TechSpot

Pc Reebots Randomly Dont Know What to Do..

By Diddy89
Dec 18, 2006
  1. Hi I'm pretty new to this site but i know how things go i think..
    OK, Starting Last Friday my pc all of a suddenly reboots. Then when i come back to the desktop i get an error report message i don't know exactly which two files where corrupt, but what i do know it was a problem with my video device so i followed the solutions Microsoft showed me, but it didn't work so i tried to uncheck that automatic restart thing in system restore settings, but now it causes a BSOD. So I just saved my HiJackThis log so please come up with something because i really dont want to reformat this pc.

    Thanks

    *The First one is a Hijack log before I did the renaming thing and the second one is after I renamed it. I added the first because it seemed to have alot more stuff...

    View attachment 11701

    View attachment 11702

    Moderator Edit: Merged your two posts. Please only post one thread per issue. Thank you.
     
  2. chuck4456

    chuck4456 TS Rookie Posts: 37

    Could we have complete system specs?
     
  3. Diddy89

    Diddy89 TS Rookie Topic Starter

    umm.. I have a Pentium 4 CPU 2.53 GHZ 1.00GB of RAM I have a GeForce 6800GS 256 mb video card the whole pc is hp pavillion 753n but i installed a 512mb Kingston memory card and the GeForce video card everything else is stock(?)
     
  4. Diddy89

    Diddy89 TS Rookie Topic Starter

    please someone help i cant use my computer properly because it will restart everytime. Im in safemode right now and i cant do anything but wait...
    all my logs where made in normal mode which took awhile because it would restart between tests -_-
     
  5. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Your system is riddled with nasties.

    Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.


    Post fresh HJT and AVG Antispyware logs as attachments into this thread, only after doing the above.


    Regards Howard :wave: :wave:


    This thread is for the use of Diddy89 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  6. Diddy89

    Diddy89 TS Rookie Topic Starter

    Ok im trying to do this online scanning thing but my pc keeps restarting evertime i never have enough time and it doesnt work in safe mode should i skip that step or do something else??
     
  7. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Yes, skip that and go onto the rest of the instructions.

    Follow as many of the instructions as you can.

    Regards Howard :)

    This thread is for the use of Diddy89 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  8. Diddy89

    Diddy89 TS Rookie Topic Starter

  9. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Download the Pocket Killbox programme from HERE. Extract it but don`t run it yet.

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Turn off system restore.(XP/ME only) See how HERE.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

    Go to add remove programmes in your control panel and uninstall anything to do with(if there).

    AusLogics Visual Styler

    Click start/run and type services.msc into the run box and press the enter key.

    When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

    AusLogics Windows Themes Helper
    Microsoft authenticate service

    Close the services window.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    msasvc.exe
    themehelpersvc.exe

    Close task manager.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O2 - BHO: (no name) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - (no file)

    O2 - BHO: (no name) - {0057BC78-4CF7-E42E-F4FC-014397D6431C} - (no file)

    O2 - BHO: (no name) - {178AA662-D306-13FA-E38E-0236E464E2A3} - (no file)

    O2 - BHO: (no name) - {3FD6B99C-A275-46ea-8FD1-3D63986E51E4} - (no file)

    O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)

    O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)

    O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)

    O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\ihmneydt.dll",setvm

    O20 - Winlogon Notify: winbjv32 - winbjv32.dll (file missing)

    O23 - Service: AusLogics Windows Themes Helper (ALThemeHelper) - Unknown owner - C:\Program Files\AusLogics Visual Styler\themehelpersvc.exe

    O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe (file missing)

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    C:\WINDOWS\system32\msasvc.exe
    C:\Program Files\AusLogics Visual Styler<Delete the entire folder.

    Run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and check the delete file on reboot button. press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, select no until you have finished inputting the files you want to delete, only then allow it to reboot and hopefully your files will now be deleted. If your computer doesn`t automatically restart, restart it manually.

    This is the filepath you need to enter into killbox.

    C:\WINDOWS\system32\ihmneydt.dll

    Once your system has rebooted, turn system restore back on and rehide your protected OS files.

    Post a fresh HJT log and let me know how your system is running.

    Regards Howard :)

    This thread is for the use of Diddy89 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  10. Diddy89

    Diddy89 TS Rookie Topic Starter

  11. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Turn off system restore.(XP/ME only) See how HERE.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

    Click start/run and type services.msc into the run box and press the enter key.

    When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

    Microsoft authenticate service (MsaSvc) <Disable the service name or the name in brackets.

    Close the services window.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    msasvc.exe

    Close task manager.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O2 - BHO: (no name) - {0057BC78-4CF7-E42E-F4FC-014397D6431C} - (no file)

    O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe (file missing)

    Click on the fix checked button.

    Close HJT.

    Run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and check the delete file on reboot button. press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, select no until you have finished inputting the files you want to delete, only then allow it to reboot and hopefully your files will now be deleted. If your computer doesn`t automatically restart, restart it manually.

    This is the filepath you need to enter into killbox.

    C:\WINDOWS\system32\msasvc.exe

    Once your system has rebooted, turn system restore back on and rehide your protected OS files.

    Post a fresh HJT log and let me know how your system is running.

    Regards Howard :)

    This thread is for the use of Diddy89 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  12. Diddy89

    Diddy89 TS Rookie Topic Starter

  13. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    That`s got it, your HJT log is now clean.

    Delete the killbox backups.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of Diddy89 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  14. Diddy89

    Diddy89 TS Rookie Topic Starter

    Actually I still have a BSOD it says some random stuff but the file it named was
    system32: Lzx32.sys Address F934434 BASE AT F4932000 DATESTAMP 45830b7f

    i looked for it and i dont have it whats up?
     
  15. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    That`s very useful info. You have a rootkit infection. The Lzx32.sys file is part of the rustock rootkit. Rootkits by their very nature can be almost impossible to remove.

    Go HERE and download and run the prevx programme.

    Let me know the results please.

    Regards Howard :)

    This thread is for the use of Diddy89 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  16. Diddy89

    Diddy89 TS Rookie Topic Starter

    I couldnt use that prevx software because my computer always crashed and it wouldnt work in safe mode so i found a program called rustbfix its very nice and easy to use and it deleted all the stuff so i recommend it for people who had the same problem as i had
     
  17. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Thanks for getting back to me and for the info.

    I trust your system is now running ok?

    Regards Howard :)

    This thread is for the use of Diddy89 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...