win32/pacex.gen

Hi

I need help. Don't know much about computers
My computer has been randomly turning itself off and I cannot turn it back on unless I wait a while and flick the power switch at the back.

A scan with NOD32 revealed that my computer is infested with win32/pacex.gen virus!!!

I think NOD32 had moved and deleted some of the infested files in c:/ which is affecting the system.

I don't know what to do. Can't even turn it on right now... (am using my laptop at the moment)


Please help. Thanks in advance.

Lorraine

 

Welcome to WindowsBBS Lorraine

It sounds as though besides being infected, your computer may be experiencing some overheating due to dust buildup. Can you open the side of the case and inspect the fan(s), air intake vents (front, back and sometimes side) and the processor's heatsink?

A few pictures of heatsinks in the following links.

http://www.google.com/search?hl=en&q=heatsink
http://en.wikipedia.org/wiki/Heat_sink

The heatsink fins will often become compacted with dust, and the fan blades will aquire buildup as well, all of which prevents good air flow and resulting cooling of the processor. The power supply (where the power cord plugs into the back of the computer) also has a fan and air flow vents, both of which can become clogged with dust. Overheating of either or both the power supply and processor can cause the computer to shutdown as you've described.

The best way to remove the dust buildup is with compressed air, which is available in cans from most any general merchandise store, office supply store and electronics store if you don't have access to an air compressor. When using compressed air to clean, don't allow the air flow to spin the fan blades. Hold the ones you can and use a toothpick or similar to hold the ones you can't get to, like the power supply fan.

Do NOT use a vacuum cleaner to remove dust. It can create static electricity which might arc to your computer's components thereby damaging it.

Once you've checked out the dust situation, let me know if the computer is stable enough to run some diagnostic scans and tools.

 

I have actually cleaned some of the dust off but obviously didnt do a very good job.

I know my brother has a compressor and I will try to borrow it.

Thanks, will get back to you when this is done. )

 

See you soon.

 

Yey!! I think the spontaneous shut-down problem is fixed for now (touch wood). It hasn't done it yet... its been about 30mins.

The system is running ok but I know it is infested with viruses!

 

That's great!

Please read through this topic, download and install HijackThis and do a scan, then save the log. Just close that log now as we won't need it.

Next download Deckard's System Scanner and run it, then post the main.txt log it creates.

All links and instructions are in the topic.

 

HERE IT IS!!! THANKS



Deckard's System Scanner v20071014.68
Run by Administrator on 2008-01-15 14:48:30
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------



Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 511 MiB (512 MiB recommended).
System Drive C: has 1.51 GiB (less than 15%) free.


-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:49:51 PM, on 15/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\Administrator\desktop\dss.exe
C:\WINDOWS\system32\conime.exe
C:\Documents and Settings\Administrator\desktop\ATF-Cleaner.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Administrator.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] ctfmon.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=tw.yahoo.com
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 5088 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 viamraid - c:\windows\system32\drivers\viamraid.sys <Not Verified; VIA Technologies inc,.ltd; VIA RAID driver>
R1 Tcpip (TCP/IP Protocol Driver) - c:\windows\system32\drivers\tcpip.sys <Not Verified; Microsoft Corporation; MicrosoftR WindowsR Operating System>
R3 ati2mtag - c:\windows\system32\drivers\ati2mtag.sys <Not Verified; ATI Technologies Inc.; ATI Radeon WindowsNT Miniport Driver>

S3 GMSIPCI - g:\install\gmsipci.sys (file missing)
S3 MSICPL - g:\install4\msicpl.sys (file missing)
S3 NTACCESS - g:\ntaccess.sys (file missing)
S3 SetupNTGLM7X - g:\ntglm7x.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Ati HotKey Poller - c:\windows\system32\ati2evxx.exe
R2 NOD32krn (NOD32 Kernel Service) - "c:\program files\eset\nod32krn.exe" <Not Verified; Eset; NOD32 Antivirus System>
R2 SoundMAX Agent Service (default) (SoundMAX Agent Service) - c:\program files\analog devices\soundmax\smagent.exe <Not Verified; Analog Devices, Inc.; SoundMAX service agent>

S2 ATI Smart - c:\windows\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
S3 aspnet_state (ASP.NET State Service) - c:\windows\microsoft.net\framework\v1.1.4322\aspnet_state.exe <Not Verified; Microsoft Corporation; Microsoft (R) .NET Framework>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-01-14 21:49:18 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-12-15 and 2008-01-15 -----------------------------

2008-01-15 14:48:34 0 d-------- C:\WINDOWS\ERDNT
2008-01-15 14:48:11 0 d-------- C:\Deckard
2008-01-15 14:46:56 0 d-------- C:\Program Files\Trend Micro
2008-01-14 21:51:12 0 d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-01-14 21:50:51 0 d-------- C:\Program Files\iPod
2008-01-14 21:50:40 0 d-------- C:\Program Files\iTunes
2008-01-14 21:49:46 0 d-------- C:\Program Files\QuickTime
2008-01-14 21:49:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-14 21:49:05 0 d-------- C:\Program Files\Apple Software Update
2008-01-14 21:46:08 0 d-------- C:\Program Files\Common Files\Apple
2008-01-14 21:46:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-01-14 17:32:17 0 d-------- C:\Program Files\EsetOnlineScanner
2008-01-14 10:20:28 0 d--hs---- C:\FOUND.000
2008-01-14 00:26:09 0 d-------- C:\Documents and Settings\Administrator\Application Data\skypePM
2008-01-14 00:24:36 0 d-------- C:\Documents and Settings\Administrator\Application Data\Skype
2008-01-14 00:24:20 0 d-------- C:\Program Files\Skype
2008-01-14 00:24:20 0 d-------- C:\Program Files\Common Files\Skype
2008-01-14 00:22:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-01-14 00:21:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-01-14 00:20:47 0 d-------- C:\Program Files\Common Files\Adobe
2008-01-14 00:19:38 0 d-------- C:\WINDOWS\system32\appmgmt
2008-01-14 00:12:39 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-01-14 00:08:38 0 d-------- C:\Program Files\Adobe
2008-01-13 23:49:03 0 d-------- C:\Program Files\Creative
2008-01-13 23:46:38 0 d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-01-13 23:46:05 0 d--h----- C:\WINDOWS\system32\CanonIJ Uninstaller Information
2008-01-13 23:45:47 0 d--h----- C:\Program Files\CanonBJ
2008-01-13 23:44:27 0 d-------- C:\Program Files\Canon
2008-01-13 23:05:00 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-01-13 23:03:20 0 d-------- C:\Documents and Settings\Administrator\Contacts
2008-01-13 23:00:59 0 d-------- C:\WINDOWS\system32\DRVSTORE
2008-01-13 22:53:37 0 d-------- C:\Documents and Settings\Administrator\Application Data\Real
2008-01-13 22:49:00 0 d-------- C:\WINDOWS\system32\LogFiles
2008-01-13 22:48:32 0 d-------- C:\WINDOWS\system32\drivers\umdf
2008-01-13 21:25:24 0 d-------- C:\WINDOWS\uninstall
2008-01-13 21:24:52 0 d-------- C:\Program Files\Eset
2008-01-13 20:42:47 0 d-------- C:\Program Files\Microsoft Works
2008-01-13 20:42:37 0 d-------- C:\Program Files\MSBuild
2008-01-13 20:42:15 0 d-------- C:\Program Files\Microsoft Visual Studio
2008-01-13 20:42:15 0 d-------- C:\Program Files\Common Files\DESIGNER
2008-01-13 20:41:37 0 d-------- C:\Program Files\Microsoft.NET
2008-01-13 20:39:02 0 d-------- C:\WINDOWS\SHELLNEW
2008-01-13 20:38:44 0 d-------- C:\Program Files\Microsoft Office
2008-01-13 20:38:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-13 20:38:28 0 dr-h----- C:\MSOCache
2008-01-13 20:32:52 0 d-------- C:\Program Files\ATI Technologies
2008-01-13 20:27:58 0 d-------- C:\WINDOWS\VirtualEar
2008-01-13 20:27:55 0 d-------- C:\Program Files\Analog Devices
2008-01-13 20:27:36 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-01-13 20:27:20 0 d-------- C:\Program Files\VIA
2008-01-12 18:49:23 0 d-------- C:\WINDOWS\OPTIONS
2008-01-12 18:49:23 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-12 18:49:16 0 d-------- C:\Program Files\Common Files\InstallShield
2008-01-12 18:48:03 0 d-------- C:\Program Files\C-Media Audio
2008-01-12 18:45:31 0 d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-01-12 18:40:35 0 d--hs---- C:\System Volume Information
2008-01-12 18:40:20 0 d--hs---- C:\Recycled
2008-01-12 18:38:19 0 d-------- C:\Program Files\K-Lite Codec Pack
2008-01-12 18:38:07 0 d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
2008-01-12 18:38:03 0 d-------- C:\Program Files\QuickTime Alternative
2008-01-12 18:37:50 0 d-------- C:\Program Files\Real Alternative
2008-01-12 18:37:50 0 d-------- C:\Program Files\Media Player Classic
2008-01-12 18:37:09 0 d-------- C:\WINDOWS\RegisteredPackages
2008-01-12 18:37:03 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-01-12 18:37:00 0 d--h----- C:\Program Files\Uninstall Information
2008-01-12 18:35:26 0 d-------- C:\WINDOWS\Microsoft.NET
2008-01-12 18:35:26 0 dr--s---- C:\WINDOWS\assembly
2008-01-12 18:35:25 0 d-------- C:\WINDOWS\system32\URTTemp
2008-01-12 18:35:07 0 d-------- C:\Documents and Settings\Administrator\desktop
2008-01-12 18:35:07 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-01-12 18:35:07 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-01-12 18:35:07 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-01-12 18:35:07 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-01-12 18:35:07 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-01-12 18:35:07 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-01-12 18:35:07 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-01-12 18:35:07 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-01-12 18:35:07 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-01-12 18:35:07 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-01-12 18:35:07 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-01-12 18:35:07 0 dr------- C:\Documents and Settings\Administrator\「Startup」
2008-01-12 18:34:58 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-01-12 18:34:57 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-01-12 18:34:57 0 d-------- C:\WINDOWS\Prefetch
2008-01-12 18:34:56 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-01-12 18:34:56 0 d---s---- C:\Documents and Settings\LocalService\Cookies
2008-01-12 18:34:56 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-01-12 18:34:56 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-01-12 18:34:53 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2008-01-12 18:34:53 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-01-12 18:34:53 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-01-12 18:34:52 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-01-12 18:33:05 0 d-------- C:\Program Files\xerox
2008-01-12 18:33:04 0 d-------- C:\WINDOWS\system32\xircom
2008-01-12 18:33:04 0 d-------- C:\Program Files\msn gaming zone
2008-01-12 18:33:04 0 d-------- C:\Program Files\microsoft frontpage
2008-01-12 18:31:42 0 d-------- C:\Program Files\WinRAR
2008-01-12 18:31:28 0 d-------- C:\Documents and Settings\All Users\Application Data\MSN Messenger 6.2.0137
2008-01-12 18:31:26 0 d-------- C:\Program Files\MSN Messenger
2008-01-12 18:30:58 0 d--h----- C:\WINDOWS\$hf_mig$
2008-01-12 18:30:52 0 d-------- C:\Program Files\Remote Desktop
2008-01-12 18:29:26 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-01-12 18:29:16 0 dr------- C:\WINDOWS\Offline Web Pages
2008-01-12 18:29:16 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-01-12 18:29:06 0 d--h----- C:\Program Files\WindowsUpdate
2008-01-12 18:29:03 0 d-------- C:\Program Files\Online Services
2008-01-12 18:28:51 0 d-------- C:\WINDOWS\system32\DirectX
2008-01-12 18:28:26 0 d-------- C:\Program Files\Common Files\Services
2008-01-12 18:28:25 0 d---s---- C:\WINDOWS\Tasks
2008-01-12 18:28:24 0 d-------- C:\Program Files\Common Files\MSSoap
2008-01-12 18:28:21 0 d-------- C:\WINDOWS\srchasst
2008-01-12 18:28:20 0 d-------- C:\WINDOWS\system32\Macromed
2008-01-12 18:28:13 0 d-------- C:\Program Files\Movie Maker
2008-01-12 18:28:07 0 d-------- C:\WINDOWS\system32\Restore
2008-01-12 18:28:04 0 d-------- C:\Program Files\NetMeeting
2008-01-12 18:28:01 0 d-------- C:\Program Files\Outlook Express
2008-01-12 18:27:56 0 d-------- C:\Program Files\Common Files\System
2008-01-12 18:27:52 0 d-------- C:\Program Files\Internet Explorer
2008-01-12 18:27:16 0 d-------- C:\Program Files\ComPlus Applications
2008-01-12 18:27:10 0 d-------- C:\WINDOWS\Registration
2008-01-12 18:27:04 0 d-------- C:\Program Files\Windows Media Player
2008-01-12 18:26:44 0 d-------- C:\Program Files\Windows NT
2008-01-12 18:26:41 0 d-------- C:\WINDOWS\system32\MsDtc
2008-01-12 18:26:40 0 d-------- C:\WINDOWS\system32\Com
2008-01-12 18:24:07 0 d--hs---- C:\WINDOWS\Installer
2008-01-12 18:24:06 0 d-------- C:\Program Files\Common Files\ODBC
2008-01-12 18:24:03 0 dr------- C:\Program Files
2008-01-12 18:24:03 0 d-------- C:\Program Files\Common Files
2008-01-12 18:24:03 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-01-12 18:24:03 0 d-------- C:\Program Files\Common Files\Microsoft Shared
2008-01-12 18:22:26 0 d-------- C:\Documents and Settings\Default User\desktop
2008-01-12 18:22:26 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-01-12 18:22:26 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-01-12 18:22:26 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-01-12 18:22:26 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-01-12 18:22:26 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-01-12 18:22:26 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-01-12 18:22:26 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-01-12 18:22:26 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-01-12 18:22:26 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-01-12 18:22:26 0 dr------- C:\Documents and Settings\Default User\「Startup」
