Need help, pc shuts down unwanted & can't open IMF

darylschuurman · October 9, 2011

Hi there,

I'm having major problems for over a few months now;

Occasionally my pc shuts down whenever it wants, installed Advanced System Care 4.0 PRO, cleaned up my pc so far and made it a whole lot faster.

Did a clean install with Iobit Malware Fighter but somehow it won't open after installing.

My pc info:

General

Operating System Microsoft Windows XP Professional

Central Processor AMD Athlon 64 Processor 3200+

User Name Daryl Schuurman

Graphics

Video Adapter NVIDIA GeForce 7600 GS

Video Memory Unknown

Screen Resolution NULL x NULL

Storage

Total Memory 1022,42 MB

Free Memory 407,18 MB

Total Hard disk 149,04 GB

Free Hard disk 119,31 GB

Motherboard

Model K8T890M2AA

Central Processor

CPU Name AMD Athlon 64 Processor 3200+

Code Name Model 15, stepping 2

Manufactory AuthenticAMD

Current Clock Speed 1999 Mhz

Max Clock Speed 1999 Mhz

Voltage 1,3V

External Clock 200 Mhz

Also attached the 2 files as in site protocol.

Hope someone can help me fix this somehow,

Thanks a lot!

dds.txt

attach.txt

darylschuurman · October 9, 2011

Maybe good to say it shuts down way faster when i watch a movie online or play any (flash) games, maybe it has something to do with it.

Superdave · October 10, 2011

Hello and welcome to IOBit Forums. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.

2. The fixes are specific to your problem and should only be used for this issue on this machine.

3. If you don't know or understand something, please don't hesitate to ask.

4. Please DO NOT run any other tools or scans while I am helping you.

5. It is important that you reply to this thread. Do not start a new topic.

6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.

*************************************************************

P2P - I see you have P2P software installed on your machine. (uTorrent)We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

*********************************************

SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)

* Double-click the icon on your desktop to run the installer.

* When asked to Update the program definitions, click Yes

* If you encounter any problems while downloading the updates, manually download and unzip them from here

* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts

* Click the Scanning Control tab.

* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning

•Scan for tracking cookies

•Terminate memory threats before quarantining

•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer

* On the left check the box for the drive you are scanning.

* On the right choose Perform Complete Scan

* Click Next to start the scan. Please be patient while it scans your computer.

* After the scan is complete a summary box will appear. Click OK

* Make sure everything in the white box has a check next to it, then click Next

* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:

•After reboot, double-click the SUPERAntiSpyware icon on your desktop.

•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).

•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)

* Click close and close again to exit the program.

*Copy and Paste the log in your post.

********************************************

Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

**********************************************

Please download ComboFix http://img7.imageshack.us/img7/4930/combofix.gif from BleepingComputer.com

Alternate link: GeeksToGo.com

and save it to your Desktop.

It would be easiest to download using Internet Explorer.

If you insist on using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab

* Set to "Always ask me where to Save the files".

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here

Double click ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

http://i424.photobucket.com/albums/pp322/digistar/Query_RC.gif

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://i424.photobucket.com/albums/pp322/digistar/RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

If you have problems with ComboFix usage, see How to use ComboFix

darylschuurman · October 10, 2011

I've read the instructions and specificly did what you instruced, here are my results.

For some reason it won't upload the SAS Scan log..

mbam-log-2011-10-10 (17-28-21).txt

combofix log.txt

darylschuurman · October 10, 2011

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

Generated 10/10/2011 at 04:15 PM

Application Version : 5.0.1128

Core Rules Database Version : 7773

Trace Rules Database Version: 5585

Scan type : Complete Scan

Total Scan Time : 00:33:42

Operating System Information

Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)

Administrator

Memory items scanned : 431

Memory threats detected : 0

Registry items scanned : 39858

Registry threats detected : 0

File items scanned : 38334

File threats detected : 59

Adware.Tracking Cookie

C:\Documents and Settings\Daryl Schuurman\Cookies\daryl_schuurman@atdmt.combing[2].txt [ /atdmt.combing ]

