Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

60 Second timer starts at boot up and forces reboot [Solved]

timer reboot 60 second

  • This topic is locked This topic is locked

#1
hi-marsh

hi-marsh

    Member

  • Member
  • PipPip
  • 13 posts

My computer became infected recently when my AV (Symantec) recognized a virus.  I do not remember the name of that virus, but the AV quarantined it immediately.  As I was running an AV scan to look for additional trouble, a window popped up announcing some sort of 'exception' and the 60 second timer and the machine began rebooting, timing out on the timer, and rebooting again in a loop.  Safe mode did not stop the timer.  I found a DOS command that would stop the timer in safe mode ("cmd" 'enter') then ("shutdown -a" 'enter').  The timer iteration stopped at that point, but will reappear every time I reboot the PC.  

 

I am running XP.  I ran an AV scan that turned up nothing.  I ran a 'FixBlast' removal tool on the hope that might fix the problem but it found nothing.  I installed Malwarebytes and ran a scan and that found nothing.  I tried AdwCleaner and that did not locate any known problems.  I found some forums and ran the FRST and also the OTL scan tools.  Then I read that I should not load additional programs or run tools more than once. 

 

All the infection started on 5/21/14.  Since that day, I have not connected to the internet when booting the PC.  I have started the PC twice since then and run the scans previously mentioned.

 

Since I have done both FRST and OTL, I will attach the logs, not knowing which you may be interested in.  Will greatly appreciate any assistance.

Attached Files

  • Attached File  FRST.txt   21.11KB   97 downloads
  • Attached File  OTL.Txt   57.09KB   128 downloads

  • 0

Advertisements


#2
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Greetings! welcome.gif
 
My name's Naathim, I'm a GeekU Minion and I'm pleased to meet you!
Now that we are mates and will be working together to clean your machine out of any junkware, feel free to call me Naat :)
I know that it is quite frustrating to have an infected machine because I was once in your shoes. Don't worry! Maybe I'm not a super-human, I don't know everything nor I am limitless, but I promise to do my best to fix your issues!
 
Here are some notes that should make our work faster and easier, please take a look and stay familiar with them :happy:
 

icon_exclaim.gif



 
icon_arrow.gif Malware removal is a long-time process due to tough analysis and research. Stay with me until I say we're done.
icon_arrow.gif Read my instructions completely before proceeding and always run the tools in the order given!
icon_arrow.gifDon't try to fix anything on your own or run any other tools. They may interfere what may lead to prevent your System from the next boot-up.
icon_arrow.gif To make my work easier post the logs directly in your replies, unless asked to attach them.
 

icon_question.gif



 
icon_idea.gifIf any unexpected problem will appear, interrupt processing and return here with a note!
icon_idea.gifNever be afraid to ask if in doubt!
 
Now that we have formalities out of the way, let's get started! :rockon:

 

 

I see that you also managed to run ComboFix. This tool is not a toy and should be used only if told to do so by a Malware Analyst. Refrain from using it on your own.

But since you did it already, please post for my review its logfile: it should be located in C:\ComboFix.txt

 

I will go through your logs and post back shortly.

 

Cheers,

Naat :)


  • 0

#3
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#4
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Topic re-opened per OP's request...
  • 0

#5
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Hi :)

Please post for my review log made by ComboFix: it should be located in C:\ComboFix.txt
If it won't be there, do not run it again unless requested!
 


Also, as there have been a couple of days, please provide me a fresh set of FRST reports.


Performing general FRST scan

Please re-run Farbar Recovery Scan Tool

  • Right click on 12579.gif to run as administrator (XP users click run after receipt of Windows Security Warning - Open File).
  • When the tool opens click Yes to disclaimer.
  • You will be presented with a window like below:

    FRSTconsole-2.jpg

 

  • Make sure that the Addition box is checked.
  • Press Scan button.
  • It will produce two logs called FRST.txt and Addition.txt in the same directory the tool is run from.
  • Please copy and paste them back here.

= = = = = = = = = = = = = = = = = = = =



Now in your next reply please include these ones for my review:
icon_arrow.gif ComboFix.txt
icon_arrow.gif FRST.txt
icon_arrow.gif Addition.txt

I don't mind multiple posts if necessary.

Cheers,
Naat :)


  • 0

#6
hi-marsh

hi-marsh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Greetings Naat,

 

When I checked for the ComboFix.txt document, I could not find it anywhere.  Likely because I had only used a trial version of the program.  There was only an .exe file in the ComboFix subfolder, nothing hidden.  I will provide you with new FRST and Addition docs tomorrow.

 

Thanks,

hi-marsh


  • 0

#7
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Hi :)
 
Thank you, I will be somewhere around :thumbsup:
 
Cheers,
Naat :)


  • 0

#8
hi-marsh

hi-marsh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

 

 

Hi Naat,

 

Here are the FRST.txt and Addition.txt documents.... :huh:   

 

Many thanks,

hi-marsh

 

Attached Files


  • 0

#9
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Hi :)
 
There appears to be a critical system file patched. Please do the following:

Please re-run Farbar Recovery Scan Tool

  • Right click on 12579.gif to run as administrator (XP users click run after receipt of Windows Security Warning - Open File).
  • When the tool opens click Yes to disclaimer.
  • You will be presented with a window like below:

    FRSTconsole-2.jpg

  • In the Search bar please type in the following:
    rpcss.dll;
  • Press Search Files button.
  • It will produce a log called Search.txt in the same directory the tool is run from.
  • Please copy and paste it back here.

Please do not attach the logfiles!
This makes my work really harder. Just copy their content (Ctrl+A -> Ctrl+C) and paste it (Ctrl+V) directly into your post.


Cheers,
Naat :)


  • 0

#10
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

Advertisements


#11
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Topic re-opened per OP's request...
  • 0

#12
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Hello again :)
 
Please follow the instructions in my previous post and include Search.txt log from FRST.
 

Please note also this one:
 
Please do not attach the logfiles!
This makes my work really harder. Just copy their content (Ctrl+A -> Ctrl+C) and paste it  (Ctrl+V) directly into your post.
 
Cheers,
Naat :)


  • 0

#13
hi-marsh

hi-marsh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Greetings Naat,

Here is the information from the Search.txt file:

Farbar Recovery Scan Tool (x86) Version:21-05-2014
Ran by Owner Supervisor at 2014-06-16 21:21:47
Running from J:\
Boot Mode: Safe Mode (minimal)

================== Search: "rpcss.dll" ===================

C:\WINDOWS\system32\rpcss.dll
[2008-04-25 09:16] - [2009-02-09 05:10] - 0407040 ____A (Microsoft Corporation) 4a56e5f034f62b33dbed454596661fb3

C:\WINDOWS\system32\dllcache\rpcss.dll
[2009-05-23 18:01] - [2009-02-09 05:10] - 0407040 ___AC (Microsoft Corporation) 4153bb4e0413d10a50c22b0e2b5d88cc

C:\WINDOWS\ServicePackFiles\i386\rpcss.dll
[2009-05-23 18:57] - [2008-04-14 05:42] - 0399360 ____N (Microsoft Corporation) 2589fe6015a316c0f5d5112b4da7b509

C:\WINDOWS\$NtUninstallKB956572$\rpcss.dll
[2009-05-23 18:09] - [2008-04-14 05:00] - 0399360 ____C (Microsoft Corporation) 2589fe6015a316c0f5d5112b4da7b509

C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[2009-05-23 18:01] - [2009-02-09 03:56] - 0401408 ____A (Microsoft Corporation) 9222562d44021b988b9f9f62207fb6f2

=== End Of Search ===

Thanks again.
Hi-marsh
  • 0

#14
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Hi  :)

 

OK, let's try to kill the bad guy sitting there. Also please bare in mind that our procedures should be done in a timely manner and not once per week. My tools have limited timimg area of scans, and after each break I need fresh ones. It makes our work longer and more complicated.

 
We'll run a fix using Farbar Recovery Scan Tool.

  • Download attached fixlist.txt file and save it to the Desktop.
    Attached File  fixlist.txt   550bytes   145 downloads
  • VERY IMPORTANT:
    Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

icon_exclaim.gifWARNING icon_exclaim.gif

This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system!

  • Right click on the 12579.gif to run as administrator (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

After that please try to boot in normal mode.

If succesful, generate the next reports from normal mode.

If no joy, perform them from the safe mode.
 
 
Performing general FRST scan

Please re-run Farbar Recovery Scan Tool

  • Right click on 12579.gif to run as administrator (XP users click run after receipt of Windows Security Warning - Open File).
  • When the tool opens click Yes to disclaimer.
  • You will be presented with a window like below:

    FRSTconsole-2.jpg

  • Make sure that the Addition box is checked.
  • Press Scan button.
  • It will produce two logs called FRST.txt and Addition.txt in the same directory the tool is run from.
  • Please copy and paste them back here.

 

Now in your next reply please include:

- fixlog.txt

- FRST.txt

- addition.txt

 

I don't mind multiple posts if necessary.

 

Cheers,
Naat  :)


  • 1

#15
hi-marsh

hi-marsh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Thanks Naat,
I have a 100K trip to town to download the file. Will get it done today.
Cheers, hi-marsh
  • 0






Similar Topics


Also tagged with one or more of these keywords: timer, reboot, 60 second

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP