posts since Dec 2010
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

I looked through C and when I didn't find it I did a search.

Member Avatar
jholland1964
Posting Expert
5,610 posts since Jul 2008
Reputation Points: 650 [?]
Q&As Helped to Solve: 343 [?]
Skill Endorsements: 3 [?]
Team Colleague
Featured
 
0
 

Ok. Have asked another helper to take a look. Might take awhile. One of us will post back as soon as we can. Are you still having the same problems you were having when you created the thread?

Member Avatar
Arekhon
Newbie Poster
14 posts since Dec 2010
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

Yes the problem persists. Thank you so much for all your help so far.

One thing I've seen recently, that *edit* doesn't happen every time, is an error with an svchost that asks if I want to submit an error report to Microsoft.

Member Avatar
crunchie
Most Valuable Poster
13,079 posts since Feb 2004
Reputation Points: 990 [?]
Q&As Helped to Solve: 1,031 [?]
Skill Endorsements: 5 [?]
Team Colleague
Featured
 
0
 

Take a look in that Qoobox folder for any combofix.txt files and post back what you find.

Member Avatar
Arekhon
Newbie Poster
14 posts since Dec 2010
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

No .txt in the immediate folder. It contains BackEnv, LastRun, Quarantine, Test and TestC.

None of these folders contain the .txt directly, only Quarantine had more folders in it.

You
This question has already been solved: Start a new discussion instead
Post:
Start New Discussion
Tags Related to this Article