Virus. Pc keeps shutting down

,hills

Re tick and fix using Hijack

How do I do this ?

Thanks

Sorry being a pain

aliEnRIK

Rescan with hijack this, TICK them then FIX them

aliEnRIK

I dont know what you did, but you didnt do the combofix part right
COPY and PASTE the contents in red into 'notepad' and save as 'CFScript'

Then DRAG and DROP the file ONTO combofix.exe (Or 'qwerty.exe' in this case)

,hills

Used hijack to fix the suggested file

I couldn't see C:\Program Files\AskBarDis\bar\bin\AskService.exe in the list

I have also ran the AVG Removal Tool

Re the drag and drop, how do I do that ?

I tried to copy and paste before (obvioulsy didn't work though).

Thanks

aliEnRIK

,hills wrote: »

Thanks

Can I ask what the Ask Tookbar (Askbadis) is ?.

Here is the hijackthis log

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 11:19:49, on 24/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\VideoMate\ComproRemote.exe
C:\Program Files\Common Files\VideoMate\ComproSchedulerDTV.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

Ive highlighted it above

Combofix

Open notepad

HIGHLIGHT the red text ive provided
RIGHT click and COPY
goto notepad
RIGHT click and PASTE
Close the notepad file
SAVE AS 'CFScript'

LEFT click on the newly created notepad file and hold the button down
DRAG it 'onto' the combofix icon and let go of the mouse button

Combofix should now auto start

,hills

log results

ComboFix 10-01-23.06 - 24/01/2010 18:34:03.5.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.419 [GMT 0:00]
Running from: C:\Documents and Settings\My Documents\QWERTY.exe
AV: avast! antivirus 4.8.1368 [VPS 100124-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
((((((((((((((((((((((((( Files Created from 2009-12-24 to 2010-01-24 )))))))))))))))))))))))))))))))
.
2010-01-24 11:00:14 . 2010-01-24 11:00:14 388096 ----a-r- C:\Documents and Settings\
Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-01-24 11:00:14 . 2010-01-24 11:00:14

---

d

---

w- C:\Program Files\TrendMicro
2010-01-15 10:04:44 . 2010-01-23 08:05:14

---

d

---

w- C:\Program Files\Spybot - Search & Destroy
2010-01-15 10:04:44 . 2010-01-23 08:04:08

---

d

---

w- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-15 09:59:26 . 2010-01-15 09:59:26

---

d

---

w- C:\Documents and Settings\All Users\Application Data\F-Secure
2010-01-15 09:48:40 . 2010-01-15 09:48:40

---

d

---

w- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-01-15 06:59:43 . 2010-01-15 06:59:43

---

d

---

w- C:\found.000
2010-01-13 10:19:41 . 2009-11-02 20:42:06 195456

---

w- C:\WINDOWS\system32\MpSigStub.exe
2010-01-12 22:02:58 . 2010-01-12 22:02:58

---

d

---

w- C:\Documents and Settings\Local Settings\Application Data\Threat Expert
2010-01-12 21:12:48 . 2010-01-12 21:12:48

---

d

---

w- C:\Documents and Settings\All Users\Application Data\SITEguard
2010-01-12 21:12:06 . 2010-01-12 21:12:06

---

d

---

w- C:\Program Files\Common Files\iS3
2010-01-12 21:12:05 . 2010-01-12 23:03:59

---

d

---

w- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2010-01-12 17:14:29 . 2010-01-12 17:19:28

---

d

---

w- C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Adobe
2010-01-12 17:14:21 . 2010-01-13 17:43:08 664 ----a-w- C:\WINDOWS\system32\d3d9caps.dat
2009-12-26 12:52:06 . 2009-12-26 12:52:06 48948 ---ha-w- C:\WINDOWS\system32\mlfcache.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-23 18:25:57 . 2009-04-30 19:41:24 32853060 ----a-w- C:\WINDOWS\Internet Logs\tvDebug.Zip
2010-01-23 08:09:06 . 2009-11-06 00:49:41

