TechSpot

Annoying script popping up keeps kicking me out of programs

Inactive
By Garnath
Feb 10, 2011
Topic Status:
Not open for further replies.
  1. www.malwarebytes.org

    Database version: 5731

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    2/10/2011 10:13:18 AM
    mbam-log-2011-02-10 (10-13-18).txt

    Scan type: Quick scan
    Objects scanned: 147654
    Time elapsed: 3 minute(s), 13 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 3
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 2

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4D1EC4CA-4B92-4324-B8F8-C9A6ED06A8AE} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4E674574-3F0B-491d-8AE3-F90B43A34FD6} (Adware.Hotbar) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\HBLite@HBLite.com (Adware.HotBar) -> Value: HBLite@HBLite.com -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\Users\Eddie\Desktop\chskrtrn12.exe (Trojan.Genome) -> Quarantined and deleted successfully.
    c:\Users\Eddie\downloads\setupplaysushi.exe (PUP.PlaySushi) -> Quarantined and deleted successfully.

    Rootkit quick scan 2011-02-10 10:33:20
    Windows 6.1.7600 Harddisk0\DR0 -> \Device\00000069 NVIDIA__ rev.
    Running: 848vq1f4.exe; Driver: C:\Users\Eddie\AppData\Local\Temp\uglcapod.sys


    ---- Devices - GMER 1.0.15 ----

    Device \Driver\atapi \Device\Ide\IdePort0 8573F1F8
    Device \Driver\atapi \Device\Ide\IdePort1 8573F1F8
    Device \Driver\atapi \Device\Ide\IdePort2 8573F1F8
    Device \Driver\atapi \Device\Ide\IdePort3 8573F1F8
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-5 8573F1F8
    Device \Driver\a6zibkjn \Device\Scsi\a6zibkjn1 86FA61F8
    Device \Driver\a6zibkjn \Device\Scsi\a6zibkjn1Port6Path0Target0Lun0 86FA61F8
    Device \FileSystem\Ntfs \Ntfs 857421F8

    AttachedDevice \FileSystem\Ntfs \Ntfs TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)
    AttachedDevice \Driver\tdx \Device\Ip pctgntdi.sys
    AttachedDevice \Driver\tdx \Device\Tcp pctgntdi.sys
    AttachedDevice \Driver\tdx \Device\Udp pctgntdi.sys
    AttachedDevice \Driver\tdx \Device\RawIp pctgntdi.sys

    ---- EOF - GMER 1.0.15 ----


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-12.02)

    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 5/12/2010 5:20:36 PM
    System Uptime: 2/10/2011 10:16:46 AM (0 hours ago)

    Motherboard: ASUSTeK Computer INC. | | M2N-SLI
    Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5400+ | Socket AM2 | 2814/200mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 466 GiB total, 199.328 GiB free.
    D: is CDROM ()
    E: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP186: 1/20/2011 1:35:19 PM - Scheduled Checkpoint
    RP188: 1/23/2011 6:51:58 PM - Installed DirectX
    RP189: 1/31/2011 7:16:47 AM - Scheduled Checkpoint
    RP190: 2/2/2011 6:00:12 AM - Windows Update
    RP192: 2/4/2011 10:52:58 PM - Installed Acer eDisplay Management
    RP194: 2/4/2011 10:53:22 PM - Installed Acer eDisplay Management
    RP196: 2/4/2011 10:53:45 PM - Installed SDK
    RP197: 2/4/2011 10:54:02 PM - Device Driver Package Install: Portrait Displays, Inc.
    RP199: 2/4/2011 10:54:36 PM - Installed Pivot Software
    RP201: 2/4/2011 10:54:56 PM - Installed Pivot Software
    RP202: 2/5/2011 12:30:35 AM - Removed Microsoft Games for Windows - LIVE Redistributable
    RP203: 2/5/2011 12:31:11 AM - Removed Microsoft Games for Windows - LIVE
    RP204: 2/5/2011 12:32:02 AM - Removed Windows Live ID Sign-in Assistant
    RP205: 2/5/2011 12:33:24 AM - Removed Dragon NaturallySpeaking 11.
    RP206: 2/5/2011 12:37:54 AM - Removed Dragon NaturallySpeaking 11.
    RP207: 2/5/2011 12:47:21 AM - Removed Dragon NaturallySpeaking 11.
    RP208: 2/9/2011 7:43:19 PM - Removed Dragon NaturallySpeaking 11.
    RP209: 2/9/2011 7:57:19 PM - Windows Update

