Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Windows Unexpected Shutdown Recovery happens daily

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Windows Unexpected Shutdown Recovery happens daily

Unread postby GirlinWayside » September 14th, 2009, 10:35 am

Logfile of random's system information tool 1.06 (written by random/random)
Run by Kelly at 2009-09-14 10:34:10
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 166 GB (72%) free of 229 GB
Total RAM: 1015 MB (19% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:34:41 AM, on 9/14/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\jureg.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\AOL\1201650634\ee\aolsoftware.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\wuauclt.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Users\Kelly\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Kelly.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=70001
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freegasmoneyonline.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1201650634\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKLM\..\RunOnce: [Uninstall Adobe Download Manager] "C:\Windows\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper.dll",Uninstall /Get1noarp
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0) -
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player ... taller.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{5699845C-2941-4113-895E-3091E3CA6C2E}: NameServer = 208.67.222.222 ,208.67.222.222
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - Unknown owner - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe (file missing)
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 9765 bytes

======Scheduled tasks folder======

C:\Windows\tasks\HPCeeScheduleForKelly.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-11-20 911600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
HP Print Clips - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll [2007-03-02 177768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-09-14 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2008-11-20 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-11-20 911600]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"=c:\hp\support\hpsysdrv.exe [2007-04-18 65536]
"OsdMaestro"=C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [2007-02-15 118784]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-01-15 4874240]
"SunJavaUpdateReg"=C:\Windows\system32\jureg.exe [2008-06-10 54672]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]
"HostManager"=C:\Program Files\Common Files\AOL\1201650634\ee\AOLSoftware.exe [2006-09-25 50736]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-04-01 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-04-01 166424]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-04-01 133656]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-10 116040]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-10 289064]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-09-14 149280]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"=C:\Windows\SMINST\launcher.exe [2007-10-09 44168]
"Uninstall Adobe Download Manager"=C:\Program Files\NOS\bin\getPlus_Helper.dll [2009-09-03 48368]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1233920]
"HPAdvisor"=C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [2007-10-03 1783136]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2007-09-20 455968]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2009-02-20 4363504]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Snapfish Media Detector.lnk - C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe

C:\Users\Kelly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-03-25 204800]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskmgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c3c231c6-9ad4-11dc-bacf-806e6f6e6963}]
shell\AutoRun\command - E:\Setup.exe -auto


======File associations======

.js - edit -
.js - open -
.txt - open -

======List of files/folders created in the last 3 months======

2009-09-14 10:32:41 ----A---- C:\Windows\system32\javaws.exe
2009-09-14 10:32:41 ----A---- C:\Windows\system32\javaw.exe
2009-09-14 10:32:41 ----A---- C:\Windows\system32\java.exe
2009-09-14 10:26:20 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-09-14 10:25:31 ----D---- C:\ProgramData\NOS
2009-09-14 10:25:31 ----D---- C:\Program Files\NOS
2009-09-10 11:46:03 ----D---- C:\_OTM
2009-09-10 11:44:13 ----D---- C:\Program Files\ERUNT
2009-09-09 04:28:36 ----A---- C:\Windows\system32\netiohlp.dll
2009-09-09 04:28:35 ----A---- C:\Windows\system32\TCPSVCS.EXE
2009-09-09 04:28:35 ----A---- C:\Windows\system32\ROUTE.EXE
2009-09-09 04:28:35 ----A---- C:\Windows\system32\NETSTAT.EXE
2009-09-09 04:28:35 ----A---- C:\Windows\system32\netevent.dll
2009-09-09 04:28:35 ----A---- C:\Windows\system32\MRINFO.EXE
2009-09-09 04:28:35 ----A---- C:\Windows\system32\HOSTNAME.EXE
2009-09-09 04:28:35 ----A---- C:\Windows\system32\finger.exe
2009-09-09 04:28:35 ----A---- C:\Windows\system32\ARP.EXE
2009-09-09 04:27:54 ----A---- C:\Windows\system32\wlansvc.dll
2009-09-09 04:27:54 ----A---- C:\Windows\system32\wlansec.dll
2009-09-09 04:27:54 ----A---- C:\Windows\system32\wlanmsm.dll
2009-09-09 04:27:54 ----A---- C:\Windows\system32\L2SecHC.dll
2009-09-09 04:27:43 ----A---- C:\Windows\system32\WMVCORE.DLL
2009-09-09 04:27:43 ----A---- C:\Windows\system32\mf.dll
2009-09-09 04:26:58 ----A---- C:\Windows\system32\jscript.dll
2009-09-08 11:44:18 ----D---- C:\Rooter$
2009-09-02 16:52:43 ----A---- C:\Windows\system32\Apphlpdm.dll
2009-09-02 16:52:42 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2009-08-26 03:01:32 ----A---- C:\Windows\system32\tzres.dll
2009-08-26 00:25:28 ----A---- C:\Windows\system32\wdigest.dll
2009-08-26 00:25:28 ----A---- C:\Windows\system32\msv1_0.dll
2009-08-26 00:25:28 ----A---- C:\Windows\system32\kerberos.dll
2009-08-26 00:25:27 ----A---- C:\Windows\system32\schannel.dll
2009-08-26 00:25:27 ----A---- C:\Windows\system32\lsasrv.dll
2009-08-26 00:25:26 ----A---- C:\Windows\system32\secur32.dll
2009-08-26 00:25:26 ----A---- C:\Windows\system32\lsass.exe
2009-08-12 00:45:22 ----A---- C:\Windows\system32\atl.dll
2009-08-12 00:45:21 ----A---- C:\Windows\system32\wkssvc.dll
2009-08-12 00:45:19 ----A---- C:\Windows\system32\mstscax.dll
2009-08-12 00:45:17 ----A---- C:\Windows\system32\avifil32.dll
2009-08-12 00:45:11 ----A---- C:\Windows\system32\wmp.dll
2009-08-12 00:45:10 ----A---- C:\Windows\system32\wmpdxm.dll
2009-08-12 00:45:10 ----A---- C:\Windows\system32\spwmp.dll
2009-08-12 00:45:09 ----A---- C:\Windows\system32\dxmasf.dll
2009-08-12 00:45:08 ----A---- C:\Windows\system32\wmploc.DLL
2009-07-28 22:03:21 ----A---- C:\Windows\system32\occache.dll
2009-07-28 22:03:21 ----A---- C:\Windows\system32\mshtml.dll
2009-07-28 22:03:20 ----A---- C:\Windows\system32\ieframe.dll
2009-07-28 22:03:18 ----A---- C:\Windows\system32\urlmon.dll
2009-07-28 22:03:17 ----A---- C:\Windows\system32\wininet.dll
2009-07-28 22:03:16 ----A---- C:\Windows\system32\iertutil.dll
2009-07-28 22:03:16 ----A---- C:\Windows\system32\iedkcs32.dll
2009-07-28 22:03:15 ----A---- C:\Windows\system32\msfeeds.dll
2009-07-28 22:03:15 ----A---- C:\Windows\system32\ieaksie.dll
2009-07-28 22:03:14 ----A---- C:\Windows\system32\ieUnatt.exe
2009-07-28 22:03:14 ----A---- C:\Windows\system32\ieencode.dll
2009-07-28 22:03:13 ----A---- C:\Windows\system32\mstime.dll
2009-07-28 22:03:13 ----A---- C:\Windows\system32\jsproxy.dll
2009-07-15 04:16:47 ----A---- C:\Windows\system32\t2embed.dll
2009-07-15 04:16:47 ----A---- C:\Windows\system32\fontsub.dll
2009-07-15 04:16:47 ----A---- C:\Windows\system32\atmfd.dll
2009-07-15 04:16:46 ----A---- C:\Windows\system32\dciman32.dll
2009-07-05 10:03:27 ----D---- C:\Program Files\Avira

======List of files/folders modified in the last 3 months======

2009-09-14 10:34:08 ----D---- C:\Windows\temp
2009-09-14 10:33:03 ----D---- C:\Windows\Prefetch
2009-09-14 10:32:53 ----SHD---- C:\Windows\Installer
2009-09-14 10:32:41 ----D---- C:\Windows\System32
2009-09-14 10:32:02 ----A---- C:\Windows\system32\deploytk.dll
2009-09-14 10:31:54 ----D---- C:\Program Files\Java
2009-09-14 10:31:43 ----SHD---- C:\System Volume Information
2009-09-14 10:30:07 ----D---- C:\Program Files\Adobe
2009-09-14 10:29:52 ----D---- C:\ProgramData\Adobe
2009-09-14 10:29:19 ----D---- C:\Program Files\Common Files\Adobe
2009-09-14 10:26:31 ----D---- C:\Users\Kelly\AppData\Roaming\Adobe
2009-09-14 10:26:20 ----D---- C:\Program Files\Common Files
2009-09-14 10:25:31 ----RD---- C:\Program Files
2009-09-14 10:25:31 ----HD---- C:\ProgramData
2009-09-14 10:22:04 ----D---- C:\Windows\SMINST
2009-09-14 08:48:44 ----D---- C:\Windows\system32\catroot2
2009-09-13 16:46:35 ----D---- C:\Windows
2009-09-12 09:58:45 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-09-12 09:56:59 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-09-12 04:47:11 ----D---- C:\Program Files\Mozilla Firefox
2009-09-12 00:24:30 ----D---- C:\Windows\Minidump
2009-09-10 11:44:53 ----D---- C:\Windows\erdnt
2009-09-10 11:17:24 ----D---- C:\Windows\Debug
2009-09-10 10:56:23 ----RSD---- C:\Windows\Fonts
2009-09-10 03:22:41 ----D---- C:\Windows\rescache
2009-09-10 03:18:32 ----D---- C:\Windows\winsxs
2009-09-10 03:06:06 ----D---- C:\Program Files\Microsoft Silverlight
2009-09-10 03:04:49 ----D---- C:\Windows\system32\en-US
2009-09-10 03:04:48 ----D---- C:\Windows\system32\drivers
2009-09-10 03:01:49 ----D---- C:\Windows\system32\catroot
2009-09-10 03:01:44 ----D---- C:\Program Files\Windows Mail
2009-09-10 03:00:50 ----D---- C:\Windows\ehome
2009-09-03 03:01:26 ----D---- C:\Windows\AppPatch
2009-09-02 03:03:24 ----D---- C:\Windows\Microsoft.NET
2009-08-28 17:38:20 ----A---- C:\Windows\system32\mrt.exe
2009-08-22 00:06:36 ----D---- C:\ProgramData\HP
2009-08-15 10:02:32 ----D---- C:\Program Files\MySpace
2009-08-15 09:48:28 ----D---- C:\Windows\system32\wbem
2009-08-15 09:47:45 ----D---- C:\Windows\Tasks
2009-08-15 09:47:45 ----D---- C:\Windows\system32\spool
2009-08-15 09:47:44 ----D---- C:\Windows\system32\CodeIntegrity
2009-08-15 09:47:44 ----D---- C:\Windows\inf
2009-08-15 09:47:39 ----D---- C:\ProgramData\HP Product Assistant
2009-08-15 09:47:39 ----D---- C:\ProgramData\FLEXnet
2009-08-15 09:47:39 ----D---- C:\Program Files\Windows Media Player
2009-08-15 09:47:38 ----D---- C:\Windows\registration
2009-08-11 01:14:41 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-07-29 03:08:01 ----D---- C:\Program Files\Internet Explorer
2009-07-18 17:41:00 ----D---- C:\Combo-Fix
2009-07-18 15:54:46 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-18 15:54:46 ----D---- C:\Program Files\CCleaner
2009-07-05 10:03:27 ----D---- C:\ProgramData\Avira
2009-06-23 19:20:29 ----D---- C:\Windows\system32\config
2009-06-16 09:42:03 ----SD---- C:\Windows\Downloaded Program Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-08-05 55656]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 8704]
R3 GEARAspiWDM;GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HSF_DP;HSF_DP; C:\Windows\system32\DRIVERS\HSX_DP.sys [2008-05-08 980992]
R3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys [2008-05-08 266752]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-03-25 2307072]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-01-15 2047576]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-08-03 91648]
R3 wanatw;WAN Miniport (ATW); C:\Windows\system32\DRIVERS\wanatw4.sys [2006-11-01 33588]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-05-08 661504]
S3 catchme;catchme; \??\C:\Combo-Fix\catchme.sys []
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-19 131584]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-19 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-19 36864]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-03-25 2307072]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-23 611664]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-08-05 185089]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-10 116040]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-09-19 65536]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-09-25 79136]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 ProtexisLicensing;ProtexisLicensing; C:\Windows\system32\PSIService.exe [2006-11-02 174656]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-18 386560]
R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
R3 getPlusHelper;@C:\Program Files\NOS\bin\getPlus_Helper.dll,-101; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-10 532264]
S3 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2006-10-23 46640]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-02-13 654848]
S3 GameConsoleService;GameConsoleService; C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe []
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------
GirlinWayside
Regular Member
 
Posts: 34
Joined: January 26th, 2009, 10:13 am
Advertisement
Register to Remove

Re: Windows Unexpected Shutdown Recovery happens daily

Unread postby Cypher » September 14th, 2009, 1:12 pm

Hi GirlinWayside.
How is your computer performing now?

Please run CCleaner.
CAUTION: Please do NOT use the "Registry" button in the left pane.
This is a built-in registry cleaner. Removing certain entries can render your computer inoperable!

Next

Kaspersky Online Scan

Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply.

Note: There is a tutorial Here If you need one.

If you have trouble running the Kespersky scan.

  1. Please go to Bitdefender website to perform an online scan.
  2. Click on I Agree.
  3. You will be prompted to install an ActiveX. Please allow it and install it.
  4. Under Select what you want to check for viruses, click on the Click here link.
    • Check (tick) the Desktop box.
    • Click on + sign next to My Computer. Uncheck (untick) your CD or DVD drive box(es).
    • Uncheck the Network box.
    • Click OK.
  5. Under Settings, click on the Click here link.
    • Under Action options, select Report only option.
    • Click on the + sign next to Second Action.
    • Select Report only option.
    • Click OK.
  6. Click on Click here to scan link.
  7. It will start loading the antivirus scan engine and virus definitions and start the scan. This will take a while. Please be patient.
  8. Click on Click here to export the scan report.
  9. Click on Desktop on your left.
  10. In the File Name box, copy and paste in Report.txt
  11. In the Save As Type box, select Text (Tab Delimited) (*.txt) file.
  12. Click Save.

In your next reply.

1. kaspersky or bitdefender logs.
2. An update on how your computer is performing.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Windows Unexpected Shutdown Recovery happens daily

Unread postby GirlinWayside » September 16th, 2009, 10:13 am

Im here, running kaspersky now.. Don't close me out! :compress:

Edited to add:

This is taking a very long time. Kaspersky is still running (time is now 12:48pm) Its been over two hours.. Is this normal? :?:
GirlinWayside
Regular Member
 
Posts: 34
Joined: January 26th, 2009, 10:13 am

Re: Windows Unexpected Shutdown Recovery happens daily

Unread postby Cypher » September 16th, 2009, 12:58 pm

Hi :)
Yes that scan can take some time, No hurry just post the results when ready.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Windows Unexpected Shutdown Recovery happens daily

Unread postby GirlinWayside » September 16th, 2009, 6:42 pm

ok, after I accidentially closed out the window and had to restart.. :roll:

here is the report..

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Wednesday, September 16, 2009
Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, September 16, 2009 20:40:29
Records in database: 2836089
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Objects scanned: 174173
Threats found: 1
Infected objects found: 1
Suspicious objects found: 0
Scan duration: 03:08:49


File name / Threat / Threats count
C:\Users\Kelly\Pictures\SetupGamevance.exe Infected: not-a-virus:AdWare.Win32.Gamevance.atw 1

Selected area has been scanned.
GirlinWayside
Regular Member
 
Posts: 34
Joined: January 26th, 2009, 10:13 am

Re: Windows Unexpected Shutdown Recovery happens daily

Unread postby GirlinWayside » September 16th, 2009, 6:43 pm

did this automatically clean the infected file?? I will give you a report first thing tomorrow morning as to how things are running.. ;)
GirlinWayside
Regular Member
 
Posts: 34
Joined: January 26th, 2009, 10:13 am

Re: Windows Unexpected Shutdown Recovery happens daily

Unread postby Cypher » September 17th, 2009, 8:11 am

Hi GirlinWayside.
Good work thank you :)
You have Gamevance installed.
C:\Users\Kelly\Pictures\SetupGamevance.exe

this is adware do you want to keep it?
Also please let me know how your computer is performing now.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Windows Unexpected Shutdown Recovery happens daily

Unread postby GirlinWayside » September 17th, 2009, 10:21 am

I have NO clue how I got that and NO, I don't want to keep it. MY browsers (FF and IE) were crashing and not responding so I ran the Bit Defender too. Here is the log from that scan..

BitDefender Online Scanner - Real Time Virus Report


Generated at: Thu, Sep 17, 2009 - 10:14:42


--------------------------------------------------------------------------------
Scan Info

Scanned Files
931608

Infected Files
3

Virus Detected
Adware.GameVance.C
1
Trojan.FakeAlert.AKC
1
Adware.Generic.53752
1


I will report back after some usage and let you know how it is running.. :)
GirlinWayside
Regular Member
 
Posts: 34
Joined: January 26th, 2009, 10:13 am

Re: Windows Unexpected Shutdown Recovery happens daily

Unread postby Cypher » September 17th, 2009, 2:30 pm

Hi GirlinWayside.
When you say IE and FF are crashing what exactly do you mean?.
Are you getting any error messages when this happens?


Re-run OTM
  • Right-click OTM.exe and chose Run as Administrator to run it.
  • Paste the following code under the Image area. Do not include the word Code.
    Code: Select all
    :Files
    
    C:\Users\Kelly\Pictures\SetupGamevance.exe
    
    :Commands
    [purity]
    [emptytemp]
    [Reboot]
    

    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
    • Push the large Image button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

In your next reply.

1. OTM log.
2. An explanition of your browrer problems.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Windows Unexpected Shutdown Recovery happens daily

Unread postby GirlinWayside » September 17th, 2009, 4:05 pm

All processes killed
========== FILES ==========
File/Folder C:\Users\Kelly\Pictures\SetupGamevance.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest

User: Kelly
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 4766678 bytes
->Java cache emptied: 25679350 bytes
->FireFox cache emptied: 39196773 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
C:\Windows\msdownld.tmp folder deleted successfully.
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
File delete failed. C:\Windows\temp\fwtsqmfile00.sqm scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\fwtsqmfile01.sqm scheduled to be deleted on reboot.
Windows Temp folder emptied: 717559 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 67.10 mb


OTM by OldTimer - Version 3.0.0.6 log created on 09172009_152300

What happens is the browser window turns white and quits responding. It happens mostly in FF
GirlinWayside
Regular Member
 
Posts: 34
Joined: January 26th, 2009, 10:13 am

Re: Windows Unexpected Shutdown Recovery happens daily

Unread postby Cypher » September 18th, 2009, 7:33 am

Hi GirlinWayside.

Run a File Search
Press Start-> All programs > accessories > Run, copy/paste the following command into the box and press OK:
cmd /c dir C:\*.* /L /A /B /S|Find "gamevance" >> "%userprofile%\desktop\look.txt"
A blank command window will open on your desktop, then close in a minute or two. This is normal.
A file called look.txt should appear on your Desktop. Please post the contents of this file in your next post.

Next.

I would like you to Run FF with no add-ons, then let me know if your FF browser still quits responding.

Run FF with no add-ons.

Go to Start
In the Start Search window, type Firefox (do not hit enter - search results will be displayed as you type)
Then select Mozilla Firefox (Safe Mode) to launch Firefox with all Add-ons disabled.

In your next reply.

1. look.txt
2. An update on your browser problem.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Windows Unexpected Shutdown Recovery happens daily

Unread postby GirlinWayside » September 20th, 2009, 2:56 pm

the look.txt file is empty - I will run FF today with no ad on's and report later how it is working :cheers:
GirlinWayside
Regular Member
 
Posts: 34
Joined: January 26th, 2009, 10:13 am

Re: Windows Unexpected Shutdown Recovery happens daily

Unread postby Cypher » September 22nd, 2009, 6:33 am

Hi :)
Have you Run FF with no add-ons yet?
Please let me know the result.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Windows Unexpected Shutdown Recovery happens daily

Unread postby GirlinWayside » September 22nd, 2009, 7:42 am

yes, I ran it without ad ons and it appeared to run better - I was online for about 2 hours without any problems at all.
GirlinWayside
Regular Member
 
Posts: 34
Joined: January 26th, 2009, 10:13 am

Re: Windows Unexpected Shutdown Recovery happens daily

Unread postby Cypher » September 23rd, 2009, 5:47 am

Hi GirlinWayside.

The problems you are still experiencing are not coming from malware as all of your latest logs have come back clean.
When I am faced with this type of problem I go to these sites below. I have asked for help there myself and they have always been able to solve my problems.

Tech support guy


And

What the tech


So as I said above your logs are clean, I hope you can resolve your other problem with the links that I provided.


Clean up with OTM

  • Right-click OTM.exe and chose Run as administrator to start the program.
  • Close all other programs apart from OTMoveIt3 as this step will require a reboot
  • On the OTM main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.


Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:


Hide system files

  1. Open My Computer.
  2. Go to Tools > Folder Options.
  3. Select the View tab.
  4. Scroll down to Hidden files and folders.
  5. Select Do not show hidden files and folders.
  6. Check (tick) Hide extensions of known file types.
  7. Check (tick) Hide protected operating system files (Recommended).
  8. Click OK.
  9. Close My Computer.

    Create a new, clean System Restore point

    1. Click on Start > All Programs > Accessories > System Tools > System Restore.
    2. On the Welcome Page, select Create a restore point. Click Next.
    3. Give this restore point a descriptive name and click Create.
    4. When done, click Close.

Warning: Do not clear infected System Restore points before creating a new System Restore point first!

Please read the above to create a new System Restore point first, then clear out the infected System Restore points.


Flush infected System Restore points

1. Right click on My Computer and select Properties.
2. Select the System Restore tab.
3. Check (tick) Turn off system restore on all drives box.
4. Click Apply.
5. Uncheck (untick) Turn off system restore on all drives box.
6. Click OK.
7. Restart your computer.
Note: Do this only ONCE, don't flush it regularly.



Your version of java is outdated

Install the latest version Here

You version of Adobe Reader is outdated

Update to the latest version Here


Here are some free programs I recommend that could help you improve your computer's security.


Install Sitehound
SiteHound is a toolbar for Microsoft Internet Explorer and Mozilla Firefox which alerts you if you're about to enter a potentially dangerous website.
You can find more information and download it from Here

Install WinPatrol
As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
For more information, please visit HERE

Install MVPS Hosts File From Here

The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
You can Find the Tutorial HERE

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Visit Microsoft often to get the latest updates for your computer
You can do that HERE

Please check out Tony Klein's article "How did I get infected in the first place?"

Read some information HERE On how to prevent Malware

Is your pc running slow?
Read What to do if your Computer is running slowly

Safe surfing! :)
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 474 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware