Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

Computer switches off at random following virus alert

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

Re: Computer switches off at random following virus alert

Unread postby ktreffin » August 20th, 2008, 7:51 pm

Hi Jane,

Well, the Kaspersky scan didn't reveal a whole lot. It does appear that you have some old infected e-mail files that are being stored here:

C:\Documents and Settings\<Your Name>\Jane--second disk\My Documents\Email backup files

Are you familiar with these? If they are old back-up files I would suggest that you delete them. You could delete the entire "Email backup files" folder, and that would take care of them which I would suggest you do.

I really don't see anything in the OTScanIt log that would give me any additional information on what is going on.

Let's try one more thing:

I would like for you to use ComboFix. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  2. Click Yes to allow ComboFix to continue scanning for malware.

IMPORTANT: WHILE COMBOFIX IS RUNNING, PLEASE DO NOT CLICK THE MOUSE OR TYPE ON THE KEYBOARD!! DON"T TOUCH ANYTHING JUST LET COMBOFIX DO IT'S THING!!

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

Thanks,
Ken
User avatar
ktreffin
Retired Graduate
 
Posts: 1864
Joined: February 28th, 2007, 11:12 pm
Location: USA, Florida
Top
Advertisement
Register to Remove

Re: Computer switches off at random following virus alert

Unread postby Jane » August 21st, 2008, 6:56 am

Ken,

I've deleted the "email backup" folder as you suggested, and downloaded the ComboFix utility.

I've also installed the MS Windows Recovery Console, following the instructions given on the ComboFix page: that all went well, and I got a message telling me it had installed correctly, but I don't get the option to boot up using the Recovery Console when I restart my computer. It just boots up as usual.

Consequently I've not run the ComboFix utility yet, just to be safe.

Should I run ComboFix anyway? Or should I reinstall the Recovery Console, or make some other tweaks?

Sorry to be dim. I thought it better to stop and ask, than to plough on regardless.
Jane
Regular Member
 
Posts: 15
Joined: August 8th, 2008, 1:17 pm
Top

Re: Computer switches off at random following virus alert

Unread postby ktreffin » August 21st, 2008, 3:25 pm

Hi Jane,

It's OK, you can go ahead and run ComboFix. The Recovery Console is there as a "safety net" should we run into problems (which I am not expecting). If problems do happen, we can use the Recovery Console if we need to.

Go ahead and boot into the normal mode (how it boots usually) and then run ComboFix.

Keep the questions coming if you have anything else.

Ken
User avatar
ktreffin
Retired Graduate
 
Posts: 1864
Joined: February 28th, 2007, 11:12 pm
Location: USA, Florida
Top

Re: Computer switches off at random following virus alert

Unread postby Jane » August 22nd, 2008, 3:50 am

Ken, ComboFix and Hijack This logs follow, as requested.

The computer is still unstable: it's better since I got rid of Spyware Terminator, but it does close down again every now and then and when I just tried to cut-and-paste the logs here, Word opened but wouldn't respond--I had to reboot before I could get it to work.

I've had someone check it out to make sure that the hardware is all in good order, and they've said there's no obvious problem. It was clean enough inside, and not overheating; drivers all seem up to date and working well. Is there anything else you can suggest, assuming that ComboFix doesn't reveal anything nasty?

Thanks

Jane


ComboFix 08-08-19.06 - Jane 2008-08-22 8:21:27.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2120 [GMT 1:00]
Running from: F:\Documents and Settings\Jane\My Documents\My Downloads\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

F:\Documents and Settings\Jane\Cookies\jane@specificclick[2].txt
F:\WINDOWS\Downloaded Program Files\ODCTOOLS
F:\WINDOWS\Downloaded Program Files\setup.inf
F:\WINDOWS\system32\REGOBJ.DLL

.
((((((((((((((((((((((((( Files Created from 2008-07-22 to 2008-08-22 )))))))))))))))))))))))))))))))
.

2008-08-22 07:42 . 2008-08-22 07:42 <DIR> d-------- F:\WINDOWS\LastGood
2008-08-16 10:25 . 2008-05-01 15:33 331,776 -----c--- F:\WINDOWS\system32\dllcache\msadce.dll
2008-08-16 09:52 . 2008-08-16 09:52 <DIR> d-------- F:\Program Files\Malwarebytes' Anti-Malware
2008-08-16 09:52 . 2008-08-16 09:52 <DIR> d-------- F:\Documents and Settings\Jane\Application Data\Malwarebytes
2008-08-16 09:52 . 2008-08-16 09:52 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-16 09:52 . 2008-07-30 20:07 38,472 --a------ F:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-16 09:52 . 2008-07-30 20:07 17,144 --a------ F:\WINDOWS\system32\drivers\mbam.sys
2008-08-15 18:20 . 2008-08-19 11:18 1,374 --a------ F:\WINDOWS\imsins.BAK
2008-08-15 18:09 . 2008-04-11 20:04 691,712 -----c--- F:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-15 17:35 . 2008-08-15 17:35 <DIR> d-------- F:\Program Files\Java
2008-08-15 17:35 . 2008-06-10 02:32 73,728 --a------ F:\WINDOWS\system32\javacpl.cpl
2008-08-03 15:47 . 2008-08-03 15:47 <DIR> d-------- F:\Program Files\Trend Micro
2008-08-03 15:38 . 2008-08-03 15:38 <DIR> d-------- F:\Program Files\CCleaner
2008-08-03 11:07 . 2008-08-03 11:07 <DIR> d-------- F:\Program Files\CONEXANT
2008-08-03 11:07 . 2006-11-08 09:00 989,696 -ra------ F:\WINDOWS\system32\drivers\HSF_DPV.sys
2008-08-03 11:07 . 2006-11-08 08:59 730,112 -ra------ F:\WINDOWS\system32\drivers\HSF_CNXT.sys
2008-08-03 11:07 . 2006-11-08 08:59 257,408 -ra------ F:\WINDOWS\system32\drivers\HSFHWBS2.sys
2008-08-03 11:07 . 2006-11-07 02:54 172,032 -ra------ F:\WINDOWS\system32\Uci32114.dll
2008-08-03 11:07 . 2006-11-08 11:10 144,201 -ra------ F:\WINDOWS\system32\drivers\HSFProf.cty
2008-08-02 21:20 . 2008-08-02 21:20 <DIR> d-------- F:\Program Files\Lavasoft
2008-08-02 21:20 . 2008-08-03 10:58 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-02 19:46 . 2008-08-03 10:58 <DIR> d-------- F:\Program Files\SpywareBlaster
2008-08-01 10:50 . 2008-08-03 11:00 <DIR> d-------- F:\Program Files\NetWaiting
2008-07-25 15:59 . 2008-07-26 17:52 10,304 --a------ F:\WINDOWS\MSOPrefs.232
2008-07-25 15:59 . 2008-07-26 17:52 4,544 --a------ F:\WINDOWS\MSOClip.232
2008-07-25 12:13 . 2008-08-03 14:07 <DIR> d-------- F:\Program Files\Spybot - Search & Destroy
2008-07-25 12:13 . 2008-08-15 17:03 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-19 17:19 --------- d-----w F:\Program Files\Microsoft Silverlight
2008-08-03 10:02 --------- d-----w F:\Program Files\Scanner Wedge
2008-08-03 10:02 --------- d-----w F:\Program Files\Coupon Printer
2008-08-03 10:00 --------- d--h--w F:\Program Files\InstallShield Installation Information
2008-07-28 20:33 --------- d-----w F:\Documents and Settings\Jane\Application Data\Canon
2008-07-18 21:10 94,920 ----a-w F:\WINDOWS\system32\cdm.dll
2008-07-18 21:10 53,448 ----a-w F:\WINDOWS\system32\wuauclt.exe
2008-07-18 21:10 45,768 ----a-w F:\WINDOWS\system32\wups2.dll
2008-07-18 21:10 36,552 ----a-w F:\WINDOWS\system32\wups.dll
2008-07-18 21:09 563,912 ----a-w F:\WINDOWS\system32\wuapi.dll
2008-07-18 21:09 325,832 ----a-w F:\WINDOWS\system32\wucltui.dll
2008-07-18 21:09 205,000 ----a-w F:\WINDOWS\system32\wuweb.dll
2008-07-18 21:09 1,811,656 ----a-w F:\WINDOWS\system32\wuaueng.dll
2008-07-18 21:07 270,880 ----a-w F:\WINDOWS\system32\mucltui.dll
2008-07-18 21:07 210,976 ----a-w F:\WINDOWS\system32\muweb.dll
2008-07-07 20:26 253,952 ----a-w F:\WINDOWS\system32\es.dll
2008-06-25 13:31 --------- d-----w F:\Program Files\Common Files\Adobe
2008-06-24 16:43 74,240 ----a-w F:\WINDOWS\system32\mscms.dll
2008-06-23 16:57 826,368 ----a-w F:\WINDOWS\system32\wininet.dll
2008-06-20 17:46 245,248 ----a-w F:\WINDOWS\system32\mswsock.dll
2008-06-20 17:46 245,248 ----a-w F:\WINDOWS\system32\mswsock(2)(2)(2).dll
2008-06-20 17:46 147,968 ----a-w F:\WINDOWS\system32\dnsapi(2)(2)(2).dll
.

