« previous next »
Pages: 1 [2]

Author Topic: Computer randomly shutsdown  (Read 1227 times)

Offline beck.thomson

  • Newbie
  • *
  • Posts: 13
  • Karma: +0/-0
    • View Profile
Computer randomly shutsdown
« Reply #20 on: April 10, 2007, 08:59:50 AM »
hope you're having a good vacation... I could go for one myself--it's way too cold where I live right now.

Here're the logs, and thanks again.

"Deborah" - 07-04-10  9:44:52    Service Pack 2
ComboFix 07-03-23 - Running from: "C:\Documents and Settings\Deborah\Desktop\Computer resources"

((((((((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))


~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~    Purity    ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\Program Files\SSTEM3~1
C:\qoobox\purity\Program Files\Common Files\CROSOF~1
C:\qoobox\purity\Program Files\SSTEM3~1\SSTEM3~1


(((((((((((((((((((((((((((((((   Files Created from 2007-03-10 to 2007-04-10  ))))))))))))))))))))))))))))))))))


2007-04-10 01:01   <DIR>   d--------   C:\DOCUME~1\Deborah\APPLIC~1\DivX
2007-04-10 00:53   2,560   ---------   C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-04-10 00:53   2,432   ---------   C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-04-10 00:53   129,784   ---------   C:\WINDOWS\system32\pxafs.dll
2007-04-04 09:27   <DIR>   d--------   C:\Program Files\iPod
2007-04-04 09:23   <DIR>   d--------   C:\Program Files\Apple Software Update
2007-04-03 15:31   2,488   --a------   C:\WINDOWS\system32\tmp.reg
2007-03-29 17:11   3,968   --a------   C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-03-29 17:10   <DIR>   d--------   C:\avenger
2007-03-29 16:56   6   --a------   C:\WINDOWS\system32\29-03-16.dat
2007-03-28 08:40   6   --a------   C:\WINDOWS\system32\28-03-08.dat
2007-03-27 03:55   524,288   --a------   C:\WINDOWS\system32\DivXsm.exe
2007-03-27 03:55   3,596,288   --a------   C:\WINDOWS\system32\qt-dx331.dll
2007-03-27 03:55   200,704   --a------   C:\WINDOWS\system32\ssldivx.dll
2007-03-27 03:55   1,044,480   --a------   C:\WINDOWS\system32\libdivx.dll
2007-03-27 03:49   73,728   --a------   C:\WINDOWS\system32\dpl100.dll
2007-03-27 03:49   593,920   --a------   C:\WINDOWS\system32\dpuGUI11.dll
2007-03-27 03:49   57,344   --a------   C:\WINDOWS\system32\dpv11.dll
2007-03-27 03:49   53,248   --a------   C:\WINDOWS\system32\dpuGUI10.dll
2007-03-27 03:49   344,064   --a------   C:\WINDOWS\system32\dpus11.dll
2007-03-27 03:49   294,912   --a------   C:\WINDOWS\system32\dpu11.dll
2007-03-27 03:49   294,912   --a------   C:\WINDOWS\system32\dpu10.dll
2007-03-27 03:49   196,608   --a------   C:\WINDOWS\system32\dtu100.dll
2007-03-27 03:48   823,296   --a------   C:\WINDOWS\system32\divx_xx0c.dll
2007-03-27 03:48   823,296   --a------   C:\WINDOWS\system32\divx_xx07.dll
2007-03-27 03:48   802,816   --a------   C:\WINDOWS\system32\divx_xx11.dll
2007-03-27 03:48   639,066   --a------   C:\WINDOWS\system32\DivX.dll
2007-03-23 10:08   6   --a------   C:\WINDOWS\system32\23-03-10.dat