---

d

---

w- C:\Program Files\hott notes 4
2010-01-23 08:08:54 . 2009-11-08 21:12:10

---

d

---

w- C:\Program Files\Coupon Printer
2010-01-23 00:31:30 . 2009-04-14 07:25:11 66944 ----a-w- C:\Documents and Settings\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-22 23:27:40 . 2009-04-15 19:23:55

---

d

---

w- C:\Program Files\MSECache
2010-01-22 18:36:51 . 2008-04-14 12:00:00 96512 ----a-w- C:\WINDOWS\system32\drivers\atapi.svs
2010-01-22 18:36:51 . 2008-04-14 12:00:00 96512

---

w- C:\WINDOWS\system32\drivers\atapi.sys
2010-01-20 17:35:37 . 2010-01-20 17:35:37

---

d

---

w- C:\Program Files\Common Files\Java
2010-01-20 17:35:35 . 2010-01-20 17:35:35 61440 ----a-w- C:\Documents and Settings\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-39768948-n\decora-sse.dll
2010-01-20 17:35:35 . 2010-01-20 17:35:35 503808 ----a-w- C:\Documents and Settings\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-39768948-n\msvcp71.dll
2010-01-20 17:35:35 . 2010-01-20 17:35:35 499712 ----a-w- C:\Documents and Settings\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-39768948-n\jmc.dll
2010-01-20 17:35:35 . 2010-01-20 17:35:35 348160 ----a-w- C:\Documents and Settings\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-39768948-n\msvcr71.dll
2010-01-20 17:35:35 . 2010-01-20 17:35:35 12800 ----a-w- C:\Documents and Settings\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-39768948-n\decora-d3d.dll
2010-01-20 17:35:35 . 2010-01-20 17:35:35 114688 ----a-w- C:\Documents and Settings\Application Data\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-6bcf4e8b-n\jogl_cg.dll
2010-01-20 17:35:34 . 2010-01-20 17:35:34 315392 ----a-w- C:\Documents and Settings\Application Data\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-6bcf4e8b-n\jogl.dll
2010-01-20 17:35:34 . 2010-01-20 17:35:34 20480 ----a-w- C:\Documents and Settings\Application Data\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-6bcf4e8b-n\jogl_awt.dll
2010-01-20 17:35:34 . 2010-01-20 17:35:34 20480 ----a-w- C:\Documents and Settings\Application Data\Sun\Java\Deployment\SystemCache\6.0\45\4f710eed-1299b5a5-n\gluegen-rt.dll
2010-01-20 17:35:21 . 2009-07-30 01:10:32

---

d

---

w- C:\Program Files\Java
2010-01-20 13:38:17 . 2009-04-15 22:36:51

---

d

---

w- C:\Program Files\Microsoft Silverlight
2010-01-12 23:09:18 . 2009-04-27 15:25:11

---

d

---

w- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-12 23:01:30 . 2010-01-12 22:59:38 1144 ----a-w- C:\WINDOWS\system32\drivers\kgpcpy.cfg
2010-01-12 22:56:48 . 2009-04-08 09:43:06

---

d---a-w- C:\Documents and Settings\All Users\Application Data\Temp
2010-01-12 21:00:41 . 2009-05-16 08:45:39

---

d

---

w- C:\Documents and Settings\Application Data\Skype
2010-01-07 16:07:14 . 2009-04-27 15:25:12 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-01-07 16:07:04 . 2009-04-27 15:25:14 19160 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2010-01-05 10:00:29 . 2008-04-14 12:00:00 832512