    ==== Installed Programs ======================

    AbiWord 2.8.4
    Acer eDisplay Management
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.4.2
    BitLord 1.1
    Browser Defender 3.0
    C-Media PCI Audio Device
    Call of Duty: Black Ops
    CCleaner
    Curse Client
    Dead Rising 2
    Defraggler
    Dragon NaturallySpeaking 11
    Dungeons & Dragons Online ®: Eberron Unlimited ™ v01.12.00.803
    EA Download Manager
    Fallout New Vegas
    Free File Viewer 2011
    Google Chrome
    Google Earth
    Google Update Helper
    Internet TV for Windows Media Center
    Java Auto Updater
    Java(TM) 6 Update 22
    Lara Croft and the Guardian of Light
    League of Legends
    Left 4 Dead
    Logitech GamePanel Software 3.03.133
    Malwarebytes' Anti-Malware
    Mass Effect 2
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft XML Parser
    Mozilla Firefox (3.6.13)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NVIDIA 3D Vision Driver 260.99
    NVIDIA Control Panel 260.99
    NVIDIA Graphics Driver 260.99
    NVIDIA Install Application
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.10.0514
    NVIDIA Stereoscopic 3D Driver
    OGA Notifier 2.0.0048.0
    OpenAL
    Pando Media Booster
    Pirates, Vikings, & Knights II
    Pivot Software
    Rapture3D 2.4.4 Game
    S.T.A.L.K.E.R. - Shadow of Chernobyl
    SDK
    SecondLifeViewer2 (remove only)
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2289158)
    Security Update for 2007 Microsoft Office System (KB2344875)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2345035)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    SpeedFan (remove only)
    Spyware Doctor with AntiVirus 8.0
    Star Trek Online
    Steam
    System Requirements Lab
    Two Worlds II
    Ubisoft Game Launcher
    Unknown File Assistant
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2412171)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (KB2492475)
    Ventrilo Client
    Virtual Audio Cable 4.6
    Windows Media Center Add-in for Silverlight
    WinRAR 4.00 beta 4 (32-bit)
    Wizard101
    World of Warcraft

    ==== Event Viewer Messages From Past Week ========

    2/10/2011 9:58:28 AM, Error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
    2/10/2011 9:49:18 AM, Error: Service Control Manager [7034] - The Browser Defender Update Service service terminated unexpectedly. It has done this 1 time(s).

    ==== End Of File ===========================



    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Eddie at 10:35:07.65 on Thu 02/10/2011
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3326.2243 [GMT -5:00]

    AV: Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Spyware Doctor with AntiVirus *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
    C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files\Common Files\Nuance\dgnsvc.exe
    C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
    C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Spyware Doctor\BDT\FGuard.exe
    C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
    C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
    C:\Program Files\Portrait Displays\Pivot Software\wpCtrl.exe
    C:\Program Files\Acer Display\eDisplay Management\DTHtml.exe
    C:\Program Files\Portrait Displays\Pivot Software\floater.exe
    C:\Program Files\DAEMON Tools Lite\DTLite.exe
    C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
    C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Eddie\Downloads\dds.scr
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.pctools.com/mrc/fix_homepage/
    mStart Page = hxxp://www.pctools.com/mrc/fix_homepage/
    uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
    BHO: {5C2A7A9D-6399-3A04-1DBC-2A4A68B877C4} - No File
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
    uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
    uRun: [Steam] "c:\program files\steam\steam.exe" -silent
    uRun: [ISUSPM] c:\programdata\flexnet\connect\11\ISUSPM.exe -scheduler
    mRun: [CmPCIaudio] RunDll32 CMICNFG3.cpl,CMICtrlWnd
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [DNS7reminder] "c:\program files\nuance\naturallyspeaking11\ereg\ereg.exe" -r "c:\programdata\nuance\naturallyspeaking11\Ereg.ini
    mRun: [PCTools FGuard] c:\program files\spyware doctor\bdt\FGuard.exe
    mRun: [Launch LgDeviceAgent] "c:\program files\logitech\gamepanel software\LgDevAgt.exe"
    mRun: [Launch LGDCore] "c:\program files\logitech\gamepanel software\g-series software\LGDCore.exe" /SHOWHIDE
    mRun: [PivotSoftware] "c:\program files\portrait displays\pivot software\wpctrl.exe"
    mRun: [DT ACR] c:\program files\common files\portrait displays\shared\DT_startup.exe -ACR
    StartupFolder: c:\users\eddie\appdata\roaming\microsoft\windows\start menu\programs\startup\CurseClientStartup.ccip
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\eddie\appdata\roaming\mozilla\firefox\profiles\o20wcb3k.default\
    FF - prefs.js: browser.search.selectedEngine - Bing
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
    FF - prefs.js: keyword.URL -
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_HBLiteSA.dll
    FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
    FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
    FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true
    ============= SERVICES / DRIVERS ===============

    R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-7-31 239168]
    R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2010-12-10 338880]
    R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2010-12-10 656320]
    R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-12-10 51984]
    R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-12-10 69392]
    R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2010-7-31 249616]
    R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-7-31 247760]
    R2 DragonSvc;Dragon Service;c:\program files\common files\nuance\dgnsvc.exe [2010-7-23 296808]
    R2 PdiService;Portrait Displays SDK Service;c:\program files\common files\portrait displays\drivers\pdisrvc.exe [2011-2-4 90112]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-10-16 369256]
    R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\drivers\vrtaucbl.sys [2010-5-12 42496]
    R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-12-10 33552]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-19 136176]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2010-7-31 70536]
    S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-12-10 366840]
    S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-7-31 1150936]
    S3 ThreatFire;ThreatFire;c:\program files\spyware doctor\tfengine\tfservice.exe service --> c:\program files\spyware doctor\tfengine\TFService.exe service [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-13 1343400]

    =============== Created Last 30 ================

    2011-02-10 15:08:01 -------- d-----w- c:\users\eddie\appdata\roaming\Malwarebytes
    2011-02-10 15:07:52 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-02-10 15:07:51 -------- d-----w- c:\progra~2\Malwarebytes
    2011-02-10 15:07:48 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-02-09 08:58:23 -------- d-----w- c:\windows\system32\Data
    2011-02-08 00:20:36 -------- d-----w- c:\program files\Just Cause 2
    2011-02-06 18:06:41 -------- d-----w- c:\users\eddie\appdata\roaming\FreeFileViewer
    2011-02-06 18:04:10 -------- d-----w- c:\program files\Unknown File Assistant
    2011-02-06 18:03:52 -------- d-----w- c:\program files\FreeFileViewer
    2011-02-06 18:02:25 -------- d-----w- c:\program files\Free Offers from Freeze.com
    2011-02-05 05:22:14 -------- d-----w- c:\users\eddie\appdata\roaming\DisplayTune
    2011-02-05 03:55:10 2304 ----a-w- c:\windows\system32\Machnm32.sys
    2011-02-05 03:55:08 -------- d-----w- c:\program files\Portrait Displays
    2011-02-05 03:52:14 753664 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iKernel.dll
    2011-02-05 03:52:14 69714 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\ctor.dll
    2011-02-05 03:52:14 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\DotNetInstaller.exe
    2011-02-05 03:52:14 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
    2011-02-05 03:52:14 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iscript.dll
    2011-02-05 03:52:14 184320 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iuser.dll
    2011-02-05 03:52:09 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\setup.dll
    2011-02-05 03:52:09 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iGdi.dll
    2011-01-30 19:57:00 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
    2011-01-30 04:03:36 -------- d-----w- c:\users\eddie\appdata\local\Logitech
    2011-01-23 23:54:58 -------- d-----w- c:\users\eddie\appdata\local\Two Worlds II
    2011-01-23 23:52:46 -------- d-----w- c:\program files\Reality Pump
    2011-01-18 18:03:26 888424 ----a-w- c:\windows\system32\nvdispco322050.dll
    2011-01-18 18:03:26 813672 ----a-w- c:\windows\system32\nvgenco322030.dll
    2011-01-18 18:03:26 57960 ----a-w- c:\windows\system32\OpenCL.dll
    2011-01-18 18:03:26 4837480 ----a-w- c:\windows\system32\nvcuda.dll
    2011-01-18 18:03:26 319080 ----a-w- c:\windows\system32\nvdecodemft.dll
    2011-01-18 18:03:26 2912360 ----a-w- c:\windows\system32\nvcuvid.dll
    2011-01-18 18:03:26 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll
    2011-01-18 18:03:26 14899816 ----a-w- c:\windows\system32\nvoglv32.dll
    2011-01-18 18:03:26 13019752 ----a-w- c:\windows\system32\nvcompiler.dll
    2011-01-18 18:03:26 10084360 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
    2011-01-17 23:29:08 -------- d-----w- c:\users\eddie\appdata\local\4A Games
    2011-01-17 22:54:06 -------- d-----w- c:\program files\METRO 2033
    2011-01-11 21:41:30 -------- d-----w- c:\progra~2\EA Core
    2011-01-11 21:38:44 -------- d-----w- c:\progra~2\Electronic Arts

    ==================== Find3M ====================

    2011-01-07 07:27:11 34304 ----a-w- c:\windows\system32\atmlib.dll
    2011-01-07 05:33:11 294400 ----a-w- c:\windows\system32\atmfd.dll
    2011-01-05 05:37:33 428032 ----a-w- c:\windows\system32\vbscript.dll
    2011-01-05 03:37:38 2329088 ----a-w- c:\windows\system32\win32k.sys
    2010-12-21 05:38:24 73728 ----a-w- c:\windows\system32\wscsvc.dll
    2010-12-21 05:38:24 51200 ----a-w- c:\windows\system32\wscapi.dll
    2010-12-21 05:38:22 981504 ----a-w- c:\windows\system32\wininet.dll
    2010-12-21 05:38:22 350720 ----a-w- c:\windows\system32\winhttp.dll
    2010-12-21 05:38:21 204800 ----a-w- c:\windows\system32\WebClnt.dll
    2010-12-21 05:38:19 204288 ----a-w- c:\windows\system32\upnp.dll
    2010-12-21 05:38:16 14336 ----a-w- c:\windows\system32\slwga.dll
    2010-12-21 05:36:17 1389568 ----a-w- c:\windows\system32\msxml6.dll
    2010-12-21 05:36:16 1236992 ----a-w- c:\windows\system32\msxml3.dll
    2010-12-21 05:34:12 80384 ----a-w- c:\windows\system32\davclnt.dll
    2010-12-18 05:29:40 44544 ----a-w- c:\windows\system32\licmgr10.dll
    2010-12-18 05:29:31 541184 ----a-w- c:\windows\system32\kerberos.dll
    2010-12-18 04:20:55 386048 ----a-w- c:\windows\system32\html.iec
    2010-12-18 03:47:59 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2010-12-03 20:34:50 149456 ----a-w- c:\windows\SGDetectionTool.dll
    2010-12-03 20:34:48 1996752 ----a-w- c:\windows\PCTBDCore.dll
    2010-12-03 20:34:48 1533904 ----a-w- c:\windows\PCTBDRes.dll
    2010-12-03 20:34:42 767952 ----a-w- c:\windows\BDTSupport.dll
    2010-11-17 17:02:44 445016 ----a-w- c:\windows\system32\wrap_oal.dll
    2010-11-17 17:02:43 109144 ----a-w- c:\windows\system32\OpenAL32.dll

    ============= FINISH: 10:35:36.36 ===============


    These are the logs requested.

    I'm getting kicked out when im playing games randomly, it will flash a quick script page in the upper left quadrant of my screen then it disappears real fast before i have a chance to see what it says. I play mmo's and it interrupts team play periodically. Please help.
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Welcome to TechSpot![​IMG]
    (Image courtesy animationplayhouse.com)

    Is this mysterious script that pops up exclusive to any particular game? Why do you cal it 'script'? Is something written in it? What> even a word or 2 would help.

    Download Combofix to your desktop from one of these locations:
    Link 1
    Link 2
    • Double click combofix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Query- Recovery Console image
      [​IMG]
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes it will open a text window. Please paste that log in your next reply.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    ========================================
    Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Re-enable your Antivirus software.
    10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.