| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 76357 | 2007-01-29 22:38:00 | Computer randomly restarting | jason_f90 (3544) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 520471 | 2007-01-29 22:38:00 | I recently removed a particularly nasty piece of spyware (CoolWWWsearch and a few others) with Spybot . Ever since, my computer has been randomly restarting . It doesn't matter if I'm playing a game or just surfing the web, it still restarts . The restarts always happen just after logging into Windows . If it doesn't restart after lets say 5 minutes, I can use the computer uninterrupted . A friend of mine said Spybot was careless in removing the spyware from the registry which might have corrupted it . I've ran Registry Mechanic and a few other tools to no avail . Help guys? |
jason_f90 (3544) | ||
| 520472 | 2007-01-29 22:46:00 | Get hijackthis (www.merijn.org) From here (www.merijn.org) Unzip it put it in its own folder, then run it click on scan and save a log. Post the log here. We'll see whats in it. |
Speedy Gonzales (78) | ||
| 520473 | 2007-01-29 23:11:00 | Thanks for the quick reply. Here's the log. Logfile of HijackThis v1.99.1 Scan saved at 12:01:17 p.m., on 30/01/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\musikCube_1.0\musikCube.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Jason.HOMECOMPUTER\Desktop\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.xtra.co.nz R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = login.live.com F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O14 - IERESET.INF: START_PAGE_URL=http://www.xtra.co.nz O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - messenger.zone.msn.com O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - messenger.zone.msn.com O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - gameadvisor.futuremark.com O17 - HKLM\System\CCS\Services\Tcpip\..\{E39CB098-ABE4-4888-AF20-90F92E691865}: NameServer = 193.95.93.77 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe |
jason_f90 (3544) | ||
| 520474 | 2007-01-29 23:25:00 | Run HJT again tick these entries and tick fix checked . (unzip the HJT zip FIRST, and put it in its own folder), then run it click on scan again) . Close browser/s . O4 - HKLM\ . . \Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask . exe" -atboottime O4 - HKLM\ . . \Run: [NvCplDaemon] RUNDLL32 . EXE C:\WINDOWS\system32\NvCpl . dll,NvStartup O4 - HKLM\ . . \Run: [nwiz] nwiz . exe /install O4 - HKLM\ . . \Run: [NvMediaCenter] RunDLL32 . exe NvMCTray . dll,NvTaskbarInit O4 - HKLM\ . . \Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k I would uninstall Java (all previous versions, if there's more than 1 entry for Java in add/remove programs), and reinstall the latest version from here ( . sun . com/ECom/EComActionServlet;jsessionid=CBD3B128FD26CCEC0CBA5" target="_blank">sdlc4a . sun . com 2DCBC903061) Try CWshredder ( . merijn . org/files/cwshredder . zip" target="_blank">www . merijn . org) from here ( . merijn . org/programs . php#cwshredder" target="_blank">www . merijn . org) |
Speedy Gonzales (78) | ||
| 520475 | 2007-01-29 23:56:00 | I recently removed a particularly nasty piece of spyware (CoolWWWsearch and a few others) with Spybot . Ever since, my computer has been randomly restarting . It doesn't matter if I'm playing a game or just surfing the web, it still restarts . The restarts always happen just after logging into Windows . If it doesn't restart after lets say 5 minutes, I can use the computer uninterrupted . A friend of mine said Spybot was careless in removing the spyware from the registry which might have corrupted it . I've ran Registry Mechanic and a few other tools to no avail . Help guys? Go into Control Panel, load System . Click on Advanced . Clcik on Startup and Recovery Settings . Untick Automatically restart . Then you can see what stop error you may or may not get . As for Spybot being careless, its helping you - you were the careless one . |
pctek (84) | ||
| 520476 | 2007-01-30 00:04:00 | O4 - HKLM\ . . \Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask . exe" -atboottime O4 - HKLM\ . . \Run: [NvCplDaemon] RUNDLL32 . EXE C:\WINDOWS\system32\NvCpl . dll,NvStartup O4 - HKLM\ . . \Run: [nwiz] nwiz . exe /install O4 - HKLM\ . . \Run: [NvMediaCenter] RunDLL32 . exe NvMCTray . dll,NvTaskbarInit ????????????????????????????????????? not ONE of those would have ANYTHING whatsoever to do with this problem at all . . . . . . . . |
drcspy (146) | ||
| 520477 | 2007-01-30 00:08:00 | O4 - HKLM\ . . \Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask . exe" -atboottime O4 - HKLM\ . . \Run: [NvCplDaemon] RUNDLL32 . EXE C:\WINDOWS\system32\NvCpl . dll,NvStartup O4 - HKLM\ . . \Run: [nwiz] nwiz . exe /install O4 - HKLM\ . . \Run: [NvMediaCenter] RunDLL32 . exe NvMCTray . dll,NvTaskbarInit ????????????????????????????????????? not ONE of those would have ANYTHING whatsoever to do with this problem at all . . . . . . . . Yer so I didn't say they were . Or would fix the problem . They're not needed in startup either . |
Speedy Gonzales (78) | ||
| 520478 | 2007-01-30 02:47:00 | Run HJT again tick these entries and tick fix checked. (unzip the HJT zip FIRST, and put it in its own folder), then run it click on scan again). Close browser/s. O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k I would uninstall Java (all previous versions, if there's more than 1 entry for Java in add/remove programs), and reinstall the latest version from here Try CWshredder from here OK done but the problem still persists. Go into Control Panel, load System. Click on Advanced. Clcik on Startup and Recovery Settings. Untick Automatically restart. Then you can see what stop error you may or may not get. As for Spybot being careless, its helping you - you were the careless one. Ok tried that. Now it doesn't restart automatically however the screen just goes blank leaving me with no option but to restart the computer. |
jason_f90 (3544) | ||
| 520479 | 2007-01-30 02:56:00 | And did u run cwshredder and did it find anything else? It could be software or hardware related. |
Speedy Gonzales (78) | ||
| 520480 | 2007-01-30 03:50:00 | what you could do it remove all hardware that the PC doesn't need to boot up and see if that makes any difference. For example remove extra hard-drives, modems, RAM if you are using more than 1 stick. And see what happens, if it is stable after that, try putting components back in 1 by 1. good luck Oh, you could always try re-seating the cpu too |
borax (7078) | ||
| 1 2 | |||||