2007-03-23 09:03   6   --a------   C:\WINDOWS\system32\23-03-09.dat
2007-03-23 08:59   6   --a------   C:\WINDOWS\system32\23-03-08.dat
2007-03-22 20:20   6   --a------   C:\WINDOWS\system32\22-03-20.dat
2007-03-22 15:00   6   --a------   C:\WINDOWS\system32\22-03-15.dat
2007-03-22 14:39   6   --a------   C:\WINDOWS\system32\22-03-14.dat
2007-03-22 14:28   <DIR>   d--------   C:\WINDOWS\pss
2007-03-22 12:46   6   --a------   C:\WINDOWS\system32\22-03-12.dat
2007-03-22 11:57   786,432   --ah-----   C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-03-22 11:57   <DIR>   d--------   C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec
2007-03-22 11:57   <DIR>   d--------   C:\DOCUME~1\ADMINI~1\APPLIC~1\Apple Computer
2007-03-22 08:34   6   --a------   C:\WINDOWS\system32\22-03-08.dat
2007-03-21 10:07   6   --a------   C:\WINDOWS\system32\21-03-10.dat
2007-03-21 01:43   6   --a------   C:\WINDOWS\system32\21-03-01.dat
2007-03-20 22:27   6   --a------   C:\WINDOWS\system32\20-03-22.dat
2007-03-20 16:15   6   --a------   C:\WINDOWS\system32\20-03-16.dat
2007-03-20 14:37   6   --a------   C:\WINDOWS\system32\20-03-14.dat
2007-03-20 12:03   94,424   --a------   C:\WINDOWS\system32\drivers\aswmon2.sys
2007-03-20 12:03   90,112   --a------   C:\WINDOWS\system32\AVASTSS.scr
2007-03-20 12:03   85,952   --a------   C:\WINDOWS\system32\drivers\aswmon.sys
2007-03-20 12:03   689,280   --a------   C:\WINDOWS\system32\aswBoot.exe
2007-03-20 12:03   43,176   --a------   C:\WINDOWS\system32\drivers\aswTdi.sys
2007-03-20 12:03   31,560   --a------   C:\WINDOWS\system32\drivers\aavmker4.sys
2007-03-20 12:03   23,352   --a------   C:\WINDOWS\system32\drivers\aswRdr.sys
2007-03-20 12:03   <DIR>   d--------   C:\Program Files\Alwil Software
2007-03-20 12:01   6   --a------   C:\WINDOWS\system32\20-03-12.dat
2007-03-20 11:55   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-03-20 11:00   6   --a------   C:\WINDOWS\system32\20-03-11.dat
2007-03-20 10:00   6   --a------   C:\WINDOWS\system32\20-03-10.dat
2007-03-20 09:44   6   --a------   C:\WINDOWS\system32\20-03-09.dat
2007-03-20 03:35   6   --a------   C:\WINDOWS\system32\20-03-03.dat
2007-03-19 20:27   6   --a------   C:\WINDOWS\system32\19-03-20.dat
2007-03-19 13:12   6   --a------   C:\WINDOWS\system32\19-03-13.dat
2007-03-18 12:40   6   --a------   C:\WINDOWS\system32\18-03-12.dat
2007-03-17 11:12   6   --a------   C:\WINDOWS\system32\17-03-11.dat
2007-03-16 14:18   6   --a------   C:\WINDOWS\system32\16-03-14.dat
2007-03-16 12:12   6   --a------   C:\WINDOWS\system32\16-03-12.dat
2007-03-14 14:49   6   --a------   C:\WINDOWS\system32\14-03-14.dat
2007-03-14 12:08   6   --a------   C:\WINDOWS\system32\14-03-12.dat
2007-03-14 11:03   6   --a------   C:\WINDOWS\system32\14-03-11.dat
2007-03-14 10:54   6   --a------   C:\WINDOWS\system32\14-03-10.dat
2007-03-14 09:26   6   --a------   C:\WINDOWS\system32\14-03-09.dat
2007-03-14 08:14   6   --a------   C:\WINDOWS\system32\14-03-08.dat
 
 
((((((((((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-04-10 00:54   --------   d--------   C:\Program Files\google
2007-04-10 00:53   --------   d--------   C:\Program Files\divx
2007-04-09 20:57   --------   d--------   C:\Program Files\plaxo
2007-04-04 09:27   --------   d--------   C:\Program Files\itunes
2007-04-04 09:25   --------   d--------   C:\Program Files\quicktime
2007-04-03 15:09   --------   d--------   C:\Program Files\symantec
2007-03-29 17:01   --------   d--------   C:\Program Files\pedevice
2007-03-29 13:52   --------   d--------   C:\Program Files\microsoft money 2005
2007-03-27 03:55   36624   ---------   C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-03-27 03:55   118520   ---------   C:\WINDOWS\system32\pxinsi64.exe
2007-03-27 03:55   116472   ---------   C:\WINDOWS\system32\pxcpyi64.exe
2007-03-19 14:51   3764   --a------   C:\WINDOWS\mozver.dat
2007-03-19 14:51   --------   d--------   C:\Program Files\java
2007-03-08 11:36   577536   --a------   C:\WINDOWS\system32\user32.dll
2007-03-08 11:36   40960   --a------   C:\WINDOWS\system32\mf3216.dll
2007-03-08 11:36   281600   --a------   C:\WINDOWS\system32\gdi32.dll
2007-03-08 09:47   1843584   --a------   C:\WINDOWS\system32\win32k.sys
2007-03-04 19:33   6   --a------   C:\WINDOWS\system324-03-18.dat
2007-03-04 13:55   6   --a------   C:\WINDOWS\system324-03-12.dat
2007-03-04 04:11   6   --a------   C:\WINDOWS\system324-03-03.dat
2007-03-04 03:15   6   --a------   C:\WINDOWS\system324-03-02.dat
2007-03-04 03:08   664   --a------   C:\WINDOWS\system32\d3d9caps.dat
2007-03-02 18:11   6   --a------   C:\WINDOWS\system322-03-17.dat
2007-02-26 13:47   6   --a------   C:\WINDOWS\system32\26-02-12.dat
2007-02-24 13:08   6   --a------   C:\WINDOWS\system32\24-02-12.dat
2007-02-22 00:21   --------   d--------   C:\DOCUME~1\Deborah\APPLIC~1\viewpoint
2007-02-16 21:09   6   --a------   C:\WINDOWS\system32\16-02-20.dat
2007-02-15 21:40   124472   --a------   C:\WINDOWS\system32\divxcodecupdatechecker.exe
2007-02-12 19:30   6   --a------   C:\WINDOWS\system32\12-02-18.dat
2007-02-06 14:17   6   --a------   C:\WINDOWS\system326-02-13.dat
2007-02-05 20:52   0   --a------   C:\ywcbxykm.exe
2007-02-05 20:51   6   --a------   C:\WINDOWS\system325-02-19.dat
2007-02-04 19:52   6   --a------   C:\WINDOWS\system324-02-18.dat
2007-02-04 14:31   6   --a------   C:\WINDOWS\system324-02-13.dat
2007-02-03 18:44   6   --a------   C:\WINDOWS\system323-02-17.dat
2007-02-01 13:24   0   --a------   C:\wdigv.exe
2007-02-01 13:24   0   --a------   C:\tqex.exe
2007-02-01 13:24   0   --a------   C:\rjayw.exe
2007-02-01 13:22   6   --a------   C:\WINDOWS\system321-02-12.dat
2007-02-01 12:13   6   --a------   C:\WINDOWS\system321-02-11.dat
2007-02-01 01:10   0   --a------   C:\qaliew.exe
2007-02-01 01:10   0   --a------   C:\avhbtqbc.exe
2007-02-01 01:09   6   --a------   C:\WINDOWS\system321-02-00.dat
2007-01-31 20:20   6   --a------   C:\WINDOWS\system32\31-01-19.dat
2007-01-31 13:20   6   --a------   C:\WINDOWS\system32\31-01-12.dat
2007-01-30 20:12   6   --a------   C:\WINDOWS\system32\30-01-19.dat
2007-01-21 14:03   6   --a------   C:\WINDOWS\system32\21-01-13.dat
2007-01-20 22:18   6   --a------   C:\WINDOWS\system32\20-01-21.dat
2007-01-20 00:06   0   --a------   C:\xsxqdxkh.exe
2007-01-20 00:06   0   --a------   C:\laqquruw.exe
2007-01-20 00:06   0   --a------   C:\igcqdm.exe
2007-01-20 00:06   0   --a------   C:\caign.exe
2007-01-20 00:05   6   --a------   C:\WINDOWS\system32\19-01-23.dat
2007-01-19 22:19   6   --a------   C:\WINDOWS\system32\19-01-21.dat
2007-01-18 18:49   6   --a------   C:\WINDOWS\system32\18-01-17.dat
2007-01-18 14:18   6   --a------   C:\WINDOWS\system32\18-01-13.dat
2007-01-17 21:23   6   --a------   C:\WINDOWS\system32\17-01-20.dat
2007-01-17 19:23   6   --a------   C:\WINDOWS\system32\17-01-18.dat
2007-01-16 02:00   6   --a------   C:\WINDOWS\system32\16-01-01.dat
2007-01-15 21:48   6   --a------   C:\WINDOWS\system32\15-01-20.dat
2007-01-15 15:52   6   --a------   C:\WINDOWS\system32\15-01-14.dat
2007-01-14 20:33   6   --a------   C:\WINDOWS\system32\14-01-19.dat
2007-01-14 02:02   6   --a------   C:\WINDOWS\system32\14-01-01.dat
2007-01-14 01:53   6   --a------   C:\WINDOWS\system32\14-01-00.dat
2007-01-14 00:16   6   --a------   C:\WINDOWS\system32\13-01-23.dat
2007-01-13 13:26   6   --a------   C:\WINDOWS\system32\13-01-12.dat
2007-01-12 11:39   6   --a------   C:\WINDOWS\system32\12-01-10.dat
2007-01-11 13:47   6   --a------   C:\WINDOWS\system32\11-01-12.dat
2007-01-10 10:17   6   --a------   C:\WINDOWS\system32\10-01-09.dat
 
 
((((((((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"PlaxoUpdate"="C:\\Program Files\\Plaxo\\2.12.1.1\\PlaxoHelper.exe -a"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"LSBWatcher"="c:\\hp\\drivers\\hplsbwatcher\\lsburnwatcher.exe"
"Logitech Utility"="Logi_MwX.Exe"
"IPHSend"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"hpWirelessAssistant"="C:\\Program Files\\hpq\\HP Wireless Assistant\\HP Wireless Assistant.exe"
"HP Software Update"="C:\\Program Files\\Hp\\HP Software Update\\HPWuSchd2.exe"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1135747143\\ee\\AOLSoftware.exe"
"eabconfg.cpl"="C:\\Program Files\\HPQ\\Quick Launch Buttons\\EabServr.exe /Start"
"Cpqset"="C:\\Program Files\\HPQ\\Default Settings\\cpqset.exe"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter   REG_MULTI_SZ      HTTPFilter
LocalService   REG_MULTI_SZ      AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV
NetworkService   REG_MULTI_SZ      DnsCache
DcomLaunch   REG_MULTI_SZ      DcomLaunchTermService
rpcss   REG_MULTI_SZ      RpcSs
imgsvc   REG_MULTI_SZ      StiSvc
termsvcs   REG_MULTI_SZ      TermService



