My laptop keeps on shutting off with no reason

Closed
farahhh Posts 5 Registration date Wednesday November 6, 2013 Status Member Last seen November 6, 2013 - Nov 6, 2013 at 05:00 AM
Ambucias Posts 47360 Registration date Monday February 1, 2010 Status Moderator Last seen September 1, 2021 - Nov 6, 2013 at 07:10 AM
Hello,




Please help
how can i fix it?
<a href="http://speedy.sh/dZ9r4/ZHPDiag.txt">Download at SpeedyShare</a>

1 reply

Ambucias Posts 47360 Registration date Monday February 1, 2010 Status Moderator Last seen September 1, 2021 11,255
Nov 6, 2013 at 05:38 AM
Salam Farah

You system is badly infected by 63 malware: adware, a trojan horse and hyjacker viruses.

Please follow these instructions to the letter: (you may wish to print them)

1. Close all applications

2. Select and copy all of the following bold lines. This a script especially for you and must not be copied by any other user
----------------------------------------------------------------------------------
G2 - GCE: Preference [User Data\Default] [oglbipcbkmlknhfhabolnniekmlhfoek] Lyrics for Google Chrome v.2.5.4, (Activé) =>Adware.AddLyrics
M3 - MFPP: Plugins - [pc] -- C:\Program Files\Mozilla FireFox\searchplugins\babylon.xml =>Toolbar.Babylon
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com =>Toolbar.Babylon
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} . (.Microsoft Corporation - GrooveShellExtensions Module.) -- C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll =>Trojan.FindFDSearch
O23 - Service: WebCake Desktop Updater (WebCake Desktop Updater) . (...) - C:\Program Files\WebCake\WebCakeDesktop.Updater.exe (.not file.) =>Adware.WebCake
O23 - Service: Wsys Service (WsysSvc) . (...) - C:\ProgramData\eSafe\eGdpSvc.exe (.not file.) =>PUP.eSafeSecurity
[MD5.00000000000000000000000000000000] [APT] [Desk 365 RunAsStdUser] (...) -- C:\Program Files\Desk 365\desk365.exe (.not file.) [0] =>Hijacker.22Find
O42 - Logiciel: Babylon toolbar - (...) [HKLM] -- BabylonToolbar =>Toolbar.Babylon
O42 - Logiciel: HDVidCodec - (.hdvidcodec.com.) [HKLM] -- 1ClickDownload =>PUP.1ClickDownloader
O42 - Logiciel: HDvid Codec V1 - (.installdaddy.) [HKLM] -- HDvid Codec V1 =>PUP.SoftwareEngine
O42 - Logiciel: WebCake 3.00 - (.WebCake LLC.) [HKLM] -- {C4ED781C-7394-4906-AAFF-D6AB64FF7C38} =>Adware.WebCake
O42 - Logiciel: Wsys Control 1.0.0.2557 - (.Wsys Co., Ltd..) [HKLM] -- WsysControl =>PUP.eSafeSecurity
[HKCU\Software\AppDataLow\Software\HDvid Codec V1] =>PUP.SoftwareEngine
[HKCU\Software\BabylonChromeExtension] =>Toolbar.Babylon
[HKLM\Software\V9] => PUP.V9Software
[HKLM\Software\deskSvc]
O43 - CFD: 10/27/2013 - 5:48:25 PM - [4.138] ----D C:\Program Files\HDvid Codec V1 =>PUP.SoftwareEngine
O43 - CFD: 7/23/2013 - 9:28:54 PM - [33.331] ----D C:\Program Files\Common Files\337 => Hijacker.22Find
O43 - CFD: 7/23/2013 - 9:24:16 PM - [5.187] ----D C:\Users\pc\AppData\Roaming\eIntaller
=> PUP.eSafeSecurity
O61 - LFC: 11/6/2013 - 9:04:11 AM ---A- . (...) -- C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.putlocker.com_0.localstorage [3072] =>Spyware.PutLocker
O61 - LFC: 11/6/2013 - 9:04:11 AM ---A- . (...) -- C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.putlocker.com_0.localstorage-journal [3608] =>Spyware.PutLocker
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.qvo6.com
O87 - FAEL: "{7DB87AC9-E095-4500-9A71-00C35DE88FAF}" |In - Public - P6 - TRUE | .(...) -- C:\ProgramData\eSafe\eGdpSvc.exe (.not file.) =>PUP.eSafeSecurity
SS - | Auto 7/10/1658 0 | (WebCake Desktop Updater) . (...) -
SS - | Auto 7/10/1658 0 | (WsysSvc) . (...) - C:\ProgramData\eSafe\eGdpSvc.exe =>PUP.eSafeSecurity
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
[HKLM\SYSTEM\CurrentControlSet\Services\WsysSvc] =>PUP.eSafeSecurity^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar] =>Toolbar.Babylon^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload] =>PUP.1ClickDownloader^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\HDvid Codec V1] =>PUP.SoftwareEngine^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WsysControl] =>PUP.eSafeSecurity^
[HKLM\Software\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}] =>Toolbar.Babylon
[HKLM\Software\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a}]
[HKLM\Software\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}]
[HKLM\Software\Classes\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\desksvc]
[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc] =>PUP.eSafeSecurity
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311431162}]
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311431162}] =>PUP.CrossRider
C:\Program Files\HDvid Codec V1
C:\Program Files\Common Files\337
C:\Users\pc\AppData\Roaming\eIntaller
C:\Users\pc\AppData\Local\Temp\Desk365
[HKCU\Software\AppDataLow\Software\HDvid Codec V1]

