Solve : Another Virus? Computer just reboots.? – InterviewSolution

InterviewSolution

1.	Solve : Another Virus? Computer just reboots.?
Answer» Hello and thank you for looking at my thread TODAY. While I have been fixing my regular computer, my second computer has decided that it needs my attention as well. Maybe it is feeling left out.... (I don't Know?) This computer is a Celeron C.P.U.2 , 2.80 GHz , 1.48 Meg of Ram , running XP Professional SP 3 Version 2002. My daughter has been using this just recently for her facebook postings. (because dad just has a great internet service and she lives close by). I really suspect this facebook thing for this problem. I have tried to do a "System Restore" but that had no impact. The computer tries to start and gets mostly through the cycle of Start-up, but then EITHER loads with a distorted screen with lines and dots throughout and doesn't complete and locks up, or it cycles through to restart and scans the hard drive as if it has been shut down incorrectly. I can start this one in "Safe Mode with Netword Support" only at the moment. The USB connections are not working either. I have verified my Java and have the latest (24) update. Each of the Spyware programs have updated OK today before running the scans.(oops Malwarebytes needed an update). I have rebooted after quarantining viruses detected and malware items and am able to get here to post, but if I REBOOT to normal it all goes back to fuzzy lines and cycling to reboot. I have run SAS, HJT and Malwarebytes and here are the logs that they returned. Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6123 ( new version has 6211, see below) Windows 5.1.2600 Service Pack 3 (Safe Mode) Internet Explorer 8.0.6001.18702 30/03/2011 4:52:01 PM mbam-log-2011-03-30 (16-52-01).txt Scan type: Full scan (C:\\|E:\\|) Objects scanned: 194073 Time elapsed: 16 minute(s), 33 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\documents and settings\administrator\my documents\downloads\cursormania.exe (PUP.FunWebProducts) -> Quarantined and deleted successfully. A second scan reports no infections. Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6211 Windows 5.1.2600 Service Pack 3 (Safe Mode) Internet Explorer 8.0.6001.18702 30/03/2011 6:56:15 PM mbam-log-2011-03-30 (18-56-15).txt Scan type: Full scan (C:\\|) Objects scanned: 174854 Time elapsed: 7 minute(s), 20 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:21:47 PM, on 30/03/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ninemsn.com.au R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Freecorder FLV Service] "C:\Program Files\Freecorder\FLVSrvc.exe" /run O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [SUPERANTISPYWARE] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Global Start-up: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Start-up: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe -- End of file - 7605 bytes SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 03/30/2011 at 05:47 PM Application Version : 4.50.1002 Core Rules Database Version : 6708 Trace Rules Database Version: 4520 Scan type : Complete Scan Total Scan Time : 00:38:13 Memory items scanned : 329 Memory threats detected : 0 Registry items scanned : 6513 Registry threats detected : 11 File items scanned : 22509 File threats detected : 90 Adware.Tracking Cookie C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt C:\Documents and Settings\Administrator\Cookies\[email protected][3].txt C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt C:\Documents and Settings\Administrator\Cookies\[email protected][3].txt C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt C:\Documents and Settings\Administrator\Cookies\[email protected][3].txt C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt C:\Documents and Settings\Administrator\Cookies\[email protected][3].txt C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt C:\Documents and Settings\Administrator\Cookies\[email protected][3].txt C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt C:\Documents and Settings\Administrator\Cookies\[email protected]com[2].txt C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt acvs.mediaonenetwork.net [ C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\8Z676SZW ] media.scanscout.com [ C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\8Z676SZW ] rmd.atdmt.com [ C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\8Z676SZW ] keywordelite.com [ C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\8Z676SZW ] www.pornhub.com [ C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\8Z676SZW ] cdn4.specificclick.net [ C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\8Z676SZW ] Adware.MyWebSearch/FunWebProducts HKU\S-1-5-21-2052111302-261478967-1606980848-500\SOFTWARE\FunWebProducts HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC} HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32 HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib#Version HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF} HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid32 HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib#Version (I'm running out of computers to use SuperDave) At LEAST I still have the laptops. Well, if you can spare the time to look through the logs and see if there is something (useful) you can suggest to help fix this computer, I would greatly appreciate the help. Thank you ImnoGuru. Hmmm ... Stranger things have happened but just not on a regular basis. This computer is now working fine. The next time I booted up everything was back to normal? ?? Even the USB ports are working fine. I didnt even get to reinstall any drivers. Thanks for your input Tashnav. (I still have a low level of trust for this Facebook thing though.)

Discussion

No Comment Found

Related InterviewSolutions