Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer reboots a couple minutes after startup

Started by the_ortolan , Jul 04 2011 07:13 PM

  • Please log in to reply

#1
the_ortolan
Posted 04 July 2011 - 07:13 PM

the_ortolan

    New Member

  • Member
  • Pip
  • 1 posts
I'm troubleshooting my roommate's computer right now, which is running Windows 7. The problem she brought it to me with was that, a couple minutes after startup, it would suddenly restart without warning. I booted it up myself and, sure enough, it restarted itself soon after. I started it up in safe mode and it ran just fine. To troubleshoot the issue, I did these things:

1. I ran a full system scan with Microsoft Security Essentials, which was installed, and it found and removed some malware. I rebooted back out of safe mode and the computer restarted itself a couple minutes later. The problem was still there.

2. After booting into safe mode again, I saw a pop-up from Security Protection, which I discovered to be more malware. I deleted a piece of software named "lht.exe" manually, and the virus seemed to be gone (although the file association for .exe files became messsed up; needed to fix that). After that, I downloaded Malwarebytes' Anti-Malware and scanned again, finding and removing some more malware. The popups did not return but the rebooting problem was still there.

3. I looked into other options for a computer suddenly rebooting, such as software conflicts, overheating, bad memory, hard drive issues, etc. I ran scandisk and played with startup options, to no avail.

4. I booted out of safe mode and ran otl. Here is the log:

OTL logfile created on: 7/4/2011 5:36:44 PM - Run 2
OTL by OldTimer - Version 3.2.26.0 Folder = C:\Users\Erin\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.93 Gb Available Physical Memory | 70.20% Memory free
5.49 Gb Paging File | 4.63 Gb Available in Paging File | 84.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.71 Gb Total Space | 226.45 Gb Free Space | 78.44% Space Free | Partition Type: NTFS

Computer Name: ERINO | User Name: Erin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/04 17:25:58 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Erin\Desktop\OTL.exe
PRC - [2011/06/02 02:42:53 | 000,053,104 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe
PRC - [2011/05/29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/02/25 22:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/13 18:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe


========== Modules (SafeList) ==========

MOD - [2011/07/04 17:25:58 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Erin\Desktop\OTL.exe
MOD - [2010/08/20 22:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (WinVNC4)
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/11/29 15:58:30 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/11/11 12:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2010/06/03 10:48:28 | 000,246,520 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/30 16:17:38 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/09/17 16:37:18 | 000,111,960 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2009/08/21 09:29:40 | 000,464,224 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2009/08/11 16:09:54 | 000,185,712 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV - [2009/08/10 19:55:46 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe -- (cfWiMAXService)
SRV - [2009/08/06 17:04:56 | 000,685,424 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV - [2009/07/29 23:54:10 | 000,176,128 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/28 15:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/07 09:37:32 | 000,062,832 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe -- (RSELSVC)
SRV - [2009/03/27 18:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Disabled | Stopped] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2009/03/10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)


========== Driver Services (SafeList) ==========

DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/10/24 21:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/24 21:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/05/10 11:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Users\Erin\AppData\Local\temp\SAS_SelfExtract\saskutil.sys -- (SASKUTIL)
DRV - [2010/02/17 11:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Users\Erin\AppData\Local\temp\SAS_SelfExtract\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/08/13 08:18:22 | 000,372,736 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187Se.sys -- (RTL8187Se)
DRV - [2009/08/05 19:04:04 | 000,171,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/30 17:45:56 | 000,022,912 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2009/07/30 12:06:30 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/24 15:57:06 | 000,275,536 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2009/07/21 14:18:58 | 001,161,760 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/14 15:28:42 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2009/07/13 16:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 15:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/07 08:53:06 | 000,007,680 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2009/06/24 18:23:12 | 000,159,776 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2009/06/22 17:04:58 | 000,024,064 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PGEffect.sys -- (PGEffect)
DRV - [2009/06/19 19:31:08 | 000,012,920 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVALZFL.sys -- (TVALZFL)
DRV - [2009/05/05 00:30:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=TSNA&bmod=TSNA

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/?ref=hp
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Erin\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Erin\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll (Move Networks)

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/06/07 15:36:28 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/06/07 15:36:28 | 000,000,000 | ---D | M]


