Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93081 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Closed] need help (previous problem)


  • This topic is locked This topic is locked
6 replies to this topic

#1 mommajayne

mommajayne

    Authentic Member

  • Authentic Member
  • PipPip
  • 43 posts

Posted 27 October 2009 - 10:22 AM

Here is the link to my previous thread.

http://forums.whatth...p;hl=mommajayne

whenever I connect to the internet, the computer shuts down. It is fine as long as not online.

I got a flashdrive and tried to perform the actions requested. Rootrepeal would not work.


DDS (Ver_09-10-26.01) - NTFSx86
Run by stearns at 10:42:37.52 on Tue 10/27/2009
Internet Explorer: 8.0.6001.18828
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2813.1627 [GMT -5:00]

SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
c:\program files\aim toolbar\aimtbServer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Windows\Explorer.exe
C:\Windows\Explorer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\notepad.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\notepad.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
J:\dds (1).pif
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe

============== Pseudo HJT Report ===============

uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.7.2.11\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.7.2.11\IPSBHO.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.7.2.11\coIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [Google Update] "c:\users\stearns\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [toolbar_eula_launcher] c:\program files\googleeula\EULALauncher.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &AIM Toolbar Search - c:\programdata\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\stearns\appdata\roaming\microsoft\windows\start menu\programs\imvu\Run IMVU.lnk
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
LSP: c:\windows\system32\wpclsp.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} - hxxp://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab
DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} - hxxp://www.worldwinner.com/games/v57/wof/wof.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.7.2.11\CoIEPlg.dll
AppInit_DLLs: c:\progra~1\google\google~1\GoogleDesktopNetwork3.dll
SSODL: SvcLauncher - {12F09837-A2D8-34AC-BB0F-3F9E522FE002} - c:\program files\webwatcherv5\Director.dll
STS: : {12f09837-a2d8-34ac-bb0f-3f9e522fe002} - c:\program files\webwatcherv5\Director.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\stearns\appdata\roaming\mozilla\firefox\profiles\l01obv7i.default\
FF - component: c:\program files\mozilla firefox\components\ffe.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\stearns\appdata\local\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-5-13 64160]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1007020.00b\SymEFA.sys [2009-9-8 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1007020.00b\BHDrvx86.sys [2009-9-8 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1007020.00b\cchpx86.sys [2009-9-8 482432]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20091021.001\IDSvix86.sys [2009-10-24 342576]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 1028432]
R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.7.2.11\ccSvcHst.exe [2009-9-8 117640]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-6-16 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-10-21 102448]
R3 NdisrdMP;NdisrdMP;c:\windows\system32\drivers\Ndisrd.sys [2009-7-9 22016]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\nis\1007020.00b\symndisv.sys [2009-9-8 48688]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2008-7-9 22072]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-10-15 133104]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-4-14 55280]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 Ndisrd;WinpkFilter Service;c:\windows\system32\drivers\Ndisrd.sys [2009-7-9 22016]

=============== Created Last 30 ================

2009-10-21 16:27:46 0 d-----w- c:\program files\NewTech Infosystems
2009-10-21 15:14:03 803 ----a-w- c:\users\stearns\Shadow.xml
2009-10-21 15:11:08 0 d-----w- c:\users\stearns\New Folder
2009-10-21 15:10:33 36 --sha-r- C:\.uid_xxx
2009-10-17 03:51:39 0 d-s---w- C:\ComboFix
2009-10-17 03:51:38 318976 ----a-w- c:\windows\system32\CF103.exe
2009-10-17 03:51:00 318976 ----a-w- c:\windows\system32\CF4536.exe
2009-10-14 21:11:11 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-14 21:11:07 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-14 21:11:04 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-14 21:10:56 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-14 21:10:56 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-14 21:08:11 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-10-03 06:46:38 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-03 03:18:43 56 ---ha-w- c:\programdata\ezsidmv.dat
2009-10-03 03:14:12 0 d-----r- c:\program files\Skype
2009-10-03 03:14:06 0 d-----w- c:\programdata\Skype
2009-09-28 17:48:33 0 d-----w- C:\$RECYCLE(0).BIN

==================== Find3M ====================

2009-10-11 13:10:09 236544 ----a-w- c:\windows\PEV.exe
2009-09-10 19:54:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 19:53:50 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-10 12:48:28 86016 ----a-w- c:\windows\inf\infstor.dat
2009-09-10 12:48:28 51200 ----a-w- c:\windows\inf\infpub.dat
2009-09-10 12:48:27 86016 ----a-w- c:\windows\inf\infstrng.dat
2009-09-10 12:40:57 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-09-10 12:30:03 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2009-08-29 00:27:49 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-27 05:22:28 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17:43 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17:43 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42:29 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-18 04:33:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-14 15:53:34 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49:20 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49:18 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49:18 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49:15 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49:14 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49:14 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49:13 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48:02 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-03 20:07:42 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 20:07:42 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 20:07:42 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
2009-07-11 19:38:10 3062 ----a-w- c:\program files\heexn.txt
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 10:42:54.60 ===============

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/27 11:06
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP2
==================================================

SSDT
-------------------
SYSENTER/INT2E Hooked [0x82a53b50]!

==EOF==


this is the log

11:06:56: DeviceIoControl Error! Error Code = 0x0
11:06:56: DeviceIoControl Error! Error Code = 0x0
11:06:56: DeviceIoControl Error! Error Code = 0x0
11:06:56: DeviceIoControl Error! Error Code = 0x0
11:06:56: DeviceIoControl Error! Error Code = 0x0
11:06:56: DeviceIoControl Error! Error Code = 0x0
11:06:56: Could not get the name for PID 4.
11:06:56: Could not get the name for PID 452.
11:06:56: Could not get the name for PID 548.
11:06:56: Could not get the name for PID 620.
11:06:56: Could not get the name for PID 628.
11:06:56: Could not get the name for PID 664.
11:06:56: Could not get the name for PID 696.
11:06:56: Could not get the name for PID 704.
11:06:56: Could not get the name for PID 844.
11:06:56: Could not get the name for PID 880.
11:06:56: Could not get the name for PID 936.
11:06:56: Could not get the name for PID 1064.
11:06:56: Could not get the name for PID 1096.
11:06:56: Could not get the name for PID 1136.
11:06:56: Could not get the name for PID 1156.
11:06:56: Could not get the name for PID 1256.
11:06:56: Could not get the name for PID 1284.
11:06:56: Could not get the name for PID 1300.
11:06:56: Could not get the name for PID 1336.
11:06:56: Could not get the name for PID 1484.
11:06:56: Could not get the name for PID 1524.
11:06:56: Could not get the name for PID 1696.
11:06:56: Could not get the name for PID 1844.
11:06:56: Could not get the name for PID 1868.
11:06:56: Could not get the name for PID 700.
11:06:56: Could not get the name for PID 1344.
11:06:56: Could not get the name for PID 128.
11:06:56: Could not get the name for PID 776.
11:06:56: Could not get the name for PID 744.
11:06:56: Could not get the name for PID 2080.
11:06:56: Could not get the name for PID 2096.
11:06:56: Could not get the name for PID 2136.
11:06:56: Could not get the name for PID 2404.
11:06:56: Could not get the name for PID 2568.
11:06:56: Could not get the name for PID 2664.
11:06:56: Could not get the name for PID 2988.
11:06:56: Could not get the name for PID 3052.
11:06:56: Could not get the name for PID 3088.
11:06:56: Could not get the name for PID 3196.
11:06:56: Could not get the name for PID 3524.
11:06:56: Could not get the name for PID 3544.
11:06:56: Could not get the name for PID 3560.
11:06:56: Could not get the name for PID 3568.
11:06:56: Could not get the name for PID 3576.
11:06:56: Could not get the name for PID 3608.
11:06:56: Could not get the name for PID 3624.
11:06:56: Could not get the name for PID 3632.
11:06:56: Could not get the name for PID 3640.
11:06:56: Could not get the name for PID 3652.
11:06:56: Could not get the name for PID 3676.
11:06:56: Could not get the name for PID 3704.
11:06:56: Could not get the name for PID 2512.
11:06:56: Could not get the name for PID 2608.
11:06:56: Could not get the name for PID 2496.
11:06:56: Could not get the name for PID 3316.
11:06:56: Could not get the name for PID 4052.
11:06:56: Could not get the name for PID 4016.
11:06:56: Could not get the name for PID 2916.
11:06:56: Could not get the name for PID 5000.
11:06:56: Could not get the name for PID 5212.
11:06:56: Could not get the name for PID 5620.
11:06:56: Could not get the name for PID 4896.
11:06:56: Could not get the name for PID 5020.
11:06:56: DeviceIoControl Error! Error Code = 0xc0000001
11:06:56: DeviceIoControl Error! Error Code = 0xc0000001
11:06:59: Warning - the number of SSDT entries from the kernel and the number on-disk are different (0 and 391).
11:06:59: DeviceIoControl Error! Error Code = 0x0
11:06:59: WARNING: The SSDT in our driver has been faked (0x00000250)!
11:06:59: FOPS - DeviceIoControl Error! Error Code = 0xc0000001 Extended Info (0x000000d8)
11:06:59: Could not read system registry! Please contact the author!

Attached Files


    Advertisements

Register to Remove


#2 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 30 October 2009 - 07:48 PM

Lets see if we can get the PC back on the internet. This file will fit on a floppy or thumb drive.

Get a copy of winsockxpfix.exe and copy it to the infected computer.
You just run it and things should work OK after it reboots your system.

http://www.snapfiles...nsockxpfix.html

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#3 mommajayne

mommajayne

    Authentic Member

  • Authentic Member
  • PipPip
  • 43 posts

Posted 02 November 2009 - 07:38 AM

this computer is running Vista, is this for vista or xp or it doesn't matter?

#4 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 02 November 2009 - 07:30 PM

this computer is running Vista, is this for vista or xp or it doesn't matter?

I think it works on Vista as well.

1. These tools MUST be run from the executable. (.exe)
2. With Admin Rights (Right click, choose "Run as Administrator") every time you run them

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#5 mommajayne

mommajayne

    Authentic Member

  • Authentic Member
  • PipPip
  • 43 posts

Posted 03 November 2009 - 01:37 PM

wje i put the drive in, access this file, it tells me it is not compatible

#6 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 04 November 2009 - 06:54 PM

To repair and reset the Windows Vista

1.Click on Start button.
2.Type Cmd in the Start Search text box.
3.Press Ctrl-Shift-Enter keyboard shortcut to run Command Prompt as Administrator. Allow elevation request.
4.Type netsh winsock reset in the Command Prompt shell, and then press the Enter key.
5.Restart the computer

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#7 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 11 November 2009 - 04:52 PM

Due to inactivity this topic will be closed. If you need help please start a new thread.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users