Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Have been getting tons of pops ups and desktop somtimes wont show


  • This topic is locked This topic is locked
6 replies to this topic

#1 ljsmith82

ljsmith82

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:11:50 AM

Posted 28 April 2009 - 12:49 PM

DDS (Ver_09-03-16.01) - NTFSx86
Run by Roberto at 13:45:21.57 on Tue 04/28/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.895.321 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\RelevantKnowledge\rlvknlg.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\hasplms.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\sopidkc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
svchost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\reader_s.exe
C:\windows\ld08.exe
C:\windows\pp06.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Curse\CurseClient.exe
C:\Documents and Settings\Roberto\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\Documents and Settings\Roberto\reader_s.exe
C:\DOCUME~1\Roberto\LOCALS~1\Temp\nu22cjk.exe
C:\DOCUME~1\Roberto\LOCALS~1\Temp\nu22cjk.exe
C:\DOCUME~1\Roberto\LOCALS~1\Temp\2075465676.exe
C:\WINDOWS\system32\dll32.exe
C:\DOCUME~1\Roberto\LOCALS~1\Temp\nu22cjk.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\DOCUME~1\Roberto\LOCALS~1\Temp\nu22cjk.exe
C:\DOCUME~1\Roberto\LOCALS~1\Temp\nu22cjk.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Roberto\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = http=localhost:7171
BHO: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\qoMcdCVp.dll
BHO: c:\windows\system32\sjg9s8guigjs.dll: {b2ba40a2-74f0-42bd-f434-12345a2c8953} - c:\windows\system32\sjg9s8guigjs.dll
BHO: {bfdefbef-d92b-4cf5-ab95-36ad8e6ddc37} - c:\windows\system32\xxyvsPgg.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
uRun: [AIM] c:\program files\aim\aim.exe -cnetwait.odl
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [CurseClient] c:\program files\curse\CurseClient.exe -silent
uRun: [Octoshape Streaming Services] "c:\documents and settings\roberto\application data\octoshape\octoshape streaming services\OctoshapeClient.exe" -inv:bootrun
uRun: [DriverUpdaterPro] c:\program files\xpc tools\driver updater pro\DriverUpdaterPro.exe -t
uRun: [reader_s] c:\documents and settings\roberto\reader_s.exe
uRun: [<NO NAME>] c:\docume~1\roberto\locals~1\temp\nu22cjk.exe
uRun: [Windows Resurections] c:\docume~1\roberto\locals~1\temp\nu22cjk.exe
uRun: [12ZFG94-F641-2SF-K31P-5N1ER6H6L2] c:\recycler\s-1-5-21-4807429214-8831109346-546169609-0053\service.exe
uRun: [Diagnostic Manager] c:\docume~1\roberto\locals~1\temp\2075465676.exe
uRun: [12CFG515-K641-55SF-N66P] c:\recycler\s-1-5-21-0243636035-3055115376-381863306-1556\pqlmq.exe
uRun: [dll32] dll32
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [USB2Check] RUNDLL32.EXE "c:\windows\system32\PCLECoInst.dll",CheckUSBController
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [reader_s] c:\windows\system32\reader_s.exe
mRun: [sysldtray] c:\windows\ld08.exe
mRun: [pp] c:\windows\pp06.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [d6837d0f] rundll32.exe "c:\windows\system32\uymcwtbq.dll",b
dRun: [svc] c:\program files\thunmail\testabd.exe
dRun: [Diagnostic Manager] c:\windows\temp\656977352.exe
uPolicies-explorer: NoFolderOptions = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
dPolicies-explorer: NoFolderOptions = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: Add to AMV Converter... - c:\program files\mp3 player utilities 4.16\amvconverter\grab.html
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Notify: qoMcdCVp - qoMcdCVp.dll
Notify: RelevantKnowledge - c:\program files\relevantknowledge\rlls.dll
AppInit_DLLs: c:\progra~1\thunmail\testabd.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: c:\windows\system32\sjg9s8guigjs.dll: {b2ba40a2-74f0-42bd-f434-12345a2c8953} - c:\windows\system32\sjg9s8guigjs.dll
SEH: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\qoMcdCVp.dll
SEH: {c7bce323-2072-ed7a-45d4-b33d5f4558a2}: {2a8554f5-d33b-4d54-a7de-2702323ecb7c} - c:\windows\system32\wonufj.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\xxyvsPgg

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\roberto\applic~1\mozilla\firefox\profiles\o4m9mg8o.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 7171
FF - prefs.js: network.proxy.type - 1
FF - component: c:\program files\daemon tools toolbar\firefoxdtt\components\DTToolbarFF.dll
FF - component: c:\program files\relevantknowledge\components\rlxg.dll
FF - plugin: c:\documents and settings\roberto\application data\mozilla\plugins\npoctoshape.dll
FF - HiddenExtension: *xg.dll: {6E19037A-12E3-4295-8915-ED48BC341614} - c:\program files\RelevantKnowledge

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 protect;protect;c:\windows\system32\drivers\protect.sys [2009-4-28 18944]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 msncache;msncache;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
R2 sopidkc;sopidkc Service;c:\windows\system32\sopidkc.exe [2004-8-4 194048]
S1 ethdbsil;ethdbsil;c:\windows\system32\drivers\ethdbsil.sys [2009-4-28 136192]
S2 FCI;FCI;c:\windows\system32\svchost.exe:ext.exe []

=============== Created Last 30 ================

2009-04-28 12:59 39,424 a------- c:\windows\st_1240959064.exe
2009-04-28 12:59 99,328 a------- c:\windows\system32\wonufj.dll
2009-04-28 12:58 99,328 a------- c:\windows\system32\vsxaogkr.dll
2009-04-28 02:10 1,406,743 ---sh--- c:\windows\system32\qbtwcmyu.ini
2009-04-28 02:09 75,264 a------- c:\windows\system32\uymcwtbq.dll
2009-04-28 02:09 39,424 a------- c:\windows\st_1240926076.exe
2009-04-28 02:06 39,424 a------- c:\windows\st_1240927311.exe
2009-04-28 02:02 9,242 a--sh--- c:\windows\system32\ggPsvyxx.ini
2009-04-28 02:02 8,254 a--sh--- c:\windows\system32\ggPsvyxx.ini2
2009-04-28 02:02 237,568 a------- c:\windows\system32\xxyvsPgg.dll
2009-04-28 02:00 136,192 a------- c:\windows\system32\drivers\ethdbsil.sys
2009-04-28 02:00 18,944 a---h--- c:\windows\system32\drivers\protect.sys
2009-04-28 02:00 36,864 a------- c:\windows\system32\dpcxool64.sys
2009-04-28 02:00 8 a------- c:\windows\system32\comsa32.sys
2009-04-28 02:00 0 a------- c:\windows\system32\C1.tmp
2009-04-28 01:59 <DIR> --dshr-- c:\program files\ThunMail
2009-04-28 01:58 28,672 a------- c:\windows\system32\inqby.sr
2009-04-28 01:58 55,296 a------- c:\documents and settings\roberto\reader_s.exe
2009-04-28 01:57 36,864 a------- c:\windows\system32\qoMcdCVp.dll
2009-04-28 01:55 <DIR> --d-h--- c:\docume~1\alluse~1\applic~1\~0
2009-04-28 01:55 <DIR> --d----- c:\program files\XPC Tools
2009-04-28 01:46 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Drivers HeadQuarters
2009-04-21 21:24 10,368 ac------ c:\windows\system32\dllcache\hidusb.sys
2009-04-21 21:24 10,368 a------- c:\windows\system32\drivers\hidusb.sys
2009-04-21 21:24 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_xusb21_01007.Wdf
2009-04-21 21:24 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-04-21 21:24 14,640 -------- c:\windows\system32\spmsgXP_2k3.dll
2009-04-21 21:19 586,240 a------- c:\windows\system32\drivers\hardlock.sys
2009-04-21 21:19 <DIR> --d----- c:\program files\common files\Aladdin Shared
2009-04-21 21:19 2,590,957 a------- c:\windows\system32\hasplms.exe
2009-04-21 21:19 2,549,248 a------- c:\windows\system32\aksllmtp.exe
2009-04-21 21:19 350,720 a------- c:\windows\system32\drivers\aksfridge.sys
2009-04-21 21:17 479,752 a------- c:\windows\system32\XAudio2_0.dll
2009-04-21 21:17 238,088 a------- c:\windows\system32\xactengine3_0.dll
2009-04-21 21:17 25,608 a------- c:\windows\system32\X3DAudio1_3.dll
2009-04-21 21:17 1,420,824 a------- c:\windows\system32\D3DCompiler_37.dll
2009-04-21 21:17 462,864 a------- c:\windows\system32\d3dx10_37.dll
2009-04-21 21:17 3,786,760 a------- c:\windows\system32\D3DX9_37.dll
2009-04-21 21:17 <DIR> --d----- c:\windows\Logs
2009-04-21 21:17 <DIR> --d-h--- c:\windows\msdownld.tmp
2009-04-21 21:16 <DIR> --d----- c:\program files\SwitchBlade
2009-04-21 21:16 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-04-15 18:32 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-08 14:29 56,448 a------- c:\windows\system32\drivers\xusb21.sys
2009-04-05 11:27 <DIR> --d----- c:\docume~1\roberto\applic~1\Octoshape
2009-04-02 15:25 <DIR> --d----- c:\program files\Curse
2009-03-31 20:45 <DIR> --d----- c:\docume~1\roberto\applic~1\TeamViewer
2009-03-31 20:45 <DIR> --d----- c:\program files\TeamViewer
2009-03-31 20:44 <DIR> --d----- c:\documents and settings\roberto\temp
2009-03-31 12:59 151 a------- c:\windows\PhotoSnapViewer.INI
2009-03-31 12:42 232 a------- c:\windows\system32\sys2.pkg
2009-03-31 12:42 <DIR> --d----- c:\program files\RelevantKnowledge
2009-03-31 12:42 <DIR> --d----- c:\program files\Falco Image Studio