2008-01-12 18:22:26 0 d-------- C:\Documents and Settings\All Users\desktop
2008-01-12 18:22:26 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-01-12 18:22:26 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-01-12 18:22:26 0 dr------- C:\Documents and Settings\All Users\Documents
2008-01-12 18:22:26 0 dr------- C:\Documents and Settings\All Users\「Startup」
2008-01-12 18:22:07 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-01-12 18:22:07 0 d-------- C:\WINDOWS\system32\CatRoot
2008-01-12 18:22:02 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-01-12 18:22:02 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-01-12 18:22:02 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-01-12 18:22:02 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-01-12 18:21:38 0 d-------- C:\Documents and Settings
2008-01-12 18:14:43 0 d-------- C:\WINDOWS
2008-01-12 18:14:43 0 d-------- C:\WINDOWS\WinSxS
2008-01-12 18:14:43 0 dr------- C:\WINDOWS\Web
2008-01-12 18:14:43 0 d-------- C:\WINDOWS\twain_32
2008-01-12 18:14:43 0 d-------- C:\WINDOWS\Temp
2008-01-12 18:14:43 0 d-------- C:\WINDOWS\system32
2008-01-12 18:14:43 0 d-------- C:\WINDOWS\system32\wins
2008-01-12 18:14:43 0 d-------- C:\WINDOWS\system32\wbem
2008-01-12 18:14:43 0 d-------- C:\WINDOWS\system32\usmt
2008-01-12 18:14:43 0 d-------- C:\WINDOWS\system32\spool
2008-01-12 18:14:43 0 d-------- C:\WINDOWS\system32\ShellExt
2008-01-12 18:14:43 0 d-------- C:\WINDOWS\system32\Setup
2008-01-12 18:14:43 0 d-------- C:\WINDOWS\system32\ras
2008-01-12 18:14:43 0 d-------- C:\WINDOWS\system32\oobe
2008-01-12 18:14:43 0 d-------- C:\WINDOWS\system32\npp
2008-01-12 18:14:43 0 d-------- C:\WINDOWS\system32\mui
2008-01-12 18:14:43 0 d-------- C:\WINDOWS\system32\inetsrv
2008-01-12 18:14:43 0 d-------- C:\WINDOWS\system32\IME
2008-01-12 18:14:43 0 d-------- C:\WINDOWS\system32\icsxml
2008-01-12 18:14:43 0 d-------- C:\WINDOWS\system32\ias
2008-01-12 18:14:43 0 d-------- C:\WINDOWS\system32\export
2008-01-12 18:14:43 0 d-------- C:\WINDOWS\system32\drivers
2008-01-12 18:14:43 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-01-12 18:14:43 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-01-12 18:14:43 0 dr-hs---- C:\WINDOWS\system32\dllcache
2008-01-12 18:14:43 0 d-------- C:\WINDOWS\system32\dhcp
2008-01-12 18:14:43 0 d-------- C:\WINDOWS\system32\config
2008-01-12 18:14:43 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-01-12 18:14:43 0 d-------- C:\WINDOWS\system32\3076
2008-01-12 18:14:43 0 d-------- C:\WINDOWS\system32\2052
2008-01-12 18:14:43 0 d-------- C:\WINDOWS\system32\1054
2008-01-12 18:14:43 0 d-------- C:\WINDOWS\system32\1042
2008-01-12 18:14:43 0 d-------- C:\WINDOWS\system32\1041
2008-01-12 18:14:43 0 d-------- C:\WINDOWS\system32\1037
2008-01-12 18:14:43 0 d-------- C:\WINDOWS\system32\1033
2008-01-12 18:14:43 0 d-------- C:\WINDOWS\system32\1031
2008-01-12 18:14:43 0 d-------- C:\WINDOWS\system32\1028
2008-01-12 18:14:43 0 d-------- C:\WINDOWS\system32\1025
2008-01-12 18:14:43 0 d-------- C:\WINDOWS\system
2008-01-12 18:14:43 0 d-------- C:\WINDOWS\security
2008-01-12 18:14:43 0 d-------- C:\WINDOWS\Resources
2008-01-12 18:14:43 0 d-------- C:\WINDOWS\repair
2008-01-12 18:14:43 0 d-------- C:\WINDOWS\Provisioning
2008-01-12 18:14:43 0 d-------- C:\WINDOWS\PeerNet
2008-01-12 18:14:43 0 d-------- C:\WINDOWS\pchealth
2008-01-12 18:14:43 0 d-------- C:\WINDOWS\mui
2008-01-12 18:14:43 0 d-------- C:\WINDOWS\msapps
2008-01-12 18:14:43 0 d-------- C:\WINDOWS\msagent
2008-01-12 18:14:43 0 d-------- C:\WINDOWS\Media
2008-01-12 18:14:43 0 d-------- C:\WINDOWS\java
2008-01-12 18:14:43 0 d--h----- C:\WINDOWS\inf
2008-01-12 18:14:43 0 d-------- C:\WINDOWS\ime
2008-01-12 18:14:43 0 d-------- C:\WINDOWS\Help
2008-01-12 18:14:43 0 dr--s---- C:\WINDOWS\Fonts
2008-01-12 18:14:43 0 d-------- C:\WINDOWS\ehome
2008-01-12 18:14:43 0 d-------- C:\WINDOWS\Driver Cache
2008-01-12 18:14:43 0 d-------- C:\WINDOWS\Debug
2008-01-12 18:14:43 0 d-------- C:\WINDOWS\Cursors
2008-01-12 18:14:43 0 d-------- C:\WINDOWS\Connection Wizard
2008-01-12 18:14:43 0 d-------- C:\WINDOWS\Config
2008-01-12 18:14:43 0 d-------- C:\WINDOWS\AppPatch
2008-01-12 18:14:43 0 d-------- C:\WINDOWS\addins


-- Find3M Report ---------------------------------------------------------------

2008-01-12 18:22:28 62 --ahs---- C:\Documents and Settings\Administrator\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------



-- End of Deckard's System Scanner: finished at 2008-01-15 14:50:34 ------------

 

Your log appears clean, other than a remnant registry entry. Scan again with HijackThis and place a check next to the following entry, close all other windows then click Fix Checked.

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)


Close HijackThis.

I don't see anything else that would suggest an infection present, but if you'd like to run another scan to check, I'd recommend an online scan with Kaspersky. Instructions follow.

Please do an online scan with Kaspersky WebScanner

http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html (link for US and others not listed below)
http://www.kaspersky.com.au/online-scanner/# (Australian link)
http://www.kaspersky.co.uk/virusscanner (UK link)


You will be promted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  • Extended (if available otherwise Standard)
  • Scan Options:
  • Scan Archives
    Scan Mail Bases
• Click OK
• Now under select a target to scan:
  • Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
• Save the file to your desktop.

Post the Kaspersky log and one more fresh HijackThis log.

 

Hello again....

My computer is shutting down randomly again!!!
It happens like almost immediately after I turn on my computer first time in the morning. So its not over-heating???

I checked the cables and cords to see that they are connected properly. no short circuits?

What are the other causes of random spontaneous shut-downs??

Could it be from the anti-virus program deleting system files on C drive??

Need help once again!!

Thanks and sorry to be troublesom!!

Lorraine (from my laptop) (

 

Does it shut down only once, then run fine for a length of time, or does it continue to shutdown regularly (like every 15 - 30 min or something)? Do you ever get any error messages before it shuts down?

Did you ever run the Kaspersky online virus scan?

 

It shuts down, no warning or any error message, the whole computer just blacks out. I can't turn it back on again unless I leave it for a while and turn power off at the switch.

I tried the Online scan but it had some error when I did it last time. Now trying again. (Hoping that the comp. doesnt shut down again)

 

Hi Lorraine,

I suspect the power supply might be failing, and I recommend you start a topic in the hardware forum where you might get some input from folks more knowledgable in the hardware area.

 

Thanks mate!!