---

w- C:\WINDOWS\system32\wininet.dll
2010-01-05 10:00:21 . 2008-04-14 12:00:00 78336 ----a-w- C:\WINDOWS\system32\ieencode.dll
2010-01-05 10:00:20 . 2008-04-14 12:00:00 17408 ----a-w- C:\WINDOWS\system32\corpol.dll
2009-12-30 06:14:10 . 2009-12-30 06:50:28 2449408 ----a-w- C:\WINDOWS\Internet Logs\xDBF.tmp
2009-12-17 17:14:00 . 2009-07-30 01:10:44 411368 ----a-w- C:\WINDOWS\system32\deploytk.dll
2009-12-14 10:32:30 . 2009-12-14 10:40:06 2388992 ----a-w- C:\WINDOWS\Internet Logs\xDBE.tmp
2009-12-14 09:54:02 . 2009-12-14 09:54:02

---

d

---

w- C:\Documents and Settings\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-12-14 09:14:07 . 2009-12-14 09:15:55 2383360 ----a-w- C:\WINDOWS\Internet Logs\xDBD.tmp
2009-12-05 18:44:14 . 2009-12-05 18:45:51 2332160 ----a-w- C:\WINDOWS\Internet Logs\xDBC.tmp
2009-12-05 18:44:13 . 2009-12-05 18:45:51 3097600 ----a-w- C:\WINDOWS\Internet Logs\xDBB.tmp
2009-12-03 00:06:09 . 2009-05-16 08:47:03