C:\Documents and Settings\Daryl Schuurman\Cookies\daryl_schuurman@atdmt[2].txt [ /atdmt ]

C:\Documents and Settings\Daryl Schuurman\Cookies\daryl_schuurman@nl.sitestat[5].txt [ /nl.sitestat.com ]

.mediafire.com [ C:\DOCUMENTS AND SETTINGS\DARYL SCHUURMAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UW7AY2W5.DEFAULT\COOKIES.SQLITE ]

.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\DARYL SCHUURMAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UW7AY2W5.DEFAULT\COOKIES.SQLITE ]

.24banners.info [ C:\DOCUMENTS AND SETTINGS\DARYL SCHUURMAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UW7AY2W5.DEFAULT\COOKIES.SQLITE ]

.ps3mediaserver.nl [ C:\DOCUMENTS AND SETTINGS\DARYL SCHUURMAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UW7AY2W5.DEFAULT\COOKIES.SQLITE ]

http://www.mediaplayercodecpack.com [ C:\DOCUMENTS AND SETTINGS\DARYL SCHUURMAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UW7AY2W5.DEFAULT\COOKIES.SQLITE ]

.tradetracker.net [ C:\DOCUMENTS AND SETTINGS\DARYL SCHUURMAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UW7AY2W5.DEFAULT\COOKIES.SQLITE ]

nl.sitestat.com [ C:\DOCUMENTS AND SETTINGS\DARYL SCHUURMAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UW7AY2W5.DEFAULT\COOKIES.SQLITE ]

.liveperson.net [ C:\DOCUMENTS AND SETTINGS\DARYL SCHUURMAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UW7AY2W5.DEFAULT\COOKIES.SQLITE ]

server.iad.liveperson.net [ C:\DOCUMENTS AND SETTINGS\DARYL SCHUURMAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UW7AY2W5.DEFAULT\COOKIES.SQLITE ]

.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\DARYL SCHUURMAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UW7AY2W5.DEFAULT\COOKIES.SQLITE ]

stat.onestat.com [ C:\DOCUMENTS AND SETTINGS\DARYL SCHUURMAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UW7AY2W5.DEFAULT\COOKIES.SQLITE ]

.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\DARYL SCHUURMAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UW7AY2W5.DEFAULT\COOKIES.SQLITE ]

nl.sitestat.com [ C:\DOCUMENTS AND SETTINGS\DARYL SCHUURMAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UW7AY2W5.DEFAULT\COOKIES.SQLITE ]

.getclicky.com [ C:\DOCUMENTS AND SETTINGS\DARYL SCHUURMAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UW7AY2W5.DEFAULT\COOKIES.SQLITE ]

.static.getclicky.com [ C:\DOCUMENTS AND SETTINGS\DARYL SCHUURMAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UW7AY2W5.DEFAULT\COOKIES.SQLITE ]

in.getclicky.com [ C:\DOCUMENTS AND SETTINGS\DARYL SCHUURMAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UW7AY2W5.DEFAULT\COOKIES.SQLITE ]

nl.sitestat.com [ C:\DOCUMENTS AND SETTINGS\DARYL SCHUURMAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UW7AY2W5.DEFAULT\COOKIES.SQLITE ]

.xiti.com [ C:\DOCUMENTS AND SETTINGS\DARYL SCHUURMAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UW7AY2W5.DEFAULT\COOKIES.SQLITE ]

accounts.google.com [ C:\DOCUMENTS AND SETTINGS\DARYL SCHUURMAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UW7AY2W5.DEFAULT\COOKIES.SQLITE ]

.kaspersky.122.2o7.net [ C:\DOCUMENTS AND SETTINGS\DARYL SCHUURMAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UW7AY2W5.DEFAULT\COOKIES.SQLITE ]

wstat.wibiya.com [ C:\DOCUMENTS AND SETTINGS\DARYL SCHUURMAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UW7AY2W5.DEFAULT\COOKIES.SQLITE ]