------- Sigcheck -------

2004-08-04 13:00 14336 8f078ae4ed187aaabc0a305146de6716 F:\WINDOWS\$NtServicePackUninstall$\svchost.exe
2004-08-04 13:00 14336 8f078ae4ed187aaabc0a305146de6716 F:\WINDOWS\SDold\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\svchost.exe
2004-08-04 13:00 14336 8f078ae4ed187aaabc0a305146de6716 F:\WINDOWS\SDold\Download\fd0264849c01086f3c6b505dc02dbd44\backup\svchost.exe
2008-04-14 01:12 14336 27c6d03bcdb8cfeb96b716f3d8be3e18 F:\WINDOWS\ServicePackFiles\i386\svchost.exe
2008-04-14 01:12 14336 27c6d03bcdb8cfeb96b716f3d8be3e18 F:\WINDOWS\system32\svchost.exe

2004-08-04 13:00 577024 c72661f8552ace7c5c85e16a3cf505c4 F:\WINDOWS\$NtServicePackUninstall$\user32.dll
2004-08-04 13:00 577024 c72661f8552ace7c5c85e16a3cf505c4 F:\WINDOWS\SDold\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\user32.dll
2004-08-04 13:00 577024 c72661f8552ace7c5c85e16a3cf505c4 F:\WINDOWS\SDold\Download\fd0264849c01086f3c6b505dc02dbd44\backup\user32.dll
2008-04-14 01:12 578560 b26b135ff1b9f60c9388b4a7d16f600b F:\WINDOWS\ServicePackFiles\i386\user32.dll
2008-04-14 01:12 578560 b26b135ff1b9f60c9388b4a7d16f600b F:\WINDOWS\system32\user32.dll

2004-08-04 13:00 82944 2ed0b7f12a60f90092081c50fa0ec2b2 F:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
2004-08-04 13:00 82944 2ed0b7f12a60f90092081c50fa0ec2b2 F:\WINDOWS\SDold\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\ws2_32.dll
2004-08-04 13:00 82944 2ed0b7f12a60f90092081c50fa0ec2b2 F:\WINDOWS\SDold\Download\fd0264849c01086f3c6b505dc02dbd44\backup\ws2_32.dll
2008-04-14 01:12 82432 2ccc474eb85ceaa3e1fa1726580a3e5a F:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
2008-04-14 01:12 82432 2ccc474eb85ceaa3e1fa1726580a3e5a F:\WINDOWS\system32\ws2_32.dll

2008-06-20 12:59 361600 ad978a1b783b5719720cff204b666c8e F:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2004-08-04 13:00 359040 9f4b36614a0fc234525ba224957de55c F:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2008-04-13 20:20 361344 93ea8d04ec73a85db02eb8805988f733 F:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
2004-08-04 13:00 359040 9f4b36614a0fc234525ba224957de55c F:\WINDOWS\SDold\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\tcpip.sys
2004-08-04 13:00 359040 9f4b36614a0fc234525ba224957de55c F:\WINDOWS\SDold\Download\fd0264849c01086f3c6b505dc02dbd44\backup\tcpip.sys
2008-04-13 20:20 361344 93ea8d04ec73a85db02eb8805988f733 F:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2008-06-20 12:51 361600 9aefa14bd6b182d61e3119fa5f436d3d F:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 12:51 361600 9aefa14bd6b182d61e3119fa5f436d3d F:\WINDOWS\system32\drivers\tcpip.sys

2004-08-04 13:00 502272 01c3346c241652f43aed8e2149881bfe F:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
2004-08-04 13:00 502272 01c3346c241652f43aed8e2149881bfe F:\WINDOWS\SDold\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\winlogon.exe
2004-08-04 13:00 502272 01c3346c241652f43aed8e2149881bfe F:\WINDOWS\SDold\Download\fd0264849c01086f3c6b505dc02dbd44\backup\winlogon.exe
2008-04-14 01:12 507904 ed0ef0a136dec83df69f04118870003e F:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2008-04-14 01:12 507904 ed0ef0a136dec83df69f04118870003e F:\WINDOWS\system32\winlogon.exe

2004-08-04 13:00 182912 558635d3af1c7546d26067d5d9b6959e F:\WINDOWS\$NtServicePackUninstall$\ndis.sys
2004-08-04 13:00 182912 558635d3af1c7546d26067d5d9b6959e F:\WINDOWS\SDold\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\ndis.sys
2004-08-04 13:00 182912 558635d3af1c7546d26067d5d9b6959e F:\WINDOWS\SDold\Download\fd0264849c01086f3c6b505dc02dbd44\backup\ndis.sys
2008-04-13 20:20 182656 1df7f42665c94b825322fae71721130d F:\WINDOWS\ServicePackFiles\i386\ndis.sys
2008-04-13 20:20 182656 1df7f42665c94b825322fae71721130d F:\WINDOWS\system32\drivers\ndis.sys