Hosts file not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\PageRage\YontooIEClient.dll (Yontoo Technology, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [RegistryBooster] C:\Program Files\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace....ceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.69.150 68.87.85.102 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk /p \??\E:) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "C:\windows\system32\config\systemprofile\AppData\Local\lht.exe" -a "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "C:\windows\system32\config\systemprofile\AppData\Local\lht.exe" -a "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/04 17:25:56 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Erin\Desktop\OTL.exe
[2011/07/04 17:18:19 | 000,000,000 | ---D | C] -- C:\Users\Erin\AppData\Roaming\Uniblue
[2011/07/04 17:18:18 | 000,000,000 | -H-D | C] -- C:\ProgramData\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
[2011/07/04 17:18:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
[2011/07/04 17:18:18 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2011/07/04 17:18:15 | 000,000,000 | ---D | C] -- C:\Users\Erin\AppData\Local\PackageAware
[2011/07/04 00:20:43 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Erin\Desktop\HijackThis (1).exe
[2011/07/03 22:17:12 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2011/07/03 22:17:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/03 22:17:08 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2011/07/03 22:17:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/07/03 15:01:19 | 000,000,000 | ---D | C] -- C:\windows\System32\MpEngineStore
[2011/06/30 17:37:08 | 000,000,000 | ---D | C] -- C:\windows\pss
[2011/06/30 17:00:41 | 000,218,112 | ---- | C] (Intel Corporation ) -- C:\windows\System32\bthsvw32.dll
[2011/06/22 00:31:11 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2011/06/19 22:36:50 | 000,000,000 | ---D | C] -- C:\Users\Erin\AppData\Local\{7B563940-1C41-47CB-8776-4DB0D6CE19CC}
[2011/06/15 21:15:29 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10_1.dll
[2011/06/15 21:15:16 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2011/06/15 21:15:15 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mstime.dll
[2011/06/15 21:15:15 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll
[2011/06/15 21:15:15 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll
[2011/06/15 21:15:15 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2011/06/15 21:15:15 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll
[2011/06/15 21:15:14 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\html.iec
[2011/06/15 21:15:14 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2011/06/15 21:15:14 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\licmgr10.dll
[2011/06/15 21:15:14 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedssync.exe
[2011/06/15 21:15:13 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2011/06/13 14:37:02 | 000,000,000 | ---D | C] -- C:\Program Files\PageRage
[2011/06/09 19:41:44 | 000,000,000 | ---D | C] -- C:\Users\Erin\AppData\Local\{2C959A79-8A12-42A3-88E3-39EC5BD31821}
[2011/06/07 17:35:18 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan
[2011/06/07 17:35:18 | 000,000,000 | ---D | C] -- C:\windows\System32\drivers\NSS
[2011/06/07 17:35:18 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Security Scan
[2011/06/07 17:35:18 | 000,000,000 | ---D | C] -- C:\windows\System32\drivers\NSS\0301020.009
[2011/06/07 17:35:13 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2011/06/07 15:36:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2011/06/07 15:36:14 | 000,198,848 | ---- | C] (RealNetworks, Inc.) -- C:\windows\System32\rmoc3260.dll
[2011/06/07 15:36:03 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\windows\System32\pndx5016.dll
[2011/06/07 15:36:03 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\windows\System32\pndx5032.dll
[2011/06/07 15:36:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real
[2011/06/07 15:36:01 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\windows\System32\pncrt.dll
[2011/06/07 15:35:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2011/06/07 15:35:43 | 000,000,000 | ---D | C] -- C:\Program Files\Real
[2011/06/07 15:35:11 | 000,000,000 | ---D | C] -- C:\Users\Erin\AppData\Roaming\Real
[2011/06/07 15:35:10 | 000,000,000 | ---D | C] -- C:\Users\Erin\AppData\Local\Real
[2011/06/07 15:33:43 | 000,675,088 | ---- | C] (RealNetworks, Inc.) -- C:\Users\Erin\Desktop\RealPlayer.exe
[2011/06/06 01:20:41 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DWrite.dll
[2011/06/06 01:20:40 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d2d1.dll
[2011/06/05 21:56:57 | 000,000,000 | ---D | C] -- C:\Users\Erin\AppData\Local\{54145301-27A1-48D7-A568-5A831217CDE8}
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/04 17:36:34 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/04 17:36:11 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/07/04 17:36:03 | 2211,577,856 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/04 17:25:58 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Erin\Desktop\OTL.exe
[2011/07/04 17:18:20 | 000,000,214 | ---- | M] () -- C:\windows\tasks\RegistryBooster.job
[2011/07/04 17:18:18 | 000,001,762 | ---- | M] () -- C:\Users\Erin\Desktop\Uniblue RegistryBooster.lnk
[2011/07/04 17:18:18 | 000,001,752 | ---- | M] () -- C:\Users\Erin\Application Data\Microsoft\Internet Explorer\Quick Launch\Uniblue RegistryBooster.lnk
[2011/07/04 00:20:36 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Erin\Desktop\HijackThis (1).exe
[2011/07/04 00:15:25 | 000,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/03 22:11:16 | 000,001,823 | ---- | M] () -- C:\Users\Erin\Desktop\exe_fix_w7.reg
[2011/07/03 20:31:23 | 000,012,846 | -HS- | M] () -- C:\Users\Erin\AppData\Local\f80b5aervii1ysaf5l68006kk558f6mqw
[2011/07/03 20:31:23 | 000,012,846 | -HS- | M] () -- C:\ProgramData\f80b5aervii1ysaf5l68006kk558f6mqw
[2011/07/03 19:24:14 | 000,000,646 | ---- | M] () -- C:\Users\Public\Desktop\Malware Protection.lnk
[2011/06/30 17:55:58 | 000,015,792 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/30 17:55:58 | 000,015,792 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/30 17:00:41 | 000,218,112 | ---- | M] (Intel Corporation ) -- C:\windows\System32\bthsvw32.dll
[2011/06/22 00:31:00 | 208,867,771 | ---- | M] () -- C:\windows\MEMORY.DMP
[2011/06/20 22:58:12 | 000,626,040 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011/06/20 22:58:12 | 000,107,316 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011/06/20 22:39:39 | 000,000,434 | -H-- | M] () -- C:\windows\tasks\Norton Security Scan for Erin.job
[2011/06/09 03:09:17 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2011/06/07 17:35:24 | 000,001,312 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security Scan.lnk
[2011/06/07 15:36:49 | 000,001,249 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2011/06/07 15:36:14 | 000,198,848 | ---- | M] (RealNetworks, Inc.) -- C:\windows\System32\rmoc3260.dll
[2011/06/07 15:36:03 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\windows\System32\pndx5016.dll
[2011/06/07 15:36:03 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\windows\System32\pndx5032.dll
[2011/06/07 15:36:01 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\windows\System32\pncrt.dll
[2011/06/07 15:34:06 | 000,675,088 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Erin\Desktop\RealPlayer.exe
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/04 17:18:20 | 000,000,214 | ---- | C] () -- C:\windows\tasks\RegistryBooster.job
[2011/07/04 17:18:18 | 000,001,762 | ---- | C] () -- C:\Users\Erin\Desktop\Uniblue RegistryBooster.lnk
[2011/07/04 17:18:18 | 000,001,752 | ---- | C] () -- C:\Users\Erin\Application Data\Microsoft\Internet Explorer\Quick Launch\Uniblue RegistryBooster.lnk
[2011/07/03 20:29:22 | 000,012,846 | -HS- | C] () -- C:\Users\Erin\AppData\Local\f80b5aervii1ysaf5l68006kk558f6mqw
[2011/07/03 19:24:13 | 000,000,646 | ---- | C] () -- C:\Users\Public\Desktop\Malware Protection.lnk
[2011/07/03 19:16:22 | 000,012,846 | -HS- | C] () -- C:\ProgramData\f80b5aervii1ysaf5l68006kk558f6mqw
[2011/06/22 00:31:00 | 208,867,771 | ---- | C] () -- C:\windows\MEMORY.DMP
[2011/06/19 08:54:38 | 000,001,823 | ---- | C] () -- C:\Users\Erin\Desktop\exe_fix_w7.reg
[2011/06/07 17:35:24 | 000,001,312 | ---- | C] () -- C:\Users\Public\Desktop\Norton Security Scan.lnk
[2011/06/07 17:35:24 | 000,000,434 | -H-- | C] () -- C:\windows\tasks\Norton Security Scan for Erin.job
[2011/06/07 17:35:18 | 000,000,172 | ---- | C] () -- C:\windows\System32\drivers\NSS\0301020.009\isolate.ini
[2011/06/07 15:36:49 | 000,001,249 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2010/12/15 10:41:58 | 000,256,512 | ---- | C] () -- C:\windows\PEV.exe
[2010/12/15 10:41:58 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2010/12/15 10:41:58 | 000,089,088 | ---- | C] () -- C:\windows\MBR.exe
[2010/12/15 10:41:58 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2010/12/15 10:41:58 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2010/04/14 23:53:38 | 000,000,304 | ---- | C] () -- C:\Users\Erin\AppData\Roaming\wklnhst.dat
[2010/01/01 18:57:42 | 000,000,016 | ---- | C] () -- C:\windows\popcinfo.dat
[2009/11/28 14:40:13 | 000,000,013 | RHS- | C] () -- C:\windows\System32\drivers\fbd.sys
[2009/09/28 02:05:45 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[2009/09/28 01:32:07 | 000,073,728 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll
[2009/09/28 01:30:59 | 000,000,520 | ---- | C] () -- C:\windows\System32\drivers\RTEQEX0.dat
[2009/09/28 01:30:59 | 000,000,176 | ---- | C] () -- C:\windows\System32\drivers\RTHDAEQ0.dat
[2009/09/28 01:22:23 | 000,197,654 | ---- | C] () -- C:\windows\System32\atiicdxx.dat
[2009/09/01 22:22:18 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\windows\System32\OGAEXEC.exe
[2009/07/13 21:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/13 21:33:53 | 000,340,792 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/13 19:05:48 | 000,626,040 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/13 19:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/13 19:05:48 | 000,107,316 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/13 19:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/13 19:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/13 19:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/13 16:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 16:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

If anyone can help, I would really appreciate it. Thanks a lot!
  • 0

Advertisements

#2
RKinner
Posted 05 July 2011 - 10:17 PM

RKinner

    Malware Expert

  • Expert
  • 20,802 posts
  • MVP
Uninstall:
Uniblue RegistryBooster
SuperAntiSpyware



Copy the text between the lines of stars by highlighting and Ctrl + c


********************************************************************
:processes
killallprocesses

:OTL
O35 - HKLM\..exefile [open] -- "C:\windows\system32\config\systemprofile\AppData\Local\lht.exe" -a "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "C:\windows\system32\config\systemprofile\AppData\Local\lht.exe" -a "%1" %*
[2011/07/03 20:31:23 | 000,012,846 | -HS- | M] () -- C:\Users\Erin\AppData\Local\f80b5aervii1ysaf5l68006kk558f6mqw
[2011/07/03 20:31:23 | 000,012,846 | -HS- | M] () -- C:\ProgramData\f80b5aervii1ysaf5l68006kk558f6mqw
[2011/07/03 19:24:14 | 000,000,646 | ---- | M] () -- C:\Users\Public\Desktop\Malware Protection.lnk

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
C:\windows\system32\config\systemprofile\AppData\Local\*.exe

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"

:Commands
[purity]
[Reboot]


*******************************************************************

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.


Open OTL again and select the All option in the Extra Registry group then the Run Scan button. Post the two logs it produces in your next reply.

If one of the following will not run then just skip to the next one then go back and try the things that wouldn't run again after finishing the others.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

Rightclick on Malwarebytes' Anti-Malware and select Run As Administrator and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.

* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



ComboFix

You must first uninstall AVG before running Combofix then download and run the AVG removal tool.
http://download.avg....6_2011_1322.exe

:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.

Right click and Run As Administrator the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan (Note if the Fix button is enabled and tell me) click save log, save it to your desktop and post in your next reply
Posted Image




Download

http://ad13.geekstogo.com/MBRCheck.exe

Save it and run it by right clicking and Run As Administrator. It will produce a log MBRCheck(date).txt on your desktop. Copy and paste it into a reply.

Ron
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP