[WWhermit]

Yes, my computer was still rebooting this morning. At this point, do you think it's hardware related? If so, I don't understand why my Norton's update and antivirus will be turned off periodically.

WWhermit

[Advertisements]

Hi.


Step 1

• Run Malwarebytes' Anti-Malware.
• Update Malwarebytes' Anti-Malware.
• Once the program has updated, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish, so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to restart. (See Extra Note).
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Step 2

Please run a free online scan with the ESET Online Scanner.
Note: You will need to use Internet Explorer for this scan.

• Tick the box next to YES, I accept the Terms of Use.
• Click Start.
• When asked, allow the ActiveX control to install.
• Click Start.
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked.
• Click Scan. (This scan can take several hours, so please be patient).
• Once the scan is completed, you may close the window.
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt.
• Copy and paste that log as a reply to this topic.

Step 3

Does the computer give you an error after it reboots randomaly? If so, what does the error say?


Things I want to see in your next reply

• MBAM Log
• log.txt
• Answers to my questions

[Nedklaw]

Hi.


Step 1

• Run Malwarebytes' Anti-Malware.
• Update Malwarebytes' Anti-Malware.
• Once the program has updated, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish, so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to restart. (See Extra Note).
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Step 2

Please run a free online scan with the ESET Online Scanner.
Note: You will need to use Internet Explorer for this scan.

• Tick the box next to YES, I accept the Terms of Use.
• Click Start.
• When asked, allow the ActiveX control to install.
• Click Start.
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked.
• Click Scan. (This scan can take several hours, so please be patient).
• Once the scan is completed, you may close the window.
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt.
• Copy and paste that log as a reply to this topic.

Step 3

Does the computer give you an error after it reboots randomaly? If so, what does the error say?


Things I want to see in your next reply

• MBAM Log
• log.txt
• Answers to my questions

[WWhermit]

1) MBAB log:

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2011.12.31.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Tim :: SYLVIA [administrator]

12/31/2011 1:13:45 PM
mbam-log-2011-12-31 (13-13-45).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 196517
Time elapsed: 4 minute(s), 8 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Documents and Settings\Tim\Local Settings\temp\ICReinstall\cnet_wpk29_exe.exe (PUP.Adware.Downloader) -> Quarantined and deleted successfully.

(end)


2) ESET Log:

I ran the scan, and it did find one piece of malware, which it removed. Unfortunately, when I closed the application, it also removed the program from my computer, which also included the log. I have nothing to show for the scan, my apologies.

3) When I computer reboots, Windows asks if I want to reboot using the Windows recovery console, or boot XP normally. Also, occasionally, it performs a disk scan on either the C or E drive. And yes, it still reboots.

WWhermit

[Nedklaw]

Hi.
Your system is now clean of malware so the rebooting is a hardware problem.


Step 1

Do you have the activation code/product key for Norton Internet Security 2012?


Step 2

You can stop the Recovery Console from appearing at boot by doing the following:

• Press Start.
• Right-click My Computer and select Properties.
• Go to the Advanced tab and click "Settings" under "Startup and Recovery".
• Uncheck "Time to display list of operating systems".
• Click OK on each window.

Step 3

Your system is most likely rebooting randomly because it is overheating. This can be caused by excess dust inside your computer/laptop.

Please follow the instructions here which tell you how to clean your computer.


Things I want to see in your next reply

• Answer to my question

[WWhermit]

1) Yes, I do have the activation key and product code for Norton 2012.

After all this I do agree with you that this rebooting can only be hardware related, however I disagree that it is caused by overheating. The computer reboots most often when it is cold, and the rebooting lessens over time, when the computer warms up. If it was an overheating issue, the opposite would occur.

My most likely theory is that it's a motherboard issue, since I have already replaced the power supply, and no change occured. Given the age of the computer and components (4 years old now), I think I'll just build a new kit, unless there's something I'm missing here.

WWhermit

[Nedklaw]

Hi.
Before completing these steps, make sure you have a copy of your activation code.


Step 1

Download the Nortan Removal Tool and save it to your desktop.
Run the tool and then restart your computer.


Step 2

Follow the instructions here to reinstall your Norton product.


Step 3

Download Speedfan (The download link is to the right), and install it. Once it's installed, run the program and post here the information it shows.
The information I want you to post is the stuff that is circled in the example picture I have attached.
To make sure we are getting all the correct information it would help us if you were to attach a screenshot like the one below of your Speedfan results.

To do a screenshot please have click on your Print Screen on your keyboard.

• It is normally the key above your number pad between the F12 key and the Scroll Lock key.
• Now go to Start and then to All Programs.
• Scroll to Accessories and then click on Paint.
• In the Empty White Area click and hold the CTRL key and then click the V.
• Go to the File option at the top and click on Save as.
• Save as file type JPEG and save it to your Desktop.
• Attach it to your next reply.

Things I want to see in your next reply

• Screenshot of SpeedFan Window

[WWhermit]

[Nedklaw]

Hi.

SpeedFan has shown me that some of the temperatures inside your computer are too high.

Please follow the instructions here which tell you how to clean your computer. This can decrease the temperatures and stop your computer from becoming too hot.


Do you also have any remaining problems?

[WWhermit]

Well, I did a thorough cleaning, which it certainly needed. Took about an hour, but all is sparkly clean inside.

The computer still reboots constantly. No change from the cleaning.

WWhermit

[Nedklaw]

Hello!
You can start a new topic in the forum here and see if one of the Techs could solve your rebooting problem.


Congratultions your logs look clean!
Please follow the steps below to make your computer more secure.


First, re-enable any anti-virus/anti-malware programs we have disabled during the removal process!


Combofix Uninstall

Click START then RUN.
Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.




Cleanup

Run OTL.

• Under the Custom Scans/Fixes box at the bottom, paste in the following:
  
  

  :Commands 
  [purity] 
  [resethosts] 
  [emptytemp] 
  [EMPTYFLASH]
  [CLEARALLRESTOREPOINTS] 
  [Reboot]

• Then click the Run Fix button at the top.
• Let the program run unhindered, reboot the PC when it is done.

• Open OTL to run it. (Vista users, right click on OTL and "Run as administrator").
• Close all other programs apart from OTL as this step will require a reboot.
• On the OTL main screen, press the CLEANUP button.
• Say Yes to the prompt and then allow the program to reboot your computer

Note: If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.


Updates

Windows Update - This site is a Microsoft site that will scan your computer for any patches or updates that are missing from your computer. You should check this website regularly to keep windows up to date. This will ensure your computer has all of the latest security updates installed on your computer and is secure from any known security holes. Windows Updates are constantly being revised to combat the newest hacks and threats.
It is best if you have these set to download automatically.

How to turn on Automatic Updates:

• Click on Start.
• Right-click My Computer.
• Select Properties.
• Click on the Automatic Updates Tab.
• Place a checkmark in the circle next to Automatic (recommended) near the green shield.
• Click Apply > OK.

Adobe Reader - Your version of Adobe Reader is outdated. It's important to keep Adobe Reader updated because many security problems are fixed with updates.

How to check for Adobe Reader updates:

• Open Adobe Reader.
• On the menu bar click on Help then Check For Updates.
• The program will then tell you if updates are available.

Make sure you have the latest Adobe Flash Player (11.1.102.55) and Adobe Shockwave Player (11.6.3.633) so you can view all of the latest content on websites.


Make Internet Explorer more secure

• Click Start > Run.
• Type Inetcpl.cpl & click OK.
• Click on the Security tab.
• Click Reset all zones to default level.
• Make sure the Internet Zone is selected & Click Custom level.
• In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
• Next Click OK, then Apply button and then OK to exit the Internet Properties page.

Recommended Programs

Make sure you update your security programs regularly so they know about new infections so they can protect your computer against them.
Here are a list of programs/tools that I like to recommend to users to reduce the risk of infection in the future:


Anti-Spyware Programs

MBAM - MalwareBytes Anti Malware is an excellent tool program to detect and get rid of malware. This program should be updated and run often.

SpywareBlaster - Prevents spyware from installing on your system and stops you from getting infected. It protects against bad ActiveX and immunizes your PC against them.

SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place. It offers realtime protection from spyware installation attempts.
Note: Make sure you are only running one real-time anti-spyware protection program (eg: TeaTimer, Windows Defender) or there will be a conflict.


Alternate Browsers

Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up blocker (as an added benefit!) that I have ever seen. Hijackers like to attack Internet Explorer more than FireFox. If you are interested, Firefox may be downloaded from here.

Add-ons

NoScript - Blocks ads and other potential website attacks.

AdBlockPlus - Adblock Plus gets rid of ads and banners on the internet.

DrWeb Anti-Virus Link Checker - Allows you to check any file you are about to download, any page you are about to visit with online version of Dr.Web anti-virus.

Other browsers include:

Google Chrome
Safari
Opera


Other Programs

WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
Green to go.
Yellow for caution.
Red to stop.
WOT has an addon available for both Firefox and IE.


ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.


IE-SpyAd - Puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all. It prevents Cookies etc from downloading, from these websites, onto your computer.


MVPS Hosts File replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.


FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.


Google Toolbar - Get the free google toolbar to help stop pop ups.


Finally...

Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

To learn more about how to protect yourself while on the internet read this article by Tony Klein: So how did I get infected in the first place?

Please respond one last time so we can consider the thread resolved and close it, thank-you.
Good luck and stay safe!!!

[WWhermit]

I am in process of doing this last set of tasks and posting new new topic. I did discover something significant, however. My computer does crash in SAFE MODE! This is significant, but again, a topic for the Operating System section. Thank you for all your help in getting my system clean.

WWhermit