.apmebf.com [ C:\DOCUMENTS AND SETTINGS\DARYL SCHUURMAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UW7AY2W5.DEFAULT\COOKIES.SQLITE ]

.statcounter.com [ C:\DOCUMENTS AND SETTINGS\DARYL SCHUURMAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UW7AY2W5.DEFAULT\COOKIES.SQLITE ]

C:\DOCUMENTS AND SETTINGS\GAST\COOKIES\GAST@AD.ZANOX[2].TXT [ /AD.ZANOX ]

C:\DOCUMENTS AND SETTINGS\GAST\COOKIES\GAST@ADS.ADGO-ONLINE[2].TXT [ /ADS.ADGO-ONLINE ]

C:\DOCUMENTS AND SETTINGS\GAST\COOKIES\GAST@ADS.CREATIVE-SERVING[2].TXT [ /ADS.CREATIVE-SERVING ]

C:\DOCUMENTS AND SETTINGS\GAST\COOKIES\GAST@ADS.NETLOG[1].TXT [ /ADS.NETLOG ]

C:\DOCUMENTS AND SETTINGS\GAST\COOKIES\GAST@ADS.PUBMATIC[2].TXT [ /ADS.PUBMATIC ]

C:\DOCUMENTS AND SETTINGS\GAST\COOKIES\GAST@ADSERVER.ADREMEDY[1].TXT [ /ADSERVER.ADREMEDY ]

C:\DOCUMENTS AND SETTINGS\GAST\COOKIES\GAST@ADSERVER.YOUNG-DOGS[1].TXT [ /ADSERVER.YOUNG-DOGS ]

C:\DOCUMENTS AND SETTINGS\GAST\COOKIES\GAST@BLUEMANGO.SOLUTION.WEBORAMA[1].TXT [ /BLUEMANGO.SOLUTION.WEBORAMA ]

C:\DOCUMENTS AND SETTINGS\GAST\COOKIES\GAST@CONTENT.YIELDMANAGER[1].TXT [ /CONTENT.YIELDMANAGER ]

C:\DOCUMENTS AND SETTINGS\GAST\COOKIES\GAST@CONTENT.YIELDMANAGER[2].TXT [ /CONTENT.YIELDMANAGER ]

C:\DOCUMENTS AND SETTINGS\GAST\COOKIES\GAST@EAS.APM.EMEDIATE[1].TXT [ /EAS.APM.EMEDIATE ]

C:\DOCUMENTS AND SETTINGS\GAST\COOKIES\GAST@MEDIA6DEGREES[2].TXT [ /MEDIA6DEGREES ]

C:\DOCUMENTS AND SETTINGS\GAST\COOKIES\GAST@SERVING-SYS[1].TXT [ /SERVING-SYS ]

C:\DOCUMENTS AND SETTINGS\GAST\COOKIES\GAST@WEBORAMA[1].TXT [ /WEBORAMA ]

Superdave · October 10, 2011

Please do not attach your logs unless absolutely necessary. Copy and paste them in your reply(ies)

Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1

Link 2

* Unzip SecurityCheck.zip and a folder named Security Check should appear.

* Open the Security Check folder and double-click Security Check.bat

* Follow the on-screen instructions inside of the black box.

* A Notepad document should open automatically called checkup.txt

* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

**************************************************

SysProt Antirootkit

Download

SysProt Antirootkit from the link below (you will find it at the bottom

of the page under attachments, or you can get it from one of the

mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

Double click Sysprot.exe to start the program.
Click on the Log tab.
In the Write to log box select the following items.
- Process << Selected
- Kernel Modules << Selected
- SSDT << Selected
- Kernel Hooks << Selected
- IRP Hooks << NOT Selected
- Ports << NOT Selected
- Hidden Files << Selected
[*]At the bottom of the page
- Hidden Objects Only << Selected
[*]Click on the Create Log button on the bottom right.
[*]After a few seconds a new window should appear.
[*]Select Scan Root Drive. Click on the Start button.
[*]When it is complete a new window will appear to indicate that the scan is finished.
[*]The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

darylschuurman · October 10, 2011

The first one:

Results of screen317's Security Check version 0.99.24

Windows XP Service Pack 3 x86

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java 6 Update 27

Adobe Flash Player ( 10.3.183.10) Flash Player Out of Date!

