Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My screen suddenly turns to black!


  • This topic is locked This topic is locked
2 replies to this topic

#1 x4xp

x4xp

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:01 AM

Posted 22 February 2010 - 03:08 PM

Hi,

First of all, I do not have an antivirus software installed in my computer, that is why I am pretty sure there is something wrong going in my laptop. I am working with windows xp Service Pack 2. Here is the problem; my laptop sometimes Shuts down without asking. Not in the sense that it shows you the shutdown window. No! I just see suddenly my laptop out of electricity and the screen turns to dark! I have a Malwarebyte's'Anti-Malware installed in my pc and it has twice gave me a trojan a alert. But, I do not remeber the name of the trojan because it is not appearing anymore. Another thing is when I try to visit antvirus websites, most of them do not open for me! I do not know if the virus or the trojan is that smart to know that! My internet conncetion usually gets slow. I am feeling really frustrated because when I am in the middle of something important, the secreen suddenly turns to black. Also, when I want to use Ctrl+Alt+Delete, I get the following error message; Task Manage has been disabled by your administrator. Any help would be appreciated.


Below is the content of the DDS:


DDS (Ver_09-12-01.01) - NTFSx86
Run by x4xp at 20:05:30.57 on Mon 02/22/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1033.18.1023.499 [GMT 4:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
AV: Webroot Internet Security Essentials *On-access scanning disabled* (Updated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}
FW: Webroot Internet Security Essentials *disabled* {63671000-11A2-46DD-BADD-A084CABCDEAE}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\tme3srv.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Toshiba\Toshiba Applet\TMEPROP.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Linksys\WUSB100\WUSB100.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\x4xp\Desktop\dds.EXE

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.ae/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = proxy1.emirates.net.ae:8080
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Real Madrid News Toolbar: {598dd77f-1390-4074-8c50-0286894f4185} - c:\program files\real_madrid_news\tbReal.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: CNisExtBho Class: {9ecb9560-04f9-4bbc-943d-298ddf1699e1} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
TB: Norton Internet Security: {0b53eac3-8d69-4b9e-9b19-a37c9a5676a7} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Real Madrid News Toolbar: {598dd77f-1390-4074-8c50-0286894f4185} - c:\program files\real_madrid_news\tbReal.dll
EB: &Discuss: {bdeade7f-c265-11d0-bced-00a0c90ab50f} - shdocvw.dll
uRun: [TOSCDSPD] "c:\program files\toshiba\toscdspd\toscdspd.exe"
uRun: [ctfmon.exe] "c:\windows\system32\ctfmon.exe"
uRun: [Google Update] "c:\documents and settings\x4xp\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [IDMan] "c:\program files\internet download manager\IDMan.exe" /onboot
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [SoundMAXPnP] "c:\program files\analog devices\soundmax\SMax4PNP.exe"
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [SynTPLpr] "c:\program files\synaptics\syntp\SynTPLpr.exe"
mRun: [SynTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"
mRun: [THotkey] "c:\program files\toshiba\toshiba applet\thotkey.exe"
mRun: [AGRSMMSG] "AGRSMMSG.exe"
mRun: [PadTouch] "c:\program files\toshiba\touch and launch\PadExe.exe"
mRun: [TPSMain] "TPSMain.exe"
mRun: [SmoothView] "c:\program files\toshiba\toshiba zooming utility\SmoothView.exe"
mRun: [TFncKy] TFncKy.exe
mRun: [TMEPROP] "c:\program files\toshiba\toshiba applet\TMEPROP.exe" -S
mRun: [DockMsgFrom] "c:\program files\toshiba\toshiba applet\DockMsgFrom.exe"
mRun: [NDSTray.exe] NDSTray.exe
mRun: [dla] "c:\windows\system32\dla\tfswctrl.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [IS CfgWiz] "c:\program files\norton internet security\cfgwiz.exe" /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
mRun: [SSC_UserPrompt] "c:\program files\common files\symantec shared\security center\UsrPrmpt.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] "c:\windows\ime\imkr6_1\IMEKRMIG.EXE"
mRun: [MSPY2002] "c:\windows\system32\ime\pintlgnt\ImScInst.exe" /SYNC
mRun: [PHIME2002ASync] "c:\windows\system32\ime\tintlgnt\TINTSETP.EXE" /SYNC
mRun: [PHIME2002A] "c:\windows\system32\ime\tintlgnt\TINTSETP.EXE" /IMEName
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [SpySweeper] "c:\program files\webroot\webrootsecurity\SpySweeperUI.exe" /startintray
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\x4xp\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\linksys\wusb100\WUSB100.exe
uPolicies-system: DisableRegistryTools = 1 (0x1)
uPolicies-system: DisableTaskMgr = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
dPolicies-system: DisableTaskMgr = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0\bin\npjpi150.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\x4xp\applic~1\mozilla\firefox\profiles\d69xg61r.default\
FF - component: c:\documents and settings\x4xp\application data\idm\idmmzcc3\components\idmmzcc.dll
FF - component: c:\documents and settings\x4xp\application data\mozilla\firefox\profiles\d69xg61r.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\documents and settings\x4xp\application data\mozilla\firefox\profiles\d69xg61r.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\x4xp\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPJPI150.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPOJI610.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-4-21 29808]
R1 pwipf6;pwipf6;c:\windows\system32\drivers\pwipf6.sys [2010-2-22 108296]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-1-1 236368]
R2 SAVRTPEL;SAVRTPEL;c:\program files\norton internet security\norton antivirus\Savrtpel.sys [2004-7-23 49808]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\webrootsecurity\SpySweeper.exe [2009-4-21 4048240]
R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\webrootsecurity\WRConsumerService.exe [2010-2-22 1205760]
R3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\qlmmsn.sys --> c:\windows\system32\drivers\qlmmsn.sys [?]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-1-1 19160]
R3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2007-7-28 517632]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-31 213488]
S2 SBService;ScriptBlocking Service;c:\progra~1\common~1\symant~1\script~1\SBServ.exe [2004-8-30 132224]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2004-8-28 144504]
S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20050124.008\NAVENG.Sys [2005-1-25 73728]
S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20050124.008\NavEx15.Sys [2005-1-25 631040]
S3 SAVRT;SAVRT;c:\program files\norton internet security\norton antivirus\savrt.sys [2004-7-23 335504]
S3 SAVScan;SAVScan;c:\program files\norton internet security\norton antivirus\SAVScan.exe [2004-7-23 197864]

=============== Created Last 30 ================

2010-02-22 16:01:35 0 ----a-w- c:\documents and settings\x4xp\defogger_reenable
2010-02-22 15:27:47 0 d-----w- c:\program files\MSSOAP
2010-02-22 15:27:39 108296 ----a-w- c:\windows\system32\drivers\pwipf6.sys
2010-02-22 15:27:20 1563008 ----a-w- c:\windows\WRSetup.dll
2010-02-22 15:27:20 0 d-----w- c:\program files\Webroot
2010-02-22 15:27:20 0 d-----w- c:\docume~1\x4xp\applic~1\Webroot
2010-02-22 15:27:20 0 d-----w- c:\docume~1\alluse~1\applic~1\Webroot
2010-02-19 18:19:23 0 dc-h--w- c:\windows\ie8
2010-02-19 13:50:05 0 d-----w- c:\program files\VS Revo Group
2010-02-19 13:05:05 0 d-----w- C:\!KillBox
2010-02-18 04:36:56 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{7D4B3D1D-104E-4507-9123-568BC721B7E2}
2010-02-18 04:36:51 0 d-----w- c:\program files\Transparent
2010-02-18 04:36:51 0 d-----w- c:\docume~1\alluse~1\applic~1\Transparent
2010-02-16 20:39:10 0 d-----w- c:\program files\Real_Madrid_News
2010-02-16 20:39:10 0 d-----w- c:\program files\Conduit
2010-02-16 13:17:02 202048 ----a-w- c:\windows\system32\AVLibrary.dll
2010-02-16 13:16:58 0 d-----w- c:\program files\Hide The IP 2010
2010-02-12 20:40:46 0 d-sh--w- c:\documents and settings\x4xp\IECompatCache
2010-02-10 19:33:57 0 d-----w- c:\windows\system32\LogFiles
2010-02-10 12:49:27 600 ----a-w- c:\documents and settings\x4xp\PUTTY.RND
2010-02-10 12:33:40 0 d--h--w- c:\windows\system32\GroupPolicy
2010-02-10 11:58:40 0 d-----w- c:\docume~1\x4xp\applic~1\Propel
2010-02-10 11:58:39 0 d-----w- c:\docume~1\alluse~1\applic~1\Propel
2010-02-09 13:51:06 0 d-sh--w- c:\documents and settings\x4xp\PrivacIE
2010-02-09 13:49:21 0 d-sh--w- c:\documents and settings\x4xp\IETldCache
2010-02-09 13:42:29 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2010-02-07 17:14:40 0 d-----w- c:\program files\Yahoo!
2010-02-05 20:36:41 0 d-----w- c:\docume~1\x4xp\applic~1\IDM
2010-02-05 20:36:39 0 d-----w- c:\docume~1\x4xp\applic~1\DMCache
2010-02-05 20:36:36 0 d-----w- c:\program files\Internet Download Manager
2010-02-02 14:31:26 0 d-----w- c:\documents and settings\x4xp\Tracing
2010-02-02 12:52:58 0 d-----w- c:\program files\Microsoft
2010-02-02 12:52:40 0 d-----w- c:\program files\Windows Live SkyDrive
2010-02-02 12:34:56 0 d-----w- c:\program files\common files\Windows Live
2010-01-27 13:43:45 0 d-----w- c:\program files\CDisplay
2010-01-26 08:13:16 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2010-01-26 08:13:16 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-01-26 08:13:06 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2010-01-26 08:13:06 87040 ----a-w- c:\windows\system32\wiafbdrv.dll
2010-01-26 08:13:02 31616 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-01-26 08:13:02 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-01-25 14:48:38 210352 ----a-w- c:\windows\system32\idmmbc.dll

==================== Find3M ====================

2010-01-07 12:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 12:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

============= FINISH: 20:05:45.82 ===============

Attached Files


Edited by x4xp, 22 February 2010 - 05:09 PM.


BC AdBot (Login to Remove)

 


#2 x4xp

x4xp
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:01 AM

Posted 24 February 2010 - 11:08 AM

Please, close this thread as I am going to seek a help from another forum

Thanks

#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,087 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:01 PM

Posted 24 February 2010 - 02:18 PM

Closed as requested.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users