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job


********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????0?1?3?8??p???? ???B?????????????hLC? ??????

scanning hidden files ...

C:\SYSTEM.SAV\info.bom 16384 bytes
C:\SYSTEM.SAV\INFO.US 4096 bytes
C:\SYSTEM.SAV\Logs
C:\SYSTEM.SAV\Logs\Cia.ini 155648 bytes
C:\SYSTEM.SAV\Logs\Info.bom 16384 bytes
C:\SYSTEM.SAV\Logs\Install.log 368640 bytes
C:\SYSTEM.SAV\Logs\Preinchk.log 4096 bytes
C:\SYSTEM.SAV\Logs\Sysinfo.log 294912 bytes
C:\SYSTEM.SAV\Logs\UIADUMP.EUE 4096 bytes
C:\SYSTEM.SAV\Logs\UIADUMP.FPP 4096 bytes
C:\SYSTEM.SAV\mszone.log 16384 bytes
C:\SYSTEM.SAV\PREINCHK.log 4096 bytes
C:\SYSTEM.SAV\REBOOT.ME 48 bytes
C:\SYSTEM.SAV\REGFLUSH.LOG 4096 bytes
C:\SYSTEM.SAV\RmDev.log 20480 bytes
C:\SYSTEM.SAV\SYSINFO.LOG 294912 bytes
C:\SYSTEM.SAV\SysInfo.US 294912 bytes
C:\SYSTEM.SAV\UTIL
C:\SYSTEM.SAV\UTIL\BOOTSEC.NT4 512 bytes
C:\SYSTEM.SAV\UTIL\BrandIt.Log 20480 bytes
C:\SYSTEM.SAV\UTIL\CHKIMAGE.exe 126976 bytes
C:\SYSTEM.SAV\UTIL\CIA.CDC 69632 bytes
C:\SYSTEM.SAV\UTIL\CIA.INI 81920 bytes
C:\SYSTEM.SAV\UTIL\cpqci.dll 122880 bytes
C:\SYSTEM.SAV\UTIL\cvacompg.exe 118784 bytes
C:\SYSTEM.SAV\UTIL\cvacompg.tmp 168 bytes
C:\SYSTEM.SAV\UTIL\DelDir.exe 36864 bytes
C:\SYSTEM.SAV\UTIL\delmodem.ini 184 bytes
C:\SYSTEM.SAV\UTIL\DELMPLNK.bat 88 bytes
C:\SYSTEM.SAV\UTIL\DELMPLNK.js 480 bytes
C:\SYSTEM.SAV\UTIL\DETECTOS.INI 408 bytes
C:\SYSTEM.SAV\UTIL\DNSP1.LOG 16384 bytes
C:\SYSTEM.SAV\UTIL\EISDTICON.log 32 bytes
C:\SYSTEM.SAV\UTIL\EVENTDEL.VBS 208 bytes
C:\SYSTEM.SAV\UTIL\FB_EIS.log 32 bytes
C:\SYSTEM.SAV\UTIL\hpqnt.dll 77824 bytes
C:\SYSTEM.SAV\UTIL\INSTALL.LOG 368640 bytes
C:\SYSTEM.SAV\UTIL\ISLOGCHK.EXE 110592 bytes
C:\SYSTEM.SAV\UTIL\ISLOGCHK.INI 4096 bytes
C:\SYSTEM.SAV\UTIL\mscu.log 168 bytes
C:\SYSTEM.SAV\UTIL\PININST.EXE 110592 bytes
C:\SYSTEM.SAV\UTIL\PININST.INI 4096 bytes
C:\SYSTEM.SAV\UTIL\PININST.LOG 4096 bytes
C:\SYSTEM.SAV\UTIL\POSTOOBE.LOG 24 bytes
C:\SYSTEM.SAV\UTIL\postproc.ini 536 bytes
C:\SYSTEM.SAV\UTIL\powerset.log 88 bytes
C:\SYSTEM.SAV\UTIL\PREINCHK.BAT 216 bytes
C:\SYSTEM.SAV\UTIL\PREINFO.INI 200 bytes
C:\SYSTEM.SAV\UTIL\PREINFO2.EXE 86016 bytes
C:\SYSTEM.SAV\UTIL\qlb.log 176 bytes
C:\SYSTEM.SAV\UTIL\random.ini 40 bytes
C:\SYSTEM.SAV\UTIL\REGDEV.EXE 106496 bytes
C:\SYSTEM.SAV\UTIL\REGDEV.INI 560 bytes
C:\SYSTEM.SAV\UTIL\sedinst.log 168 bytes
C:\SYSTEM.SAV\UTIL\STRTMENU.EXE 24576 bytes
C:\SYSTEM.SAV\UTIL\SWSET_B.INI 4096 bytes
C:\SYSTEM.SAV\UTIL\ticrdbus.log 32 bytes
C:\SYSTEM.SAV\UTIL\touchpad.log 192 bytes
C:\SYSTEM.SAV\UTIL\WINdvd.log 168 bytes
C:\SYSTEM.SAV\UTIL\wlassistant.log 176 bytes

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 60

********************************************************************

Completion time: 07-04-10  9:50:44
C:\ComboFix2.txt ... 07-03-26 12:01

________________________________________________

Logfile of HijackThis v1.99.1
Scan saved at 9:52:32 AM, on 4/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\AOL\1135747143\ee\AOLSoftware.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Documents and Settings\Deborah\Desktop\Computer resources\HijackThis.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1135747143\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper.exe -a
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Computer randomly shutsdown
« Reply #21 on: April 19, 2007, 10:39:33 AM »
Hi again Beck, I just seen you online and realized I forgot all about your log
I'm still trying to catch up on logs since my vacation

Can I have you do the following please
Navigate to this folder, C:\Avenger
Delete that folder please

Let's remove some more files with avenger, I just want to make sure we have backups of only them
LOG off any other users on the computer except for yourself

Copy ALL the text contained in [color=\"#0000FF\"]blue[/color] below to your Clipboard by highlighting it and pressing the (Ctrl+C) on your keyboard,
Make sure you include "Folders to delete:"
=============================================================
[color=\"#0000FF\"]
Folders to delete:
C:\Program Files\pedevice

files to delete:
C:\xsxqdxkh.exe
C:\laqquruw.exe
C:\igcqdm.exe
C:\caign.exe
C:\qaliew.exe
C:\avhbtqbc.exe
C:\wdigv.exe
C:\tqex.exe
C:\rjayw.exe
C:\ywcbxykm.exe
C:\WINDOWS\system32\29-03-16.dat
C:\WINDOWS\system32\28-03-08.dat
C:\WINDOWS\system32\23-03-10.dat
C:\WINDOWS\system32\23-03-09.dat
C:\WINDOWS\system32\23-03-08.dat
C:\WINDOWS\system32\22-03-20.dat
C:\WINDOWS\system32\22-03-15.dat
C:\WINDOWS\system32\22-03-14.dat
C:\WINDOWS\system32\22-03-12.dat
C:\WINDOWS\system32\22-03-08.dat
C:\WINDOWS\system32\21-03-10.dat
C:\WINDOWS\system32\21-03-01.dat
C:\WINDOWS\system32\20-03-22.dat
C:\WINDOWS\system32\20-03-16.dat
C:\WINDOWS\system32\20-03-14.dat
C:\WINDOWS\system32\20-03-12.dat
C:\WINDOWS\system32\20-03-11.dat
C:\WINDOWS\system32\20-03-10.dat
C:\WINDOWS\system32\20-03-09.dat
C:\WINDOWS\system32\20-03-03.dat
C:\WINDOWS\system32\19-03-20.dat
C:\WINDOWS\system32\19-03-13.dat
C:\WINDOWS\system32\18-03-12.dat
C:\WINDOWS\system32\17-03-11.dat
C:\WINDOWS\system32\16-03-14.dat
C:\WINDOWS\system32\16-03-12.dat
C:\WINDOWS\system32\14-03-14.dat
C:\WINDOWS\system32\14-03-12.dat
C:\WINDOWS\system32\14-03-11.dat
C:\WINDOWS\system32\14-03-10.dat
C:\WINDOWS\system32\14-03-09.dat
C:\WINDOWS\system32\14-03-08.dat
C:\WINDOWS\system324-03-18.dat
C:\WINDOWS\system324-03-12.dat
C:\WINDOWS\system324-03-03.dat
C:\WINDOWS\system324-03-02.dat
C:\WINDOWS\system322-03-17.dat
C:\WINDOWS\system32\26-02-12.dat
C:\WINDOWS\system32\24-02-12.dat
C:\WINDOWS\system32\16-02-20.dat
C:\WINDOWS\system32\12-02-18.dat
C:\WINDOWS\system326-02-13.dat
C:\WINDOWS\system325-02-19.dat
C:\WINDOWS\system324-02-18.dat
C:\WINDOWS\system324-02-13.dat
C:\WINDOWS\system323-02-17.dat
C:\WINDOWS\system321-02-12.dat
C:\WINDOWS\system321-02-11.dat
C:\WINDOWS\system321-02-00.dat
C:\WINDOWS\system32\31-01-19.dat
C:\WINDOWS\system32\31-01-12.dat
C:\WINDOWS\system32\30-01-19.dat
C:\WINDOWS\system32\21-01-13.dat
C:\WINDOWS\system32\20-01-21.dat
C:\WINDOWS\system32\19-01-23.dat
C:\WINDOWS\system32\19-01-21.dat
C:\WINDOWS\system32\18-01-17.dat
C:\WINDOWS\system32\18-01-13.dat
C:\WINDOWS\system32\17-01-20.dat
C:\WINDOWS\system32\17-01-18.dat
C:\WINDOWS\system32\16-01-01.dat
C:\WINDOWS\system32\15-01-20.dat
C:\WINDOWS\system32\15-01-14.dat
C:\WINDOWS\system32\14-01-19.dat
C:\WINDOWS\system32\14-01-01.dat
C:\WINDOWS\system32\14-01-00.dat
C:\WINDOWS\system32\13-01-23.dat
C:\WINDOWS\system32\13-01-12.dat
C:\WINDOWS\system32\12-01-10.dat
C:\WINDOWS\system32\11-01-12.dat
C:\WINDOWS\system32\10-01-09.dat

[/color]

==========================================================================
Now, start The Avenger program by clicking on its icon on your desktop
OK the prompt

    * Under "Script file to execute" choose"Input Script Manually".
    * Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
    * Paste the text copied to clipboard into this window by pressing (Ctrl+V).
    * Click Done
    * Now click on the [color=\"#00FF00\"]Green Light[/color] to begin execution of the script
    * Answer "Yes" twice when prompted.

Avenger should now Reboot your computer

Back in Windows, can you post the new log from Avenger
C:\Avenger.txt and also a fresh hijackthis log

Could you also run combofix one last time and post it's fresh log

NOTE: leave the new Avenger folder be for now, it contains are backups of what we just removed
Let me know of any problems, if any
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Computer randomly shutsdown
« Reply #22 on: June 09, 2007, 04:36:28 PM »
Problems appear resolved, I'll lock this topic
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Pages: 1 [2]
« previous next »