2004-08-04 13:00 29056 4448006b6bc60e6c027932cfc38d6855 F:\WINDOWS\$NtServicePackUninstall$\ip6fw.sys
2004-08-04 13:00 29056 4448006b6bc60e6c027932cfc38d6855 F:\WINDOWS\SDold\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\ip6fw.sys
2004-08-04 13:00 29056 4448006b6bc60e6c027932cfc38d6855 F:\WINDOWS\SDold\Download\fd0264849c01086f3c6b505dc02dbd44\backup\ip6fw.sys
2008-04-13 19:53 36608 3bb22519a194418d5fec05d800a19ad0 F:\WINDOWS\ServicePackFiles\i386\ip6fw.sys
2008-04-13 19:53 36608 3bb22519a194418d5fec05d800a19ad0 F:\WINDOWS\system32\drivers\ip6fw.sys

2004-08-04 13:00 2015232 fb142b7007ca2eea76966c6c5cc12150 F:\WINDOWS\$NtServicePackUninstall$\ntkrnlpa.exe
2004-08-03 22:59 2056832 947fb1d86d14afcffdb54bf837ec25d0 F:\WINDOWS\SDold\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\ntkrnlpa.exe
2004-08-03 22:59 2056832 947fb1d86d14afcffdb54bf837ec25d0 F:\WINDOWS\SDold\Download\fd0264849c01086f3c6b505dc02dbd44\backup\ntkrnlpa.exe
2008-04-13 19:31 2065792 109f8e3e3c82e337bb71b6bc9b895d61 F:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe
2008-04-13 19:31 2023936 7f653a89f6e89e3ae0d49830eece35d4 F:\WINDOWS\system32\ntkrnlpa.exe

2004-08-04 13:00 2148352 626309040459c3915997ef98ec1c8d40 F:\WINDOWS\$NtServicePackUninstall$\ntoskrnl.exe
2004-08-03 23:20 2180992 ce218bc7088681faa06633e218596ca7 F:\WINDOWS\SDold\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\ntoskrnl.exe
2004-08-03 23:20 2180992 ce218bc7088681faa06633e218596ca7 F:\WINDOWS\SDold\Download\fd0264849c01086f3c6b505dc02dbd44\backup\ntoskrnl.exe
2008-04-13 20:27 2188928 0c89243c7c3ee199b96fcc16990e0679 F:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe
2008-04-13 20:24 2145280 40f8880122a030a7e9e1fedea833b33d F:\WINDOWS\system32\ntoskrnl.exe

2008-04-14 01:12 1033728 12896823fb95bfb3dc9b46bcaedc9923 F:\WINDOWS\explorer.exe
2004-08-04 13:00 1032192 a0732187050030ae399b241436565e64 F:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-04 13:00 1032192 a0732187050030ae399b241436565e64 F:\WINDOWS\SDold\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\explorer.exe
2004-08-04 13:00 1032192 a0732187050030ae399b241436565e64 F:\WINDOWS\SDold\Download\fd0264849c01086f3c6b505dc02dbd44\backup\explorer.exe
2008-04-14 01:12 1033728 12896823fb95bfb3dc9b46bcaedc9923 F:\WINDOWS\ServicePackFiles\i386\explorer.exe

2004-08-04 13:00 108032 c6ce6eec82f187615d1002bb3bb50ed4 F:\WINDOWS\$NtServicePackUninstall$\services.exe
2004-08-04 13:00 108032 c6ce6eec82f187615d1002bb3bb50ed4 F:\WINDOWS\SDold\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\services.exe
2004-08-04 13:00 108032 c6ce6eec82f187615d1002bb3bb50ed4 F:\WINDOWS\SDold\Download\fd0264849c01086f3c6b505dc02dbd44\backup\services.exe
2008-04-14 01:12 108544 0e776ed5f7cc9f94299e70461b7b8185 F:\WINDOWS\ServicePackFiles\i386\services.exe
2008-04-14 01:12 108544 0e776ed5f7cc9f94299e70461b7b8185 F:\WINDOWS\system32\services.exe

2004-08-04 13:00 13312 84885f9b82f4d55c6146ebf6065d75d2 F:\WINDOWS\$NtServicePackUninstall$\lsass.exe
2004-08-04 13:00 13312 84885f9b82f4d55c6146ebf6065d75d2 F:\WINDOWS\SDold\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\lsass.exe
2004-08-04 13:00 13312 84885f9b82f4d55c6146ebf6065d75d2 F:\WINDOWS\SDold\Download\fd0264849c01086f3c6b505dc02dbd44\backup\lsass.exe
2008-04-14 01:12 13312 bf2466b3e18e970d8a976fb95fc1ca85 F:\WINDOWS\ServicePackFiles\i386\lsass.exe
2008-04-14 01:12 13312 bf2466b3e18e970d8a976fb95fc1ca85 F:\WINDOWS\system32\lsass.exe

2004-08-04 13:00 15360 24232996a38c0b0cf151c2140ae29fc8 F:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
2004-08-04 13:00 15360 24232996a38c0b0cf151c2140ae29fc8 F:\WINDOWS\SDold\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\ctfmon.exe
2004-08-04 13:00 15360 24232996a38c0b0cf151c2140ae29fc8 F:\WINDOWS\SDold\Download\fd0264849c01086f3c6b505dc02dbd44\backup\ctfmon.exe
2008-04-14 01:12 15360 5f1d5f88303d4a4dbc8e5f97ba967cc3 F:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2008-04-14 01:12 15360 5f1d5f88303d4a4dbc8e5f97ba967cc3 F:\WINDOWS\system32\ctfmon.exe

2004-08-04 13:00 57856 7435b108b935e42ea92ca94f59c8e717 F:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
2004-08-04 13:00 57856 7435b108b935e42ea92ca94f59c8e717 F:\WINDOWS\SDold\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\spoolsv.exe
2004-08-04 13:00 57856 7435b108b935e42ea92ca94f59c8e717 F:\WINDOWS\SDold\Download\fd0264849c01086f3c6b505dc02dbd44\backup\spoolsv.exe
2008-04-14 01:12 57856 d8e14a61acc1d4a6cd0d38aebac7fa3b F:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
2008-04-14 01:12 57856 d8e14a61acc1d4a6cd0d38aebac7fa3b F:\WINDOWS\system32\spoolsv.exe

2004-08-04 13:00 24576 39b1ffb03c2296323832acbae50d2aff F:\WINDOWS\$NtServicePackUninstall$\userinit.exe
2004-08-04 13:00 24576 39b1ffb03c2296323832acbae50d2aff F:\WINDOWS\SDold\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\userinit.exe
2004-08-04 13:00 24576 39b1ffb03c2296323832acbae50d2aff F:\WINDOWS\SDold\Download\fd0264849c01086f3c6b505dc02dbd44\backup\userinit.exe
2008-04-14 01:12 26112 a93aee1928a9d7ce3e16d24ec7380f89 F:\WINDOWS\ServicePackFiles\i386\userinit.exe
2008-04-14 01:12 26112 a93aee1928a9d7ce3e16d24ec7380f89 F:\WINDOWS\system32\userinit.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="F:\WINDOWS\system32\ctfmon.exe" [2008-04-14 01:12 15360]
"MSMSGS"="F:\Program Files\Messenger\msmsgs.exe" [2008-04-14 01:12 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USRpdA"="F:\WINDOWS\SYSTEM32\USRmlnkA.exe" [2004-08-04 13:00 77891]
"igfxtray"="F:\WINDOWS\system32\igfxtray.exe" [2005-08-24 12:50 94208]
"igfxhkcmd"="F:\WINDOWS\system32\hkcmd.exe" [2005-08-24 12:47 77824]
"igfxpers"="F:\WINDOWS\system32\igfxpers.exe" [2005-08-24 12:51 114688]
"Omnipage"="F:\Program Files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 11:38 49152]
"Samsung Common SM"="F:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" [2005-07-03 08:20 372736]
"NeroFilterCheck"="F:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"InCD"="F:\Program Files\Ahead\InCD\InCD.exe" [2005-05-13 16:11 1397760]
"avast!"="F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 15:38 78008]
"HPDJ Taskbar Utility"="F:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-07 17:45 196608]
"SSBkgdUpdate"="F:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 16:00 155648]
"Adobe Reader Speed Launcher"="F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SunJavaUpdateSched"="F:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 15:21 61952 F:\WINDOWS\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-22 13:36 14854144 F:\WINDOWS\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="F:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 01:12 15360]

F:\Documents and Settings\Jane\Start Menu\Programs\Startup\
Dragon NaturallySpeaking.lnk - F:\Program Files\ScanSoft\NaturallySpeaking8\Program\natspeak.exe [2005-04-04 08:37:50 1994752]

F:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Device Detector 3.lnk - F:\Program Files\Olympus\DeviceDetector\DevDtct2.exe [2008-05-06 17:05:22 114688]
Directrec Configuration Tool.lnk - F:\Program Files\Olympus\DSSPlayerPro\DirectrecConfig.exe [2008-05-06 17:05:20 122880]
Microsoft Office.lnk - F:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 09:15:54 65588]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"F:\\WINDOWS\\system32\\fxsclnt.exe"=

R1 aswSP;avast! Self Protection;F:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 15:35]
R2 aswFsBlk;aswFsBlk;F:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 15:37]
S3 USRpdA;U.S. Robotics 56K PCI Faxmodem Driver;F:\WINDOWS\system32\DRIVERS\USRpdA.sys [2001-08-17 14:28]

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.co.uk/
O9 -: {A7C6D697-2B0C-4BAE-B203-E10EA815DFC1} - F:\Program Files\FreshDevices\FreshDownload\fd.exe
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-22 08:23:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-22 8:24:25
ComboFix-quarantined-files.txt 2008-08-22 07:24:19

Pre-Run: 59,174,428,672 bytes free
Post-Run: 59,225,620,480 bytes free

210 --- E O F --- 2008-08-20 18:27:08


____________________________________


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:27:43, on 22/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Ahead\InCD\InCDsrv.exe
F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
F:\Program Files\Alwil Software\Avast4\ashServ.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Olympus\DeviceDetector\DM1Service.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\hkcmd.exe
F:\WINDOWS\system32\igfxpers.exe
F:\WINDOWS\RTHDCPL.EXE
F:\Program Files\ScanSoft\OmniPageSE\opware32.exe
F:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
F:\Program Files\Ahead\InCD\InCD.exe
F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
F:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
F:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Messenger\msmsgs.exe
F:\PROGRA~1\ScanSoft\NATURA~1\Program\natspeak.exe
F:\WINDOWS\explorer.exe
F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
F:\Program Files\Alwil Software\Avast4\ashWebSv.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - F:\PROGRA~1\FRESHD~1\FRESHD~1\FDCatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - F:\PROGRA~1\FRESHD~1\FRESHD~1\fdiebar.dll
O4 - HKLM\..\Run: [USRpdA] F:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [igfxtray] F:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] F:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] F:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Omnipage] F:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [Samsung Common SM] "F:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] F:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [avast!] F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] F:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] F:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Dragon NaturallySpeaking.lnk = F:\Program Files\ScanSoft\NaturallySpeaking8\Program\natspeak.exe
O4 - Global Startup: Device Detector 3.lnk = F:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Directrec Configuration Tool.lnk = F:\Program Files\Olympus\DSSPlayerPro\DirectrecConfig.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: FreshDownload - {A7C6D697-2B0C-4BAE-B203-E10EA815DFC1} - F:\Program Files\FreshDevices\FreshDownload\fd.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: F:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/ins ... csxp2k.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/ ... 0330356531
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 0092568248
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 0095313154
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/f ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AE4CAD89-825D-4131-ABA7-158C8978CA0E}: NameServer = 194.168.4.100 194.168.8.100
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DM1Service - OLYMPUS IMAGING CORP. - F:\Program Files\Olympus\DeviceDetector\DM1Service.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - F:\Program Files\Ahead\InCD\InCDsrv.exe

--
End of file - 7757 bytes
Jane
Regular Member
 
Posts: 15
Joined: August 8th, 2008, 1:17 pm
Top

Re: Computer switches off at random following virus alert

Unread postby ktreffin » August 23rd, 2008, 1:51 pm

Hi Jane,

Well it looks like Combofix did find a few things, and possibly we might have found some more information as to your current problem. I would like for you to check something and see what we can find out....

Lets check the Event Viewer and see what kind of errors / problems have been happening:
  • Click "Start" and choose "Control Panel"
  • Open "Administrative Tools"
  • Open "Event Viewer"
  • On the left hand side, under "Event Viewer (Local)" click on "System"
  • On the right hand side you will see a lot of items including "Information", "Warning", and "Error"
  • What we are most interested in are the "Errors".
  • You may have to scroll down the list, but try to find something on or about the time that the system last shut itself down.
  • When you find that particular time, if you double click the event, it will open up and display more information for you.
  • Look at the description of the error at about the time of the shut-down, and copy what it says.
This may be a driver issue, and by looking at the Event Viewer it might shed some more light on what is going on.

Let me know if you have any questions.

Thanks,
Ken
User avatar
ktreffin
Retired Graduate
 
Posts: 1864
Joined: February 28th, 2007, 11:12 pm
Location: USA, Florida
Top

Re: Computer switches off at random following virus alert

Unread postby Jane » August 23rd, 2008, 2:28 pm

Ken, there are six errors listed under Event Viewer/Application (which I know is not what you asked for--that's coming). All are dated today.

The most recent one contains the following text under "description":
______________________________________________
"Error: application hang.

Fault bucket 20271770.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
______________________________________________
Next one is also an application hang, and reads,

"Hanging application OUTLOOK.EXE, version 9.0.0.6604, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
_______________________________________________

Then the first one is repeated; then the second; then the first; then the second.

I think these all relate to Outlook, which has been "not responding" a lot today when I open it.

Nothing seems to relate to the times when the computer has simply shut down and restarted itself. Each time that happens I get a message asking if I want to send an error report to MS: when I do, I get a selection of messages opening up under IE, which state either that the report was corrupted, that there was a blue-screen error even though I didn't see a blue screen, or that there was a driver error (I've checked under device manager and it seems that all is working normally, and drivers are up to date).

_______________________________________________________
On to Events Viewer/System, as requested:

The most recent error listed there was on 16 August, and reads,

"The server {1BE1F766-5536-11D1-B726-00C04FB926AF} did not register with DCOM within the required timeout.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
_______________________________________________
Next one, also on 16 August, reads

"The server {BA126AE5-2166-11D1-B1D0-00805FC1270E} did not register with DCOM within the required timeout.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
___________________________________________________

Final one for 16 August reads,

"Error code 10000012, parameter1 00000002, parameter2 8001003b, parameter3 00000000, parameter4 00000000.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
________________________________________________________
There are others but they are from earlier days, and I wonder why there are none for a more recent time as the computer has shut off several times this afternoon/evening already.

It only seems to happen when I'm on the internet, with a few windows open or downloading something--I'm on dial-up, which is slow. I've checked the modem driver and that's up to date: is there anything else I can do?

Is that enough information, or do you need something else?


Thanks for stickign with this, Ken. It's most appreciated.
Jane
Regular Member
 
Posts: 15
Joined: August 8th, 2008, 1:17 pm
Top

Re: Computer switches off at random following virus alert

Unread postby ktreffin » August 24th, 2008, 10:00 am

Hi Jane,

Interesting, but nothing really concrete. Tell me, did these random shut-downs start happening after installing the new modem? In the ComboFix log, these drivers were listed:
2008-08-03 11:07 . 2006-11-08 09:00 989,696 -ra------ F:\WINDOWS\system32\drivers\HSF_DPV.sys
2008-08-03 11:07 . 2006-11-08 08:59 730,112 -ra------ F:\WINDOWS\system32\drivers\HSF_CNXT.sys
2008-08-03 11:07 . 2006-11-08 08:59 257,408 -ra------ F:\WINDOWS\system32\drivers\HSFHWBS2.sys
2008-08-03 11:07 . 2006-11-07 02:54 172,032 -ra------ F:\WINDOWS\system32\Uci32114.dll
2008-08-03 11:07 . 2006-11-08 11:10 144,201 -ra------ F:\WINDOWS\system32\drivers\HSFProf.cty

These all seem to be related to the modem, and if you Google some of them, you will see that people are complaining of random system shut-downs that seem to be associated with some of them.

I know you said that in the Device Manager everything is listed as being OK, and up-to-date, however have you tried going to the modem's manufacturer website to make sure you are using the latest drivers for it?

One other thing....going back through the log, this caught my eye again:
I did install a new modem recently, which I didn't mention--my old one seemed to have died after a thunderstorm (we're very remote here, and despite surge protectors lose phones and modems regularly), so I put in a new one. Don't know if that's significant.

As you probably know, static electricity (AKA Lightening) and computers don't mix at all. If something happened during a thunderstorm which was enough to take out your modem, I fear that some other parts may have been affected. It is really difficult to tell this however. Sometimes you won't know until parts start to fail. I certainly don't want to scare you, but it could be a factor. One piece of equipment that you may want to invest in would be an UPS (uninterruptable power supply), these are far better than your standard surge protectors, and is almost considered an absolute requirement when living in storm prone areas (trust me, I live in Florida :D ).

There are several General Tech Support forums that I would be happy to send you too if you think it may help. I would start by making sure you have the latest drivers from the modem manufacturers website, downloading those, uninstalling the old drivers, and reinstalling the new ones, just to make sure.

Let me know if you would like to go to those General Tech forums, and I will be happy to list them for you.

Ken
User avatar
ktreffin
Retired Graduate
 
Posts: 1864
Joined: February 28th, 2007, 11:12 pm
Location: USA, Florida
Top

Re: Computer switches off at random following virus alert

Unread postby Jane » August 24th, 2008, 10:35 am

Ken,

It's the weekend: I didn't expect to hear from you for a while. Thank you.

The shut-downs didn't start when I changed the modem, I'm afraid: only when the virus first manifested itself, which was a couple of weeks later. I will check out the drivers manually, though, instead of getting Windows to do it, which is what I did before. Thanks for that suggestion.

I think it's unlikely that the storm caused further damage to my computer: it was entirely my fault that the modem got fried as I'd foolishly plugged the cable direct into the phone line, rather than into the surge protector, while I cleaned up. That'll teach me to try to vaccuum, I'll just leave everything filthy next time! We already have a triple layer of UPSs fitted, as not only do I have them for the computer, along with a surge-protector, but we also live off-grid and generate all our own electricity, most of it via a wind turbine, and so have UPSs inbuilt in the system to protect our valuable inverters, on both sides of the set-up--in and out.

What worries me, still, is that since the virus infestation, I'm having problems with a couple of my programs which weren't there before. Dragon Naturally Speaking won't load fully, and I can't use it at all; while Outlook keeps on freezing when I start it up. This happens regardless of whether or not I am connected to the internet. Then there's the random shut-downs (which could have somethign to do with the modem driver--I'll see what I can do, but do please direct me to those technical forums as it's far easier to proceed with someone telling me what to do!).

If you're happy that the virus is cleared, and assuming the modem driver IS causing the random shut-downs then I can reinstall Dragon--but I don't know what to do for the problem with Outlook. Any suggestions? I appreciate that your job here is just about done, but all help is gratefully received.
Jane
Regular Member
 
Posts: 15
Joined: August 8th, 2008, 1:17 pm
Top

Re: Computer switches off at random following virus alert

Unread postby ktreffin » August 24th, 2008, 8:07 pm

Hi Jane,

Sounds like you have the electricity part pretty well taken care of. Here are the links to the General Troubleshooting forums:

http://forums.whatthetech.com/forums.html
http://www.techguy.org/
http://www.bleepingcomputer.com/forums/

If you decide to use one of these other forums, please be sure to register there first. Also, please inform the helper that your system has been cleaned at MWR.

There is nothing that I can find on your system that indicates any type of malware is running. At this point, it appears that you are clean. I do have a few tips that I would like to give you that may help keep you clean in the future the first few (like Remove dangerous tools and Windows Update) have to be done, the others are optional.

It may seem like your system will be too much protected with all these things installed, but a lot of programs aren't running always on the background so don't slow down your computer. Please take a look at the following things:

Remove dangerous tools - Because some tools we used can be dangerous if they're used in the wrong way we have to remove some of them. Please remove the following tools:

Uninstall Combofix

  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK.
  • Note the space between the X and the U, it needs to be there.
  • Image

You can also delete any logs we have produced, and empty your Recycle bin.

Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
    • Change the Download signed ActiveX controls to Prompt
    • Change the Download unsigned ActiveX controls to Disable
    • Change the Initialise and script ActiveX controls not marked as safe to Disable
    • Change the Installation of desktop items to Prompt
    • Change the Launching programs and files in an IFRAME to Prompt
    • Change the Navigate sub-frames across different domains to Prompt
    • When all these settings have been made, click on the OK button.
    • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.

Update your Anti Virus Software - I would highly recommend that you set your Anti-Virus software to update automatically. Most Anti-Virus programs will update at least once a day, and frequently more than once a day. If you notice that it isn't updating itself regularly and frequently, you should check to make sure your anti-virus subscription has not expired (if it's a paid subscription) or that your settings have not spontaneously changed.

Turn on "Automatic Updates" - In order to make sure your system stays up to date, I recommend that you turn on the "Automatic Updates" feature. To turn on the "Automatic Updates" feature please do the following:
  • Click Start and choose Control Panel
  • In the control panel double click "Automatic Updates"
  • Make sure "Automatic (recommended)" is ticked
  • set the time that you would like to check for updates
  • Click "OK"

Visit Microsoft's Update Site Frequently - It is important that you visit http://update.microsoft.com/ regularly. This will ensure your computer has always the latest security updates available installed on your computer including those for Microsoft Office, etc. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Install WinPatrol - As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. You can download it from this website:
WinPatrol
The developer is a well-known man in the MalWare Removal business. If you really like WinPatrol think about upgrading to the PLUS version. It will give you additional features and you will only have to pay once, for your whole malware-free life.

Install MVPS HOSTS - This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
For information on how to download and install, please read this tutorial here:
WinHelp2002
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.

Use an alternative Internet Browser - Many of the exploits are directed to users of Internet Explorer. Try using a different browser instead:
Firefox << Most used, I use this one myself.
Opera

Bookmark general cleanup links - It could be that your computer is becoming slower and slower. This is not always the cause of malware. Most of the times it's malware when you're computer is suddenly getting slow or doing strange. When the slowdown increases slowly check (so now bookmark) these links for tips & tricks:
Help! My computer is slow
Slow Computer? Check here first; it may not be malware

Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Stand Up and Be Counted!
Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints called Malware Complaints. Please register there first!

>> Here << you can see how you can help us.

Good luck in the future, I really hope you are able to get this sorted out. Let me know if you have any questions.

Ken
User avatar
ktreffin
Retired Graduate
 
Posts: 1864
Joined: February 28th, 2007, 11:12 pm
Location: USA, Florida
Top

Re: Computer switches off at random following virus alert

Unread postby NonSuch » August 27th, 2008, 1:10 pm

As this issue is resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Top
Advertisement
Register to Remove
Previous
Topic locked
  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 145 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index