My laptop keeps on shutting off with no reason
Closed
farahhh
Posts
5
Registration date
Wednesday November 6, 2013
Status
Member
Last seen
November 6, 2013
-
Nov 6, 2013 at 05:00 AM
Ambucias Posts 47356 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 - Nov 6, 2013 at 07:10 AM
Ambucias Posts 47356 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 - Nov 6, 2013 at 07:10 AM
Related:
- My laptop keeps on shutting off with no reason
- How to type # on laptop keyboard - Guide
- Why can't i type on my laptop - Guide
- Gta 5 download apk laptop - Download - Action and adventure
- Google meet download for laptop - Download - Video calls
- Chat gpt for laptop - Download - Other
1 response
Ambucias
Posts
47356
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,169
Nov 6, 2013 at 05:38 AM
Nov 6, 2013 at 05:38 AM
Salam Farah
You system is badly infected by 63 malware: adware, a trojan horse and hyjacker viruses.
Please follow these instructions to the letter: (you may wish to print them)
1. Close all applications
2. Select and copy all of the following bold lines. This a script especially for you and must not be copied by any other user
----------------------------------------------------------------------------------
G2 - GCE: Preference [User Data\Default] [oglbipcbkmlknhfhabolnniekmlhfoek] Lyrics for Google Chrome v.2.5.4, (Activé) =>Adware.AddLyrics
M3 - MFPP: Plugins - [pc] -- C:\Program Files\Mozilla FireFox\searchplugins\babylon.xml =>Toolbar.Babylon
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com =>Toolbar.Babylon
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} . (.Microsoft Corporation - GrooveShellExtensions Module.) -- C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll =>Trojan.FindFDSearch
O23 - Service: WebCake Desktop Updater (WebCake Desktop Updater) . (...) - C:\Program Files\WebCake\WebCakeDesktop.Updater.exe (.not file.) =>Adware.WebCake
O23 - Service: Wsys Service (WsysSvc) . (...) - C:\ProgramData\eSafe\eGdpSvc.exe (.not file.) =>PUP.eSafeSecurity
[MD5.00000000000000000000000000000000] [APT] [Desk 365 RunAsStdUser] (...) -- C:\Program Files\Desk 365\desk365.exe (.not file.) [0] =>Hijacker.22Find
O42 - Logiciel: Babylon toolbar - (...) [HKLM] -- BabylonToolbar =>Toolbar.Babylon
O42 - Logiciel: HDVidCodec - (.hdvidcodec.com.) [HKLM] -- 1ClickDownload =>PUP.1ClickDownloader
O42 - Logiciel: HDvid Codec V1 - (.installdaddy.) [HKLM] -- HDvid Codec V1 =>PUP.SoftwareEngine
O42 - Logiciel: WebCake 3.00 - (.WebCake LLC.) [HKLM] -- {C4ED781C-7394-4906-AAFF-D6AB64FF7C38} =>Adware.WebCake
O42 - Logiciel: Wsys Control 1.0.0.2557 - (.Wsys Co., Ltd..) [HKLM] -- WsysControl =>PUP.eSafeSecurity
[HKCU\Software\AppDataLow\Software\HDvid Codec V1] =>PUP.SoftwareEngine
[HKCU\Software\BabylonChromeExtension] =>Toolbar.Babylon
[HKLM\Software\V9] => PUP.V9Software
[HKLM\Software\deskSvc]
O43 - CFD: 10/27/2013 - 5:48:25 PM - [4.138] ----D C:\Program Files\HDvid Codec V1 =>PUP.SoftwareEngine
O43 - CFD: 7/23/2013 - 9:28:54 PM - [33.331] ----D C:\Program Files\Common Files\337 => Hijacker.22Find
O43 - CFD: 7/23/2013 - 9:24:16 PM - [5.187] ----D C:\Users\pc\AppData\Roaming\eIntaller => PUP.eSafeSecurity
O61 - LFC: 11/6/2013 - 9:04:11 AM ---A- . (...) -- C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.putlocker.com_0.localstorage [3072] =>Spyware.PutLocker
O61 - LFC: 11/6/2013 - 9:04:11 AM ---A- . (...) -- C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.putlocker.com_0.localstorage-journal [3608] =>Spyware.PutLocker
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.qvo6.com
O87 - FAEL: "{7DB87AC9-E095-4500-9A71-00C35DE88FAF}" |In - Public - P6 - TRUE | .(...) -- C:\ProgramData\eSafe\eGdpSvc.exe (.not file.) =>PUP.eSafeSecurity
SS - | Auto 7/10/1658 0 | (WebCake Desktop Updater) . (...) -
SS - | Auto 7/10/1658 0 | (WsysSvc) . (...) - C:\ProgramData\eSafe\eGdpSvc.exe =>PUP.eSafeSecurity
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
[HKLM\SYSTEM\CurrentControlSet\Services\WsysSvc] =>PUP.eSafeSecurity^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar] =>Toolbar.Babylon^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload] =>PUP.1ClickDownloader^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\HDvid Codec V1] =>PUP.SoftwareEngine^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WsysControl] =>PUP.eSafeSecurity^
[HKLM\Software\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}] =>Toolbar.Babylon
[HKLM\Software\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a}]
[HKLM\Software\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}]
[HKLM\Software\Classes\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\desksvc]
[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc] =>PUP.eSafeSecurity
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311431162}]
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311431162}] =>PUP.CrossRider
C:\Program Files\HDvid Codec V1
C:\Program Files\Common Files\337
C:\Users\pc\AppData\Roaming\eIntaller
C:\Users\pc\AppData\Local\Temp\Desk365
[HKCU\Software\AppDataLow\Software\HDvid Codec V1]
3. ZHP Diag created a short cut on your desktop called ZHP Fix, launch ZHP Fix (For Windows 7 click right to run as admin. Answer yes if you get an enquiry as to weither you want to run it or not
4. Click on the the Import button and the lines will automatically paste themselves.
5. Click on the Go button to clean
6. Confirm by clicking OK
7. ZHP Fix will ask if you wish to empty the bin, click on your choice...it may take time
8. A report will appear on your desktop and on C:\ZHP\ZHPFix[R1].txt which you can copy and paste in your reply.
9. Download the following Adwcleaner created by Xplode
https://ccm.net/downloads/security-and-maintenance/6911-adwcleaner/
Launch it (for Windows 7 and 8, click right to run as administrator)
Click on delete
Post the log C:\Adwcleaner[Sx].txt on this thread.
10. Download, install and run Malwarebyte which you can find on this site:
https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/ es-anti-malware
Ensure you make an update.
Please request a FULL system scan, which may take from 20 minutes to hours. Do not interfere no matter how long in takes. The creators of Malwarebyte recommend that while the tool is running that you go do something else, such as watching a rerun of Gone with the Wind or read Tolstoy's War and Peace.
If Malwarebyte restarts your system, launch it again to finish the Full scan.
When the scan is completed, delete all items found.
Good luck
You system is badly infected by 63 malware: adware, a trojan horse and hyjacker viruses.
Please follow these instructions to the letter: (you may wish to print them)
1. Close all applications
2. Select and copy all of the following bold lines. This a script especially for you and must not be copied by any other user
----------------------------------------------------------------------------------
G2 - GCE: Preference [User Data\Default] [oglbipcbkmlknhfhabolnniekmlhfoek] Lyrics for Google Chrome v.2.5.4, (Activé) =>Adware.AddLyrics
M3 - MFPP: Plugins - [pc] -- C:\Program Files\Mozilla FireFox\searchplugins\babylon.xml =>Toolbar.Babylon
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com =>Toolbar.Babylon
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} . (.Microsoft Corporation - GrooveShellExtensions Module.) -- C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll =>Trojan.FindFDSearch
O23 - Service: WebCake Desktop Updater (WebCake Desktop Updater) . (...) - C:\Program Files\WebCake\WebCakeDesktop.Updater.exe (.not file.) =>Adware.WebCake
O23 - Service: Wsys Service (WsysSvc) . (...) - C:\ProgramData\eSafe\eGdpSvc.exe (.not file.) =>PUP.eSafeSecurity
[MD5.00000000000000000000000000000000] [APT] [Desk 365 RunAsStdUser] (...) -- C:\Program Files\Desk 365\desk365.exe (.not file.) [0] =>Hijacker.22Find
O42 - Logiciel: Babylon toolbar - (...) [HKLM] -- BabylonToolbar =>Toolbar.Babylon
O42 - Logiciel: HDVidCodec - (.hdvidcodec.com.) [HKLM] -- 1ClickDownload =>PUP.1ClickDownloader
O42 - Logiciel: HDvid Codec V1 - (.installdaddy.) [HKLM] -- HDvid Codec V1 =>PUP.SoftwareEngine
O42 - Logiciel: WebCake 3.00 - (.WebCake LLC.) [HKLM] -- {C4ED781C-7394-4906-AAFF-D6AB64FF7C38} =>Adware.WebCake
O42 - Logiciel: Wsys Control 1.0.0.2557 - (.Wsys Co., Ltd..) [HKLM] -- WsysControl =>PUP.eSafeSecurity
[HKCU\Software\AppDataLow\Software\HDvid Codec V1] =>PUP.SoftwareEngine
[HKCU\Software\BabylonChromeExtension] =>Toolbar.Babylon
[HKLM\Software\V9] => PUP.V9Software
[HKLM\Software\deskSvc]
O43 - CFD: 10/27/2013 - 5:48:25 PM - [4.138] ----D C:\Program Files\HDvid Codec V1 =>PUP.SoftwareEngine
O43 - CFD: 7/23/2013 - 9:28:54 PM - [33.331] ----D C:\Program Files\Common Files\337 => Hijacker.22Find
O43 - CFD: 7/23/2013 - 9:24:16 PM - [5.187] ----D C:\Users\pc\AppData\Roaming\eIntaller => PUP.eSafeSecurity
O61 - LFC: 11/6/2013 - 9:04:11 AM ---A- . (...) -- C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.putlocker.com_0.localstorage [3072] =>Spyware.PutLocker
O61 - LFC: 11/6/2013 - 9:04:11 AM ---A- . (...) -- C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.putlocker.com_0.localstorage-journal [3608] =>Spyware.PutLocker
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.qvo6.com
O87 - FAEL: "{7DB87AC9-E095-4500-9A71-00C35DE88FAF}" |In - Public - P6 - TRUE | .(...) -- C:\ProgramData\eSafe\eGdpSvc.exe (.not file.) =>PUP.eSafeSecurity
SS - | Auto 7/10/1658 0 | (WebCake Desktop Updater) . (...) -
SS - | Auto 7/10/1658 0 | (WsysSvc) . (...) - C:\ProgramData\eSafe\eGdpSvc.exe =>PUP.eSafeSecurity
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
[HKLM\SYSTEM\CurrentControlSet\Services\WsysSvc] =>PUP.eSafeSecurity^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar] =>Toolbar.Babylon^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload] =>PUP.1ClickDownloader^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\HDvid Codec V1] =>PUP.SoftwareEngine^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WsysControl] =>PUP.eSafeSecurity^
[HKLM\Software\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}] =>Toolbar.Babylon
[HKLM\Software\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a}]
[HKLM\Software\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}]
[HKLM\Software\Classes\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\desksvc]
[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc] =>PUP.eSafeSecurity
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311431162}]
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311431162}] =>PUP.CrossRider
C:\Program Files\HDvid Codec V1
C:\Program Files\Common Files\337
C:\Users\pc\AppData\Roaming\eIntaller
C:\Users\pc\AppData\Local\Temp\Desk365
[HKCU\Software\AppDataLow\Software\HDvid Codec V1]
3. ZHP Diag created a short cut on your desktop called ZHP Fix, launch ZHP Fix (For Windows 7 click right to run as admin. Answer yes if you get an enquiry as to weither you want to run it or not
4. Click on the the Import button and the lines will automatically paste themselves.
5. Click on the Go button to clean
6. Confirm by clicking OK
7. ZHP Fix will ask if you wish to empty the bin, click on your choice...it may take time
8. A report will appear on your desktop and on C:\ZHP\ZHPFix[R1].txt which you can copy and paste in your reply.
9. Download the following Adwcleaner created by Xplode
https://ccm.net/downloads/security-and-maintenance/6911-adwcleaner/
Launch it (for Windows 7 and 8, click right to run as administrator)
Click on delete
Post the log C:\Adwcleaner[Sx].txt on this thread.
10. Download, install and run Malwarebyte which you can find on this site:
https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/ es-anti-malware
Ensure you make an update.
Please request a FULL system scan, which may take from 20 minutes to hours. Do not interfere no matter how long in takes. The creators of Malwarebyte recommend that while the tool is running that you go do something else, such as watching a rerun of Gone with the Wind or read Tolstoy's War and Peace.
If Malwarebyte restarts your system, launch it again to finish the Full scan.
When the scan is completed, delete all items found.
Good luck
Nov 6, 2013 at 05:56 AM
but i think that there is something wrong with my ZHP fix..
Nov 6, 2013 at 06:02 AM
Try in safe mode.
Nov 6, 2013 at 06:09 AM
C:\Program files\MagniPic]
[HKEY_CURRENT_USER\Software\MagniPic]
[HKEY_USERS\S-1-5-18\Control MagniPic]
[HKCU\Software\MagniPic]'
Nov 6, 2013 at 06:43 AM
Proceed with adware cleaner and Malwarebyte.
Once you are done post the logs here.
We may need to do some manual work after.
Nov 6, 2013 at 06:51 AM
Sorry, before Malwarebyte,
Please download Rkill by Grinler and save it to your desktop.
1. Download to your desktop and run Rogue Kill:
https://download.bleepingcomputer.com/grinler/rkill.com
2. You should now see a window that shows all of your desktop icons, including the rkill.com program.
3. Double-click on the rkill.com in order to automatically attempt to stop any processes associated with the Rogue programs. Please be patient while the program looks for various malware programs and ends them. When it has finished, the black window will automatically close and you can continue with the next step.
If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by the Horse when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate the processes . So, please try running Rkill until malware is no longer running.
As a matter of a fact, if you get messages, it is a sign that the virus is agonizing with excrutiating pain, so you can just grin while it is suffering!:)))
Please, DO NOT REBOOT your computer or the processes will come back to haunt you!
P.S. A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.