---

d

---

w- C:\Documents and Settings\Application Data\skypePM
2009-11-24 23:54:29 . 2009-04-27 19:33:46 1280480 ----a-w- C:\WINDOWS\system32\aswBoot.exe
2009-11-24 23:51:09 . 2009-04-27 19:34:00 93424 ----a-w- C:\WINDOWS\system32\drivers\aswmon.sys
2009-11-24 23:50:59 . 2009-04-27 19:34:20 94160 ----a-w- C:\WINDOWS\system32\drivers\aswmon2.sys
2009-11-24 23:50:12 . 2009-04-27 19:34:21 114768 ----a-w- C:\WINDOWS\system32\drivers\aswSP.sys
2009-11-24 23:50:00 . 2009-04-27 19:34:22 20560 ----a-w- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2009-11-24 23:49:07 . 2009-04-27 19:34:29 48560 ----a-w- C:\WINDOWS\system32\drivers\aswTdi.sys
2009-11-24 23:48:57 . 2009-04-27 19:34:30 23120 ----a-w- C:\WINDOWS\system32\drivers\aswRdr.sys
2009-11-24 23:47:54 . 2009-04-27 19:34:25 27408 ----a-w- C:\WINDOWS\system32\drivers\aavmker4.sys
2009-11-24 23:47:28 . 2009-04-27 19:34:24 97480 ----a-w- C:\WINDOWS\system32\AvastSS.scr
2009-11-21 15:51:04 . 2008-04-14 12:00:00 471552 ----a-w- C:\WINDOWS\AppPatch\aclayers.dll
2009-11-16 14:15:25 . 2009-11-16 14:15:59 38208 ----a-w- C:\Documents and Settings\Application Data\Macromedia\Flash Player\https://www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-11-08 21:12:10 . 2009-11-08 21:12:10 31 ---ha-w- C:\WINDOWS\UKCpInfo.sys
2009-11-04 14:40:05 . 2009-11-04 14:40:05 152576 ----a-w- C:\Documents and Settings\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-01 09:02:07 . 2009-11-01 09:01:57 19943684 ----a-w- C:\WINDOWS\Internet Logs\vsmon_on_demand_thread_2009_11_01_08_55_59_full.dmp.zip
2009-10-28 14:12:23 . 2009-10-28 14:12:23 149752 ----a-w- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
.
((((((((((((((((((((((((((((( [EMAIL="SnapShot@2010-01-23_19.37.17"]SnapShot@2010-01-23_19.37.17[/EMAIL] )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-24 11:18:25 . 2010-01-24 11:18:25 16384 C:\WINDOWS\Temp\Perflib_Perfdata_7b4.dat
+ 2010-01-24 18:12:54 . 2010-01-24 18:12:54 16384 C:\WINDOWS\Temp\Perflib_Perfdata_6a8.dat
+ 2010-01-24 10:58:29 . 2010-01-24 10:58:29 1093632 C:\WINDOWS\Installer\5a6975.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl8"="C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 19:23:22 83240]
"PDVD8LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 10:36:42 50472]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-03-25 12:33:12 570664]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 15:29:02 2221352]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 12:38:56 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 14:18:56 241664]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 23:51:40 81000]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 23:10:22 981384]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 03:08:38 35696]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 11:08:30 935288]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 15:21:52 246504]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2009-10-28 20:21:26 141600]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-12-25 16:08:00 13680640]
C:\Documents and Settings\Start Menu\Programs\Startup\
BBC iPlayer Desktop.lnk - C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe [2009-11-16 95232]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe [2002-1-9 200704]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-28 53248]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [27/04/2009 19:34:21 114768]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\drivers\aswFsBlk.sys [27/04/2009 19:34:22 20560]
R2 fssfltr;FssFltr;C:\WINDOWS\system32\drivers\fssfltr_tdi.sys [15/04/2009 22:36:42 54752]
R3 RT80x86;Ralink 802.11n Wireless Driver;C:\WINDOWS\system32\drivers\rt2860.sys [07/04/2009 11:27:19 679680]
R3 t3;SB Xtreme Audio Notebook;C:\WINDOWS\system32\drivers\t3.sys [07/04/2009 11:54:35 735744]
R3 t3filt;t3filt;C:\WINDOWS\system32\drivers\t3filt.sys [07/04/2009 11:54:35 1656960]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\WINDOWS\system32\drivers\viahduaa.sys [07/04/2009 11:21:00 845184]
R3 VMHybrid;VMHybrid service;C:\WINDOWS\system32\drivers\VMHybrid.sys [08/04/2009 09:37:47 971648]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 21:48:42 704864]
S3 massfilter;ZTE Mass Storage Filter Driver;C:\WINDOWS\system32\drivers\massfilter.sys [22/08/2008 18:56:28 7680]
S3 PAC207;SoC [EMAIL="PC-Camer@;C:\WINDOWS\system32\drivers\PFC027.sys"]PC-Camer@;C:\WINDOWS\system32\drivers\PFC027.sys[/EMAIL] [24/02/2005 11:29:14 162176]
S4 ASKService;ASKService;C:\Program Files\AskBarDis\bar\bin\AskService.exe [27/04/2009 20:04:24 464264]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 13:06:42 451872 ----a-w- C:\Program Files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
2010-01-21 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34:12 . 2008-07-30 11:34:12]
2010-01-24 C:\WINDOWS\Tasks\HPpromotions psc 2350 series.job
- C:\Program Files\HP\Digital Imaging\bin\HP Promotions\AiOMVC\HPpromo.exe [2005-01-28 12:26:00 . 2005-01-28 12:26:00]
.
.

---

Supplementary Scan

---

.
uStart Page = hxxp://uk.ask.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

aliEnRIK

Download and run the FREE version of DR WEB
http://www.freedrweb.com/download+cureit/gr/
Turn your anti virus OFF
Click CANCEL to the 'Would you like to read purchase terms now?' message
Click START click OK
It will auto QUICK scan
After that set to scan the WHOLE computer and press the 'play' icon
***DO NOT UPGRADE TO FULL VERSION***

aliEnRIK

Update JAVA too

,hills

I've run Quick and Whole Dr Web scans

Also have the latest Java

,hills

Malwarebytes and Avast still picking up a few virus's when I run scan, but how do you really know what are false and what are real virus's and when to worry ?

I feel a lot safer with the help I've had from evertone over the past
week(s) so thanks everyone but I still wonder, are we ever virusfree ?

Do I carry on as normal now or are there more checks I should make.

Thanks again.