Mozilla Firefox (x86 nl..)

````````````````````````````````

Process Check:

objlist.exe by Laurent

IObit IObit Malware Fighter IMFsrv.exe

``````````End of Log````````````

and the second one:

SysProt AntiRootkit v1.0.1.0

by swatkat

******************************************************************************************

No Hidden Processes found

******************************************************************************************

Kernel Modules:

Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys

Service Name: ---

Module Base: F3897000

Module End: F38AF000

Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS

Service Name: ---

Module Base: F7B6A000

Module End: F7B6C000

Hidden: Yes

******************************************************************************************

SSDT:

Function Name: ZwCreateKey

Address: F74309FC

Driver Base: F73EF000

Driver End: F7440000

Driver Name: PCTCore.sys

Function Name: ZwCreateProcess

Address: F73FF8C0

Driver Base: F73EF000

Driver End: F7440000

Driver Name: PCTCore.sys

Function Name: ZwCreateProcessEx

Address: F73FFB88

Driver Base: F73EF000

Driver End: F7440000

Driver Name: PCTCore.sys

Function Name: ZwDeleteKey

Address: F74312F6

Driver Base: F73EF000

Driver End: F7440000

Driver Name: PCTCore.sys

Function Name: ZwDeleteValueKey

Address: F743160E

Driver Base: F73EF000

Driver End: F7440000

Driver Name: PCTCore.sys

Function Name: ZwOpenKey

Address: F742FB80

Driver Base: F73EF000

Driver End: F7440000

Driver Name: PCTCore.sys

Function Name: ZwRenameKey

Address: F7431AD8

Driver Base: F73EF000

Driver End: F7440000

Driver Name: PCTCore.sys

Function Name: ZwSetValueKey

Address: F7430D5C

Driver Base: F73EF000

Driver End: F7440000

Driver Name: PCTCore.sys

Function Name: ZwTerminateProcess

Address: F73FF4BE

Driver Base: F73EF000

Driver End: F7440000

Driver Name: PCTCore.sys

******************************************************************************************

No Kernel Hooks found

******************************************************************************************

Hidden files/folders:

Object: C:\Qoobox\BackEnv\AppData.folder.dat

Status: Access denied

Object: C:\Qoobox\BackEnv\Cache.folder.dat

Status: Access denied

Object: C:\Qoobox\BackEnv\Cookies.folder.dat

Status: Access denied

Object: C:\Qoobox\BackEnv\Desktop.folder.dat

Status: Access denied

Object: C:\Qoobox\BackEnv\Favorites.folder.dat

Status: Access denied

Object: C:\Qoobox\BackEnv\History.folder.dat

Status: Access denied

Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat

Status: Access denied

Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat

Status: Access denied

Object: C:\Qoobox\BackEnv\Music.folder.dat

Status: Access denied

Object: C:\Qoobox\BackEnv\NetHood.folder.dat

Status: Access denied

Object: C:\Qoobox\BackEnv\Personal.folder.dat

Status: Access denied

Object: C:\Qoobox\BackEnv\Pictures.folder.dat

Status: Access denied

Object: C:\Qoobox\BackEnv\PrintHood.folder.dat

Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.dat

Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat

Status: Access denied

Object: C:\Qoobox\BackEnv\Programs.folder.dat

Status: Access denied

Object: C:\Qoobox\BackEnv\Recent.folder.dat

Status: Access denied

Object: C:\Qoobox\BackEnv\SendTo.folder.dat

Status: Access denied

Object: C:\Qoobox\BackEnv\SetPath.bat

Status: Access denied

Object: C:\Qoobox\BackEnv\StartMenu.folder.dat

Status: Access denied

Object: C:\Qoobox\BackEnv\StartUp.folder.dat

Status: Access denied

Object: C:\Qoobox\BackEnv\SysPath.dat

Status: Access denied

Object: C:\Qoobox\BackEnv\Templates.folder.dat

Status: Access denied

Object: C:\Qoobox\BackEnv\VikPev00

Status: Access denied

Superdave · October 10, 2011

Looking over your log it seems you don't have any antivirus software.

Before we continue download and install a free antivirus.

Remember to only install one antivirus!

1) Avast! Home Edition

2) AVG Free Edition

3) Avira AntiVir Personal

4) Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download

4-a) Microsoft Security Essentials for Windows XP

5) Comodo Antivirus (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)

6) PC Tools AntiVirus Free Edition

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.

***************************************************

Update your Adobe Reader. get.adobe.com/reader.

Be sure to uncheck the Free McAfee Security Scan so it isn't installed.

***************************************************************

How's the computer running now?

ESET Online Scan

Scan your computer with the ESET FREE Online Virus Scan

* Click the ESET Online Scanner button.

* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop

* Double click on the esetsmartinstaller_enu.exe icon on your desktop.

* Place a check mark next to YES, I accept the Terms of Use.

* Click the Start button.

* Accept any security warnings from your browser.

* Leave the check mark next to Remove found threats and place a check next to Scan archives.

* Click the Start button.

* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.

* When the scan completes, click List of found threats.

* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.

* Click the Back button then click Finish.

In your next reply please include the ESET Online Scan Log

darylschuurman · October 11, 2011

So far i have installed Avast! Home Edition and updated to Adobe Reader 10

I can't fully perfom the ESET Scan, at 99% it freezes my pc, this happened like 6 or 7 times and i'm tired of trying to scan with ESET.

Superdave · October 12, 2011

Please try this one.

Run the BitDefender Online scanner

Agree to the license and then select Scan. DO NOT CHANGE THE OPTIONS TO SHOW ALL FILES SCANNED. That will make your logs huge and we don't need to see clean files.

Once Bitdefender completes the scan:

Click-on the Detected Problems tab.

Then select Click here to export the scan report.

When the window comes up to save the report, change the Save as type: box to:

Text (Tab Delimited) (*.txt) and then in the File name box enter change to bdscan then click Save.

This will save a file named bdscan.txt. I would suggest saving it to the Desktop so you can easily find it. (take notice of where you save it so you can find it later).

This bdcan.txt file will actually contain HTML code that we can easily view later while reviewing your log. All we have to do is rename the file to bdscan.html.

If you do not follow these step, you will have an incorrect log or worse a log summary which is useless to us.

Post the bdscan.txt file as an Attachment.

darylschuurman · October 12, 2011

My Internet Explorer is pretty messed up, so i used it with Mozilla Firefox.

Installed the Add-On and performed the scan.

Saved as you asked.

bdscan.txt.txt

darylschuurman · October 12, 2011

Something went wrong when attaching

bdscan.txt.txt

Superdave · October 12, 2011

That looks good. How's the computer doing now?

darylschuurman · October 13, 2011

Still has the shutting off problem, pc seems slightly faster but that could be just me.

That looks good. How's the computer doing now?

Superdave · October 13, 2011

Still has the shutting off problem, pc seems slightly faster but that could be just me.

I don't think that's caused by any infection. Let's do some cleanup.

To uninstall ComboFix

Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
In the field, type in ComboFix /uninstall

http://i424.photobucket.com/albums/pp322/digistar/Combofix_uninstall_image.jpg

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

Then, press Enter, or click OK.
This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

***************************************************

Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.

* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.

* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

*************************************************

Looking over your log it seems you don't have any evidence of a third party firewall.

Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

Remember only install ONE firewall

1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)

2) Online Armor

3) Agnitum Outpost

4) PC Tools Firewall Plus

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

**************************************************

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.

* Using SpywareBlaster to protect your computer from Spyware and Malware

* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.

Safe Surfing!

Need help, pc shuts down unwanted & can't open IMF

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Archived