Jump to content

Build Theme!
  • Infected?


Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92780 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


[Closed] Computer Shutting down

  • This topic is locked This topic is locked
5 replies to this topic

#1 meatwad5988


    New Member

  • New Member
  • Pip
  • 3 posts

Posted 07 November 2009 - 12:41 PM

Hi, my computer will randomly freeze and then go into power save mode, where i cannot get it out of it unless i restart my computer. It will do this randomly when i am trying to run a program or if im watching something on the internet. ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2009/11/07 13:38 Program Version: Version Windows Version: Windows XP SP3 ================================================== Drivers ------------------- Name: dump_atapi.sys Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xB5FA9000 Size: 98304 File Visible: No Signed: - Status: - Name: dump_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xBA650000 Size: 8192 File Visible: No Signed: - Status: - Name: PCI_PNP0100 Image Path: \Driver\PCI_PNP0100 Address: 0x00000000 Size: 0 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xB42CC000 Size: 49152 File Visible: No Signed: - Status: - Name: spml.sys Image Path: spml.sys Address: 0xB9EA6000 Size: 1052672 File Visible: No Signed: - Status: - Name: sptd Image Path: \Driver\sptd Address: 0x00000000 Size: 0 File Visible: No Signed: - Status: - SSDT ------------------- #: 025 Function Name: NtClose Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb60196b8 #: 041 Function Name: NtCreateKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb6019574 #: 065 Function Name: NtDeleteValueKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb6019a52 #: 068 Function Name: NtDuplicateObject Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb601914c #: 071 Function Name: NtEnumerateKey Status: Hooked by "spml.sys" at address 0xb9ec5ca4 #: 073 Function Name: NtEnumerateValueKey Status: Hooked by "spml.sys" at address 0xb9ec6032 #: 119 Function Name: NtOpenKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb601964e #: 122 Function Name: NtOpenProcess Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb601908c #: 128 Function Name: NtOpenThread Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb60190f0 #: 160 Function Name: NtQueryKey Status: Hooked by "spml.sys" at address 0xb9ec610a #: 177 Function Name: NtQueryValueKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb601976e #: 204 Function Name: NtRestoreKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb601972e #: 247 Function Name: NtSetValueKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb60198ae ==EOF== DDS (Ver_09-10-13.01) - NTFSx86 Run by Tyler at 17:59:47.43 on Thu 10/22/2009 Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_11 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2575 [GMT -4:00] AV: avast! antivirus 4.8.1335 [VPS 091022-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\SYSTEM32\acs.exe svchost.exe svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\AC Web Ultimate Repack\Server\mysql\bin\mysqld-nt.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\PROGRA~1\verizon\SMARTB~1\MotiveSB.exe C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe D:\DAEMON Tools Lite\daemon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Documents and Settings\Tyler\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Tyler\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Tyler\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Tyler\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Tyler\My Documents\Downloads\dds.pif ============== Pseudo HJT Report =============== uStart Page = hxxp://www.daemon-search.com/startpage uDefault_Page_URL = hxxp://www.google.com mDefault_Search_URL = hxxp://www.google.com/ie mSearch Bar = hxxp://bfc.myway.com/search/de_srchlft.html uInternet Connection Wizard,ShellNext = hxxp://www.google.com/toolbar/ie7/done.html uInternet Settings,ProxyOverride = *.local uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll uURLSearchHooks: H - No File uURLSearchHooks: FCToolbarURLSearchHook Class: {2f168849-1d7b-4e50-ad4a-94d5e1aeabc1} - c:\program files\facebook toolbar\Helper.dll uURLSearchHooks: H - No File mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - d:\bitcomet\tools\BitCometBHO_1.3.3.2.dll BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll BHO: Great Offers Displayer: {ce05b815-6f98-4add-aeb7-60bb2d4264f1} - c:\windows\bh.dll BHO: FCTB18011Pos Class: {dbbc88d9-20ae-48c8-bdb4-d0e679078597} - c:\program files\facebook toolbar\Toolbar.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Facebook Toolbar: {0a1150cb-7f20-41d1-bfc7-5faba04cffaa} - c:\program files\facebook toolbar\Toolbar.dll TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent uRun: [Google Update] "c:\documents and settings\tyler\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [DAEMON Tools Lite] "d:\daemon tools lite\daemon.exe" -autorun mRun: [MPFExe] c:\progra~1\mcafee.com\person~1\MpfTray.exe mRun: [Motive SmartBridge] c:\progra~1\verizon\smartb~1\MotiveSB.exe mRun: [CTSysVol] c:\program files\creative\sound blaster live! 24-bit\surround mixer\CTSysVol.exe /r mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe" mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" StartupFolder: c:\documents and settings\tyler\start menu\programs\startup\PowerReg Scheduler.exe StartupFolder: c:\docume~1\tyler\startm~1\programs\startup\winmys~1.lnk - c:\ac web ultimate repack\server\mysql\bin\winmysqladmin.exe IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html IE: &D&ownload &with BitComet - d:\bitcomet\BitComet.exe/AddLink.htm IE: &D&ownload all video with BitComet - d:\bitcomet\BitComet.exe/AddVideo.htm IE: &D&ownload all with BitComet - d:\bitcomet\BitComet.exe/AddAllLink.htm IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000 IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim95\aim.exe IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://d:\bitcomet\tools\BitCometBHO_1.3.3.2.dll/206 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll Trusted Zone: adgate.info Trusted Zone: dollarrevenue.com Trusted Zone: elitemediagroup.net Trusted Zone: errorsafe.com Trusted Zone: imagesrvr.com Trusted Zone: matcash.com Trusted Zone: media-motor.com Trusted Zone: media-motor.net Trusted Zone: mediatickets.net Trusted Zone: mt-download.com Trusted Zone: snipernet.biz Trusted Zone: systemdoctor.com Trusted Zone: winantivirus.com Trusted Zone: winfixer.com DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab DPF: {1011E032-5CF3-4795-B751-3AA5E008CCA6} - hxxp://download.verizon.net/sfp/Cabs/max_update/VOLUpdate_1-0-0.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} - hxxp://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab DPF: {5721FA68-5ABD-40A8-81F1-4136691194BF} - hxxps://www.play.net/components/activex/AXSAL.ocx DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167500970015 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} - hxxp://www.instantaction.com/download/iaplayer.cab Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll Notify: awvvs - c:\windows\system32\awvvs.dll Notify: igfxcui - igfxdev.dll Notify: WRNotifier - WRLogonNTF.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\tyler\applic~1\mozilla\firefox\profiles\zlv9ivsf.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query= FF - prefs.js: browser.search.selectedEngine - AIM Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query= FF - component: c:\documents and settings\tyler\application data\mozilla\firefox\profiles\zlv9ivsf.default\extensions\{b042753d-f57e-4e8e-a01b-7379a6d4cefb}\components\IBitCometExtension.dll FF - plugin: c:\documents and settings\tyler\local settings\application data\google\update\\npGoogleOneClick8.dll FF - plugin: c:\program files\download manager\npfpdlm.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\veetle\player\npvlc.dll FF - plugin: c:\program files\veetle\plugins\npVeetle.dll FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} ============= SERVICES / DRIVERS =============== R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-10-19 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-10-19 20560] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-2-17 24652] R3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [2006-9-27 10664] R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2006-9-28 21920] S0 FGXSCSI;FGXSCSI;c:\windows\system32\drivers\fgxscsi.sys --> c:\windows\system32\drivers\fgxscsi.sys [?] S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2008-7-26 16512] S3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?] S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\tyler\locals~1\temp\shd295.tmp --> c:\docume~1\tyler\locals~1\temp\SHD295.tmp [?] S3 mdxgthkn;mdxgthkn;\??\c:\docume~1\travis\locals~1\temp\mdxgthkn.sys --> c:\docume~1\travis\locals~1\temp\mdxgthkn.sys [?] S3 RenameMe;RenameMe;c:\windows\system32\RenameMe.sys [2007-7-7 8320] =============== Created Last 30 ================ 2009-10-21 20:38 <DIR> --d----- c:\program files\Eusing Free Registry Cleaner 2009-10-18 21:54 20,480 a------- c:\windows\system32\H@tKeysH@@k.DLL 2009-10-11 14:33 <DIR> --d----- c:\program files\Veetle 2009-09-23 17:20 <DIR> --d----- c:\program files\iTunes 2009-09-23 17:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD} ==================== Find3M ==================== 2009-09-27 19:48 98,304 ac------ c:\windows\system32\CmdLineExt.dll 2009-09-25 01:37 667,136 a------- c:\windows\system32\wininet.dll 2009-09-25 01:37 81,920 a------- c:\windows\system32\ieencode.dll 2009-09-11 10:18 136,192 a------- c:\windows\system32\msv1_0.dll 2009-09-04 17:03 58,880 a------- c:\windows\system32\msasn1.dll 2009-08-26 04:00 247,326 a------- c:\windows\system32\strmdll.dll 2009-08-13 10:31 65,536 a------- c:\windows\system32\GDPersns.dat 2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll 2009-08-04 11:13 2,145,280 a------- c:\windows\system32\ntoskrnl.exe 2009-08-04 10:20 2,023,936 a------- c:\windows\system32\ntkrnlpa.exe 2009-05-13 23:32 43,848 ac------ c:\docume~1\tyler\applic~1\GDIPFONTCACHEV1.DAT 2008-12-26 18:47 22,328 ac------ c:\docume~1\tyler\applic~1\PnkBstrK.sys 2008-03-09 08:25 236 ac--h--- c:\program files\common files\dx.reg 2004-12-14 17:47 400,096 ac------ c:\windows\inf\wg311t\WG311T13.sys 2004-10-19 19:58 35,232 ac------ c:\windows\inf\wg311t\ME_INST.EXE 2004-10-19 19:58 26,112 ac------ c:\windows\inf\wg311t\install.exe 2006-09-23 21:23 2 -c-sh--- c:\windows\system32\cmd.com 2006-09-23 21:23 2 -c-sh--- c:\windows\system32\ping.com 2005-10-28 15:42 162,263 ac-sh--- c:\windows\system32\svvwa.bak1 2005-11-14 06:37 352,952 ac-sh--- c:\windows\system32\svvwa.bak2 2005-11-17 06:38 173,935 ac-sh--- c:\windows\system32\svvwa.ini2 2006-09-23 21:23 2 -c-sh--- c:\windows\system32\tasklist.com 2006-09-23 21:23 2 -c-sh--- c:\windows\system32\tracert.com 2007-06-07 06:02 32,768 ac-sh--- c:\windows\temp\cookies\index.dat 2007-06-07 06:02 32,768 ac-sh--- c:\windows\temp\history\history.ie5\index.dat 2007-06-07 06:02 65,536 ac-sh--- c:\windows\temp\temporary internet files\content.ie5\index.dat ============= FINISH: 18:00:31.06 ===============

Attached Files


Register to Remove

#2 SweetTech


    MalwareTeam Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,368 posts

Posted 07 November 2009 - 01:05 PM

My name is SweetTech. I would be glad to take a look at your log and help you with solving any malware problems. The logs from our tools can take a while to research, so please be patient and I'd be grateful if you would note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
Please do not delete anything unless instructed to.

Please be advised, as I am still in training, all my replies to you will be checked for accuracy by one of our experts to ensure that I am giving you the best possible advise.
This may cause a delay, but I will do my best to keep it as short as possible.

I am checking over your log, I will post back shortly with instructions.

Posted Image

Proud Graduate of the WTT Classroom
Posted Image

#3 meatwad5988


    New Member

  • New Member
  • Pip
  • 3 posts

Posted 07 November 2009 - 02:03 PM

thank you very much

#4 SweetTech


    MalwareTeam Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,368 posts

Posted 08 November 2009 - 12:56 PM

Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.

I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


Download: DelDomains and save it to the desktop.
  • Close all open windows and your browser
  • Right Click DelDomains.inf and select > Install
  • Reboot your computer
Internet Explorer is needed to run this program properly.


Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Please make sure you include the following items in your next post:
1. The log that was produced after running ComboFix.
2. An update on how your computer is currently running?

Posted Image

Proud Graduate of the WTT Classroom
Posted Image

#5 SweetTech


    MalwareTeam Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,368 posts

Posted 11 November 2009 - 03:02 PM

Hello meatwad5988!

It's been several days since I last posted instructions for you to complete. Do you still require assistance in getting your computer cleaned up?



Posted Image

Proud Graduate of the WTT Classroom
Posted Image

#6 ken545


    Forum God

  • Retired Classroom Teacher
  • 23,219 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 14 November 2009 - 04:58 PM

Due to inactivity this topic will be closed. If you need help please start a new thread.

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
Find us on Facebook
Please LIKE and SHARE
Just a reminder that threads will be closed if no reply in 3 days.

Related Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users