3. ZHP Diag created a short cut on your desktop called ZHP Fix, launch ZHP Fix (For Windows 7 click right to run as admin. Answer yes if you get an enquiry as to weither you want to run it or not

4. Click on the the Import button and the lines will automatically paste themselves.

5. Click on the Go button to clean

6. Confirm by clicking OK

7. ZHP Fix will ask if you wish to empty the bin, click on your choice...it may take time

8. A report will appear on your desktop and on C:\ZHP\ZHPFix[R1].txt which you can copy and paste in your reply.

9. Download the following Adwcleaner created by Xplode
https://ccm.net/downloads/security-and-maintenance/6911-adwcleaner/

Launch it (for Windows 7 and 8, click right to run as administrator)

Click on delete

Post the log C:\Adwcleaner[Sx].txt on this thread.

10. Download, install and run Malwarebyte which you can find on this site:

https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/ es-anti-malware

Ensure you make an update.

Please request a FULL system scan, which may take from 20 minutes to hours. Do not interfere no matter how long in takes. The creators of Malwarebyte recommend that while the tool is running that you go do something else, such as watching a rerun of Gone with the Wind or read Tolstoy's War and Peace.

If Malwarebyte restarts your system, launch it again to finish the Full scan.

When the scan is completed, delete all items found.

Good luck
-1
farahhh Posts 5 Registration date Wednesday November 6, 2013 Status Member Last seen November 6, 2013
Nov 6, 2013 at 05:56 AM
Thank you so much for your reply
but i think that there is something wrong with my ZHP fix..
0
Ambucias Posts 47360 Registration date Monday February 1, 2010 Status Moderator Last seen September 1, 2021 11,255
Nov 6, 2013 at 06:02 AM
And what would that be ?

Try in safe mode.
0
farahhh Posts 5 Registration date Wednesday November 6, 2013 Status Member Last seen November 6, 2013
Nov 6, 2013 at 06:09 AM
it doesn't paste the lines itself and it shows a message "samples: Script ZHPfix
C:\Program files\MagniPic]
[HKEY_CURRENT_USER\Software\MagniPic]
[HKEY_USERS\S-1-5-18\Control MagniPic]
[HKCU\Software\MagniPic]'
0
Ambucias Posts 47360 Registration date Monday February 1, 2010 Status Moderator Last seen September 1, 2021 11,255
Nov 6, 2013 at 06:43 AM
Okay, I will deal with this issue later, I will talk with the software engineer in Paris.

Proceed with adware cleaner and Malwarebyte.

Once you are done post the logs here.

We may need to do some manual work after.
0
Ambucias Posts 47360 Registration date Monday February 1, 2010 Status Moderator Last seen September 1, 2021 11,255
Nov 6, 2013 at 06:51 AM
Oops forgot

Sorry, before Malwarebyte,

Please download Rkill by Grinler and save it to your desktop.

1. Download to your desktop and run Rogue Kill:

https://download.bleepingcomputer.com/grinler/rkill.com

2. You should now see a window that shows all of your desktop icons, including the rkill.com program.

3. Double-click on the rkill.com in order to automatically attempt to stop any processes associated with the Rogue programs. Please be patient while the program looks for various malware programs and ends them. When it has finished, the black window will automatically close and you can continue with the next step.

If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by the Horse when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate the processes . So, please try running Rkill until malware is no longer running.

As a matter of a fact, if you get messages, it is a sign that the virus is agonizing with excrutiating pain, so you can just grin while it is suffering!:)))

Please, DO NOT REBOOT your computer or the processes will come back to haunt you!


P.S. A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
0