==================== Find3M ====================

2009-04-28 02:10 182,656 a------- c:\windows\system32\drivers\ndis.sys
2009-04-28 02:09 39,424 a------- c:\windows\system32\dll32.exe
2009-04-28 02:00 61,440 a------- c:\windows\system32\C0.tmp
2009-04-28 01:59 152,064 a------- c:\windows\system32\BC.tmp
2009-04-28 01:59 34,304 ----h--- c:\windows\pp06.exe
2009-04-28 01:59 43,520 a------- C:\xmrgycj.exe
2009-04-28 01:59 31,232 a------- C:\okex.exe
2009-04-28 01:59 14,336 a------- c:\windows\system32\svchost.exe
2009-04-28 01:59 290,304 a------- C:\xipr.exe
2009-04-28 01:59 15,000 a------- c:\windows\system32\sjg9s8guigjs.dll
2009-04-28 01:59 60,928 a------- C:\cqoncgc.exe
2009-04-28 01:59 39,936 ----h--- c:\windows\ld08.exe
2009-04-28 01:58 122,368 a------- C:\ockbfb.exe
2009-04-28 01:58 43,520 a------- C:\konkjxi.exe
2009-04-28 01:58 578,560 a------- c:\windows\system32\user32.DLL
2009-04-28 01:58 30,720 a------- C:\tlsnvc.exe
2009-04-28 01:58 262,144 a------- c:\windows\system32\nvrsk.dll
2009-04-28 01:58 290,304 a------- C:\sollnjy.exe
2009-04-28 01:58 122,368 a------- C:\lauppeu.exe
2009-04-28 01:58 45,056 a------- c:\windows\system32\reader_s.exe
2009-03-20 19:36 77,687 a------- c:\windows\War3Unin.dat
2009-03-19 16:58 43,520 a------- c:\windows\system32\CmdLineExt03.dll
2009-03-16 14:18 517,448 a------- c:\windows\system32\XAudio2_4.dll
2009-03-16 14:18 235,352 a------- c:\windows\system32\xactengine3_4.dll
2009-03-16 14:18 69,448 a------- c:\windows\system32\XAPOFX1_3.dll
2009-03-16 14:18 22,360 a------- c:\windows\system32\X3DAudio1_6.dll
2009-03-09 15:27 4,178,264 a------- c:\windows\system32\D3DX9_41.dll
2009-03-09 15:27 1,846,632 a------- c:\windows\system32\D3DCompiler_41.dll
2009-03-09 15:27 453,456 a------- c:\windows\system32\d3dx10_41.dll
2009-03-06 10:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-02 20:08 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-02-20 04:10 666,112 a------- c:\windows\system32\wininet.dll
2009-02-20 04:10 81,920 a------- c:\windows\system32\ieencode.dll
2009-02-09 08:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 08:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 08:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 08:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-06 07:11 110,592 a------- c:\windows\system32\services.exe
2009-02-06 07:06 2,145,280 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 06:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-06 06:32 2,023,936 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-03 15:59 56,832 a------- c:\windows\system32\secur32.dll
2006-05-03 06:06 163,328 ---shr-- c:\windows\system32\flvDX.dll
2007-02-21 07:47 31,232 ---shr-- c:\windows\system32\msfDX.dll
2008-03-16 09:30 216,064 ---shr-- c:\windows\system32\nbDX.dll

============= FINISH: 13:48:00.89 ===============




UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/17/2008 3:48:01 AM
System Uptime: 4/28/2009 1:26:06 PM (0 hours ago)

Motherboard: C51PVGM-GB | | C51PVGM-GB
Processor: AMD Athlon™ 64 X2 Dual Core Processor 3800+ | Socket M2 | 2009/201mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 38 GiB total, 10.075 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is CDROM (CDFS)

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ACPI\AWY0001\2&DABA3FF&0
Manufacturer:
Name:
PNP Device ID: ACPI\AWY0001\2&DABA3FF&0
Service:

==== System Restore Points ===================

RP80: 4/28/2009 2:05:47 AM - System Checkpoint
RP81: 4/28/2009 2:05:48 AM - System Checkpoint
RP82: 4/28/2009 2:05:49 AM - System Checkpoint
RP83: 4/28/2009 2:05:50 AM - System Checkpoint
RP84: 4/28/2009 2:05:51 AM - System Checkpoint
RP85: 4/28/2009 2:05:51 AM - System Checkpoint
RP86: 4/28/2009 2:05:51 AM - System Checkpoint
RP87: 4/28/2009 2:05:52 AM - System Checkpoint
RP88: 4/28/2009 2:05:53 AM - System Checkpoint
RP89: 4/28/2009 2:05:54 AM - System Checkpoint
RP90: 4/28/2009 2:05:54 AM - System Checkpoint
RP91: 4/28/2009 2:05:55 AM - Software Distribution Service 3.0
RP92: 4/28/2009 2:05:55 AM - Installed Bonjour
RP93: 4/28/2009 2:05:56 AM - System Checkpoint
RP94: 4/28/2009 2:05:56 AM - System Checkpoint
RP95: 4/28/2009 2:05:56 AM - System Checkpoint
RP96: 4/28/2009 2:05:56 AM - System Checkpoint
RP97: 4/28/2009 2:05:57 AM - System Checkpoint
RP98: 4/28/2009 2:05:58 AM - System Checkpoint
RP99: 4/28/2009 2:05:58 AM - System Checkpoint
RP100: 4/28/2009 2:05:58 AM - System Checkpoint
RP101: 4/28/2009 2:05:59 AM - Software Distribution Service 3.0
RP102: 4/28/2009 2:05:59 AM - System Checkpoint
RP103: 4/28/2009 2:05:59 AM - System Checkpoint
RP104: 4/28/2009 2:06:00 AM - Installed DirectX
RP105: 4/28/2009 2:06:01 AM - System Checkpoint
RP106: 4/28/2009 2:06:01 AM - System Checkpoint
RP107: 4/28/2009 2:06:02 AM - System Checkpoint
RP108: 4/28/2009 2:06:02 AM - Software Distribution Service 3.0
RP109: 4/28/2009 2:06:03 AM - System Checkpoint
RP110: 4/28/2009 2:06:03 AM - Software Distribution Service 3.0
RP111: 4/28/2009 2:06:04 AM - System Checkpoint
RP112: 4/28/2009 2:06:05 AM - System Checkpoint
RP113: 4/28/2009 2:06:06 AM - System Checkpoint
RP114: 4/28/2009 2:06:07 AM - Installed RollerCoaster Tycoon 3 Platinum
RP115: 4/28/2009 2:06:07 AM - System Checkpoint
RP116: 4/28/2009 2:06:07 AM - System Checkpoint
RP117: 4/28/2009 2:06:08 AM - System Checkpoint
RP118: 4/28/2009 2:06:08 AM - Removed RollerCoaster Tycoon 3 Platinum
RP119: 4/28/2009 2:06:08 AM - Removed Microsoft Silverlight
RP120: 4/28/2009 2:06:09 AM - Removed ithemeit v1.2
RP121: 4/28/2009 2:06:09 AM - System Checkpoint
RP122: 4/28/2009 2:06:09 AM - System Checkpoint
RP123: 4/28/2009 2:06:10 AM - System Checkpoint
RP124: 4/28/2009 2:06:10 AM - System Checkpoint
RP125: 4/28/2009 2:06:10 AM - System Checkpoint
RP126: 4/28/2009 2:06:11 AM - System Checkpoint
RP127: 4/28/2009 2:06:11 AM - System Checkpoint
RP128: 4/28/2009 2:06:11 AM - System Checkpoint
RP129: 4/28/2009 2:06:12 AM - System Checkpoint
RP130: 4/28/2009 2:06:12 AM - System Checkpoint
RP131: 4/28/2009 2:06:13 AM - System Checkpoint
RP132: 4/28/2009 2:06:14 AM - Software Distribution Service 3.0
RP133: 4/28/2009 2:06:15 AM - System Checkpoint
RP134: 4/28/2009 2:06:16 AM - System Checkpoint
RP135: 4/28/2009 2:06:17 AM - Installed SwitchBlade PRO
RP136: 4/28/2009 2:06:18 AM - Installed DirectX
RP137: 4/28/2009 2:06:18 AM - Installed Windows XP Wdf01007.
RP138: 4/28/2009 2:06:19 AM - System Checkpoint
RP139: 4/28/2009 2:06:20 AM - System Checkpoint
RP140: 4/28/2009 2:06:20 AM - System Checkpoint
RP141: 4/28/2009 2:06:21 AM - Installed Driver Detective

==== Installed Programs ======================

µTorrent
Acrobat.com
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
Adobe Shockwave Player
AOL Instant Messenger
Apple Mobile Device Support
Apple Software Update
Bonjour
Critical Update for Windows Media Player 11 (KB959772)
Curse Client
DAEMON Tools Toolbar
DivX Web Player
Falco Image Studio 3.3
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
iTunes
Java™ 6 Update 11
LimeWire 4.18.8
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 Redistributable
Microsoft WinUsb 1.0
Mozilla Firefox (3.0.9)
MP3 Player Utilities 4.16
MSXML 4.0 SP2 (KB954430)
Nero 7 Ultra Edition
neroxml
NVIDIA Drivers
Octoshape Streaming Services
QuickTime
Realtek High Definition Audio Driver
RelevantKnowledge
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB963027)
Stanza
SUPER © Version 2009.bld.35 (Jan 5, 2009)
SwitchBlade PRO
TeamSpeak 2 RC2
TeamViewer 4
Update for Windows XP (KB898461)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Viewpoint Media Player
VLC media player 0.9.6
Warcraft III: All Products
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR archiver
WinSCP 4.1.7
World of Warcraft
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

4/28/2009 2:09:17 AM, error: Service Control Manager [7000] - The Automatic Updates service failed to start due to the following error: The system cannot find the file specified.
4/28/2009 1:58:43 AM, warning: Windows File Protection [64008] - The protected system file c:\windows\system32\svchost.exe could not be verified as valid because Windows File Protection is terminating. Use the SFC utility to verify the integrity of the file at a later time.
4/28/2009 1:47:05 AM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. .
4/28/2009 1:47:05 AM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.DirectX.dll. Reference error message: The operation completed successfully. .
4/28/2009 1:47:05 AM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
4/28/2009 1:33:12 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
4/28/2009 1:06:04 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the FCI service to connect.
4/28/2009 1:06:04 PM, error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: The system cannot find the file specified.
4/28/2009 1:04:30 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
4/28/2009 1:04:28 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/28/2009 1:03:48 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
4/28/2009 1:03:29 PM, error: Service Control Manager [7028] - The wuauserv Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.
4/28/2009 1:03:23 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips IPSec MRxSmb NetBIOS NetBT Processor RasAcd Rdbss Tcpip
4/28/2009 1:03:23 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
4/28/2009 1:03:23 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/28/2009 1:03:23 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/28/2009 1:03:23 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
4/28/2009 1:03:23 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/28/2009 1:03:23 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

==== End Of File ===========================

BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:11:50 PM

Posted 28 April 2009 - 12:59 PM

Ok.. Looking at log, I would advised you to start backup all of your valuable data/documents/pictures/movies/songs/etc.. Do NOT backup any applications/installer and Do NOT backup any .exe/.scr/.htm/.html/.xml/.zip/.rar/.pif/.asp/.php/.iso files... We are looking for possible Virut or Sality infection, and if it is.. Then you might have to wipe the machine clean..

Make sure you back-up everything ONLY via CD or DVD (non-rewritable).. If you need to backup into external hard drive or thumbdrive, make sure it is EMPTY.. Meaning NO FILE inside it.. Format the external drive first before attach it to the infected computer.. A single .exe file inside the external drive may infected other computers as well


Please download Dr.Web CureIt to the Desktop:
  • Double-click the launch.exe or cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, just let it cure whatever it finds...
    • Now, go to Settings >> Change Settings
    • Go to Actions tab >> under Objects section, change the settings to below
      • Infected objects - Cure
        Incurable objects - Report
        Suspicious objects - Report
    • Don't change any other settings
  • Start the scan again. This time, choose Complete Scan
  • Click the green arrow button at the right, and the scan will start.
  • After the scan finished, click Select all
  • Click on Cure and choose Report incurable (means take no actions.. Don't "move", or "rename" or "delete")
  • When the scan has finished, in the menu, click File and choose Save report list
  • Save the report to your Desktop. The report will be called DrWeb.csv
  • Post DrWeb.csv in your next reply (Open it as Notepad).. Do NOT reboot the computer yet..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 ljsmith82

ljsmith82
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:11:50 AM

Posted 28 April 2009 - 03:31 PM

i backed up my data i need...although when i try to run the cureit it gives me a error

#4 ljsmith82

ljsmith82
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:11:50 AM

Posted 28 April 2009 - 11:28 PM

For a update after restarting my computer several times i got the scan to work except it did the full first express can..then i followed steps listed above and about 75 percent into the scan the computer froze/ rebooted..and havent been able to get the scan to work since

#5 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:11:50 PM

Posted 29 April 2009 - 01:42 AM

For a update after restarting my computer several times i got the scan to work except it did the full first express can..then i followed steps listed above and about 75 percent into the scan the computer froze/ rebooted..and havent been able to get the scan to work since


Does Dr.Web detect any infections?.. Any Virut or Sality?

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#6 ljsmith82

ljsmith82
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:11:50 AM

Posted 30 April 2009 - 01:53 AM

my computer just did not work at all internet didnt work but still managed pop ups it kept rebooting so i just changed hard drives and a fresh windows xp but thank you for you time.

#7 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:11:50 PM

Posted 30 April 2009 - 05:39 AM

Thank you for notify us.. I will now close this topic.. Please pm any Moderator or HJT Team should you need to re-open this topic..


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users