Jump to content
IObit Forum
Top Free Driver Updater Tools Best 25 PC Optimization Software Best 22 Antimalware Best 22 Uninstaller Software IObit Coupons & Discount Offers PC Optimizer Mac Boost Advice IObit Coupons A Good Utility Program From IObit IObit Promo Codes IObit Coupon Codes IObit Coupons and Deals FAQs Driver Booster Pro Review

Help


Shank28

Recommended Posts

For awhile now I've had an issue with my computer giving me random sound noises. "Congratulations you've won.." I wiped my hard drive using WipeDrive System Saver, and still the problem was occurring so I've downloaded Malwarebytes, IObit Security 360, Spybot S&D, as well as Advanced System Care and nothing works. It sort of helped, meaning the frequency of the pop-ups. Also every few hours I'll get a pop-up, prompting me to either "Click OK to exit, or click cancel to stay." I really don't know what else I can do. Can someone please help. Here are the logs.

 

 

IObit Security 360 log:

No Log, nothing was found.

 

DSS log:

DDS (Ver_10-12-12.02) - NTFSx86

Run by Owner at 11:18:00.14 on Thu 01/13/2011

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.346 [GMT -6:00]

 

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

 

============== Running Processes ===============

 

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

C:\WINDOWS\system32\svchost -k rpcss

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

svchost.exe 4

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe

C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe

C:\WINDOWS\system32\Rundll32.exe

svchost.exe 4

C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\IObit\IObit Security 360\IS360tray.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe

C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\IObit\IObit Security 360\IS360srv.exe

C:\WINDOWS\system32\libusbd-nt.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\ehome\mcrdsvc.exe

C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\IObit\IObit Security 360\is360.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\WINDOWS\system32\SearchFilterHost.exe

C:\Documents and Settings\Owner\My Documents\Downloads\dds.scr

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

============== Pseudo HJT Report ===============

 

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll

mURLSearchHooks: H - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll

BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll

BHO: {dbc80044-a445-435b-bc74-9c25c1c588a9} - Java Plug-In 2 SSV Helper

TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup

mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"

mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui

mRun: [Linksys Wireless Manager] "c:\program files\linksys\linksys wireless manager\LinksysWirelessManager.exe" /cm /min /lcid 1033

mRun: [P17Helper] Rundll32 P17.dll,P17Helper

mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [iObit Security 360] "c:\program files\iobit\iobit security 360\IS360tray.exe" /autostart

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [DivX Download Manager] "c:\program files\divx\divx plus web player\DDmService.exe" start

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1266970769421

DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab

DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15111/CTPID.cab

Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

Hosts: 127.0.0.1 http://www.spywareinfo.com

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\yb3twxpr.default\

FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\yb3twxpr.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll

FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web player\firefox\html5video

FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\divx\divx plus web player\firefox\wpa

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

 

============= SERVICES / DRIVERS ===============

 

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-2-23 293968]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-2-23 17744]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-23 40384]

R2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2011-1-7 312152]

R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2010-5-4 33792]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-10 14336]

S3 WUSB54GCv3;Compact Wireless-G USB Network Adapter;c:\windows\system32\drivers\WUSB54GCv3.sys [2010-2-26 627072]

 

=============== Created Last 30 ================

 

2011-01-11 01:59:57 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll

2011-01-11 01:59:56 453456 ----a-w- c:\windows\system32\d3dx10_42.dll

2011-01-11 01:59:56 235344 ----a-w- c:\windows\system32\d3dx11_42.dll

2011-01-11 01:59:55 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll

2011-01-11 01:57:47 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\PCSX2

2011-01-10 19:58:45 -------- d-----w- c:\program files\CCleaner

2011-01-10 04:08:35 -------- d-----w- c:\docume~1\owner\applic~1\Local

2011-01-10 04:07:50 126448 ------w- c:\windows\system32\pxinsi64.exe

2011-01-10 04:07:50 123888 ------w- c:\windows\system32\pxcpyi64.exe

2011-01-10 04:07:11 -------- d-----w- c:\program files\common files\DivX Shared

2011-01-10 04:05:38 -------- d-----w- c:\program files\DivX

2011-01-10 04:04:49 -------- d-----w- c:\docume~1\alluse~1\applic~1\DivX

2011-01-10 04:01:13 819200 ----a-w- c:\windows\system32\xvidcore.dll

2011-01-10 04:01:13 77824 ----a-w- c:\windows\system32\xvid.ax

2011-01-10 04:01:13 180224 ----a-w- c:\windows\system32\xvidvfw.dll

2011-01-10 04:01:13 -------- d-----w- c:\program files\Xvid

2011-01-10 03:10:55 19456 ----a-w- c:\windows\system32\libusbd-9x.exe

2011-01-10 03:10:54 18944 ----a-w- c:\windows\system32\libusbd-nt.exe

2011-01-10 03:10:54 -------- d-----w- c:\program files\LibUSB-Win32-0.1.10.1

2011-01-10 03:06:41 -------- d-----w- c:\docume~1\owner\applic~1\Windows Search

2011-01-09 02:55:06 -------- d-----w- c:\windows\system32\winrm

2011-01-09 02:55:01 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$

2011-01-08 17:28:51 -------- d-----w- c:\windows\system32\appmgmt

2011-01-08 17:26:31 -------- d-----w- c:\docume~1\owner\applic~1\Simple Adblock

2011-01-08 16:46:27 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Identities

2011-01-08 04:50:31 -------- d-----w- c:\docume~1\alluse~1\applic~1\IObit

2011-01-08 04:47:40 -------- d-----w- c:\program files\IObit

2011-01-08 04:47:40 -------- d-----w- c:\docume~1\owner\applic~1\IObit

2011-01-07 19:29:48 -------- d-----w- c:\program files\iPod

2011-01-07 19:29:35 -------- d-----w- c:\program files\iTunes

2011-01-07 19:29:35 -------- d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2011-01-07 19:23:09 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2011-01-07 19:23:09 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll

2011-01-07 19:22:44 -------- d-----w- c:\program files\Bonjour

2011-01-07 19:19:30 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Apple Computer

2011-01-07 05:56:58 -------- d-----w- c:\docume~1\alluse~1\applic~1\McAfee Security Scan

2011-01-07 05:56:53 -------- d-----w- c:\program files\McAfee Security Scan

2011-01-07 04:59:00 -------- d-----w- c:\program files\PakkISO

2011-01-07 01:52:25 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Conduit

2011-01-07 01:52:23 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\uTorrentBar

2011-01-07 01:52:13 -------- d-----w- c:\program files\uTorrentBar

2011-01-07 01:52:13 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Temp

2011-01-07 01:50:26 -------- d-----w- c:\docume~1\owner\applic~1\uTorrent

2011-01-06 22:19:58 38848 ----a-w- c:\windows\avastSS.scr

2011-01-06 22:17:29 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy

2011-01-06 22:13:06 -------- d-----w- c:\docume~1\owner\applic~1\Malwarebytes

2011-01-06 22:13:06 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2011-01-06 07:05:51 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Mozilla

2011-01-06 07:03:17 -------- d-----w- c:\docume~1\alluse~1\applic~1\DAEMON Tools Pro

2011-01-06 03:32:19 1414440 ----a-w- c:\windows\system32\ShellManager310E2D762.dll

2011-01-06 03:30:58 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\ApplicationHistory

2011-01-06 03:12:39 -------- d-----w- c:\docume~1\owner\applic~1\BitZipper

2011-01-06 03:11:12 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Apple

2011-01-06 03:08:29 -------- d-----w- c:\windows\SxsCaPendDel

2011-01-06 03:06:16 -------- d-sh--w- c:\documents and settings\owner\PrivacIE

2011-01-06 03:05:13 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Adobe

2011-01-06 03:02:55 -------- d-sh--w- c:\documents and settings\owner\IETldCache

2011-01-06 03:01:57 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Microsoft

2011-01-06 00:53:47 -------- d-----w- c:\program files\WhiteCanyon

2011-01-06 00:53:39 -------- d-----w- c:\program files\common files\Detto Technologies, Inc

2010-12-14 19:16:49 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys

2010-12-14 19:16:19 45568 -c----w- c:\windows\system32\dllcache\wab.exe

 

==================== Find3M ====================

 

2010-11-29 23:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-11-29 23:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts

2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll

2010-11-12 00:44:54 94208 ----a-w- c:\windows\system32\dpl100.dll

2010-11-09 14:52:35 249856 ----a-w- c:\windows\system32\odbc32.dll

2010-11-08 22:57:04 353592 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl

2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll

2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl

2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec

2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys

 

=================== ROOTKIT ====================

 

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600

 

CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.

device: opened successfully

user: error reading MBR

 

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys spal.sys hal.dll pciide.sys

spal.sys

1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8712BAB8]

3 CLASSPNP[0xF7652FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Ide\IdeDeviceP1T0L0-e[0x87146D98]

kernel: MBR read successfully

_asm { XOR AX, AX; MOV DS, AX; MOV ES, AX; MOV SS, AX; MOV SP, 0x7c00; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x80; CLD ; REP MOVSD ; NOP ; JMP FAR 0x0:0x61e; }

user != kernel MBR !!!

 

============= FINISH: 11:19:38.20 ===============

 

DDS (Ver_10-12-12.02)

 

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 2/23/2010 3:44:49 PM

System Uptime: 1/13/2011 11:13:19 AM (0 hours ago)

 

Motherboard: Dell Inc. | | 0RD203

Processor: Intel® Pentium® 4 CPU 3.00GHz | Microprocessor | 2992/800mhz

 

==== Disk Partitions =========================

 

C: is FIXED (NTFS) - 149 GiB total, 111.71 GiB free.

D: is CDROM (CDFS)

E: is Removable

F: is Removable

G: is Removable

H: is Removable

I: is CDROM ()

J: is CDROM ()

 

==== Disabled Device Manager Items =============

 

Class GUID: TI Technologies Inc.

Description: RADEON X300 SE 128MB HyperMemory Secondary

Device ID: PCI\VEN_1002&DEV_5B70&SUBSYS_06031002&REV_00\4&1603E009&0&0108

Manufacturer: ATI Technologies Inc.

Name: RADEON X300 SE 128MB HyperMemory Secondary

PNP Device ID: PCI\VEN_1002&DEV_5B70&SUBSYS_06031002&REV_00\4&1603E009&0&0108

Service: ati2mtag

 

==== System Restore Points ===================

 

No restore point in system.

 

==== Installed Programs ======================

 

µTorrent

7-Zip 9.20

Adobe AIR

Adobe Flash Player 10 Plugin

Adobe Reader X

Advanced SystemCare 3

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ATI - Software Uninstall Utility

ATI Control Panel

ATI Display Driver

avast! Free Antivirus

AVS Update Manager 1.0

AVS Video Converter 6

AVS4YOU Software Navigator 1.3

Bonjour

CCleaner

Creative EAX Settings

Creative Speaker Settings

Device Control

DivX Setup

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB954550-v5)

Intel® 537EP V9x DF PCI Modem

Intel® PRO Network Connections Drivers

IObit Security 360

iTunes

LibUSB-Win32-0.1.10.1

Linksys Wireless Manager

Logitech Gaming Software

Malwarebytes' Anti-Malware

McAfee Security Scan Plus

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2416447)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Base Smart Card Cryptographic Service Provider Package

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Mozilla Firefox (3.6.13)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

neroxml

PakkISO 0.4

Project64 1.6

Pure Networks Platform

QuickTime

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB923789)

SigmaTel Audio

Smart Defrag

Spybot - Search & Destroy

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB2447568)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB978506)

Update for Windows Internet Explorer 8 (KB980182)

uTorrentBar Toolbar

VC80CRTRedist - 8.0.50727.4053

VCRedistSetup

WebFldrs XP

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 8

Windows Management Framework Core

Windows Media Format Runtime

Windows Search 4.0

Windows XP Service Pack 3

WipeDrive SystemSaver

Xvid 1.2.2 final uninstall

 

==== Event Viewer Messages From Past Week ========

 

1/9/2011 9:11:03 PM, error: Srv [2000] - The server's call to a system service failed unexpectedly.

1/9/2011 11:09:01 PM, error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{4A50B0F7-8274-4008-9200-FB2F8E57920D} because another computer on the network has the same name. The server could not start.

1/8/2011 8:41:42 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

1/8/2011 7:59:32 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswRdr aswSP aswTdi Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss sptd Tcpip

1/8/2011 7:59:32 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.

1/8/2011 7:59:32 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.

1/8/2011 7:59:32 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

1/8/2011 7:59:32 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.

1/8/2011 7:59:32 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

1/8/2011 7:59:32 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

1/8/2011 7:59:09 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

1/8/2011 7:58:58 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

1/8/2011 7:58:33 PM, error: sptd [4] - Driver detected an internal error in its data structures for .

1/6/2011 10:52:16 AM, error: Dhcp [1002] - The IP address lease 64.188.16.74 for the Network Card with network address 0023696FD2E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

1/6/2011 10:50:42 AM, error: Dhcp [1002] - The IP address lease 192.168.1.4 for the Network Card with network address 0023696FD2E7 has been denied by the DHCP server 204.15.108.27 (The DHCP Server sent a DHCPNACK message).

1/6/2011 1:20:05 AM, error: Dhcp [1002] - The IP address lease 192.168.1.4 for the Network Card with network address 0023696FD2E7 has been denied by the DHCP server 216.10.92.197 (The DHCP Server sent a DHCPNACK message).

1/6/2011 1:04:41 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the libusbd service.

1/6/2011 1:04:41 AM, error: LDMS [3023] - The Logical Disk Manager Service failed while registering for device handle notifications on device \\?\STORAGE#RemovableMedia#7&8197b0b&0&RM#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}. Win32 Error: 2.

1/13/2011 11:06:47 AM, error: Service Control Manager [7034] - The Pure Networks Platform Service service terminated unexpectedly. It has done this 1 time(s).

1/13/2011 11:06:47 AM, error: Service Control Manager [7034] - The PnkBstrB service terminated unexpectedly. It has done this 1 time(s).

1/13/2011 11:06:47 AM, error: Service Control Manager [7034] - The PnkBstrA service terminated unexpectedly. It has done this 1 time(s).

1/13/2011 11:06:47 AM, error: Service Control Manager [7034] - The LibUsb-Win32 - Daemon, Version 0.1.10.1 service terminated unexpectedly. It has done this 1 time(s).

1/13/2011 11:06:47 AM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).

1/13/2011 11:06:46 AM, error: Service Control Manager [7034] - The IS360service service terminated unexpectedly. It has done this 1 time(s).

1/13/2011 11:06:46 AM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).

1/13/2011 11:06:46 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

1/13/2011 11:06:45 AM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).

1/13/2011 11:06:45 AM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

1/11/2011 11:26:03 AM, error: Dhcp [1002] - The IP address lease 64.188.17.13 for the Network Card with network address 0023696FD2E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

1/10/2011 3:27:32 PM, error: LDMS [3023] - The Logical Disk Manager Service failed while registering for device handle notifications on device \\?\STORAGE#RemovableMedia#7&2359894f&0&RM#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}. Win32 Error: 2.

1/10/2011 10:07:57 AM, error: Dhcp [1002] - The IP address lease 64.188.17.90 for the Network Card with network address 0023696FD2E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

 

==== End Of File ===========================

Link to comment
Share on other sites

Hello and welcome to IOBit Forums. My name is Dave. I will be helping you out with your particular problem on your computer.

 

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.

2. The fixes are specific to your problem and should only be used for this issue on this machine.

3. If you don't know or understand something, please don't hesitate to ask.

4. Please DO NOT run any other tools or scans while I am helping you.

5. It is important that you reply to this thread. Do not start a new topic.

6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

7. Absence of symptoms does not mean that everything is clear.

 

P2P - I see you have P2P software installed on your machine (µTorrent). We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

 

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

 

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

************************************************

SUPERAntiSpyware

 

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

 

Download SuperAntispyware Free Edition (SAS)

* Double-click the icon on your desktop to run the installer.

* When asked to Update the program definitions, click Yes

* If you encounter any problems while downloading the updates, manually download and unzip them from here

* Next click the Preferences button.

 

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts

* Click the Scanning Control tab.

* Under Scanner Options make sure only the following are checked:

 

•Close browsers before scanning

•Scan for tracking cookies

•Terminate memory threats before quarantining

Please leave the others unchecked

 

•Click the Close button to leave the control center screen.

 

* On the main screen click Scan your computer

* On the left check the box for the drive you are scanning.

* On the right choose Perform Complete Scan

* Click Next to start the scan. Please be patient while it scans your computer.

* After the scan is complete a summary box will appear. Click OK

* Make sure everything in the white box has a check next to it, then click Next

* It will quarantine what it found and if it asks if you want to reboot, click Yes

 

•To retrieve the removal information please do the following:

•After reboot, double-click the SUPERAntiSpyware icon on your desktop.

•Click Preferences. Click the Statistics/Logs tab.

 

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

 

•It will open in your default text editor (preferably Notepad).

•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

 

* Save the log somewhere you can easily find it. (normally the desktop)

* Click close and close again to exit the program.

*Copy and Paste the log in your post.

***********************************************

Download Security Check by screen317 from one of the following links and save it to your desktop.

 

Link 1

Link 2

 

* Unzip SecurityCheck.zip and a folder named Security Check should appear.

* Open the Security Check folder and double-click Security Check.bat

* Follow the on-screen instructions inside of the black box.

* A Notepad document should open automatically called checkup.txt

* Post the contents of that document in your next reply.

 

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

**************************************************

Please download ComboFix http://img7.imageshack.us/img7/4930/combofix.gif from BleepingComputer.com

 

Alternate link: GeeksToGo.com

and save it to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here

Double click ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

http://img.photobucket.com/albums/v666/sUBs/Query_RC.gif

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

 

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v666/sUBs/RC_successful.gif

 

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

 

If you have problems with ComboFix usage, see How to use ComboFix

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...