TechSpot

XP random reboots, missing files...

By fgersten
May 23, 2007
  1. I recently have been having problems with my computer.

    My computer has been auto restarting at random points.

    I tried a lot of things mentioned in other posts - diskcheck, memtest, updating drivers, using jp power tools to clean up registry.

    I have AVG AV and AS installed and neither found any problems. I ran housecall and Spybot and they didnt find anything either

    Now i'm also missing a lot of files from my documents (like all my recent pictures of my kids that i havent yet backed up)

    I posted in XP forum but was told to post here.

    what next?
     
  2. fastco

    fastco TS Booster Posts: 1,122

    Hi, Follow this guide if you haven't already:

    http://www.techspot.com/vb/topic51365.html

    Then if all else fails zip up 5 or 6 minidumps and attach them to this post and we can try to narrow down the cause of the restarts.
     
  3. fgersten

    fgersten TS Rookie Topic Starter

    Forgive my ignorance as a beginner - I am not sure if my problem is a virus problem or something else. I followed the directions in the removing malware post so here are those logs. Unfortunately my minidump logs were deleted with ccleaner
    Something weird also came up with AVG AV - it didnt detect any infections but it said:
    Boot Sector of Disk - change - C:\
    hosts - change - c:\windows\system32\drivers\etc\hosts

    i am totally lost - please help!!!
     
  4. momok

    momok TS Rookie Posts: 2,265

    Hi,

    Please run AVG Antiroot kit scan as per the instructions given to you in the thread previously by fastco, and let me know the results.

    You may wish to copy and paste these instructions on notepad for easier reference later.

    Boot into safe mode under your normal user name. See how HERE

    Next turn on "Show all files and folders, including hidden and system". See how HERE

    Have HijackThis fix this entry:
    O17 - HKLM\System\CCS\Services\Tcpip\..\{99C72C9D-CBBD-4389-807C-A28A0825343B}: NameServer = 194.90.1.5 212.143.212.143

    Navigate in Windows Explorer and delete these files:
    C:\WINDOWS\SYSTEM32\fdebddbcc5_s.dll
    C:\FOUND.002
    C:\FOUND.001
    C:\FOUND.000
    C:\FOUND.003
    C:\FOUND.004

    Reboot into normal mode and rehide your your OS files.

    After that, please post fresh HijackThis and ComboFix logs from normal mode as attachments to this thread.


    Regards,
    Your friendly Momok =)

    This thread is for the use of fgersten only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. fgersten

    fgersten TS Rookie Topic Starter

    AVG Antiroot kit found nothing

    I went back into HJT and the 017 entry was not there anymore???

    I deleted the other files and i am posting my fresh logs

    Thank you so much for your help
     
  6. momok

    momok TS Rookie Posts: 2,265

    Hi,

    Your logs look fairly clean. Have HijackThis fix these though:
    O9 - Extra button: NetVision - {45726300-D5F0-11D6-BF74-D4280F03F94C} - http://www.netvision.net.il/ (file missing) (HKCU)
    O9 - Extra button: Nana - {45726301-D5F0-11D6-BF74-D4280F03F94C} - http://www.nana.co.il/ (file missing) (HKCU)

    Then go to start > run. Type regedit and press enter.
    Press ctrl + f and search for all instances of the following and delete them.
    shicome.exe
    salm.exe
    nidczut.exe


    Next, please download and run CCleaner via step 9 of the instructions HERE.

    Delete all files in AVG Antispyware Quarantine folder.

    Turn off system restore (XP/ME only). Learn how to do that HERE.
    This will remove all the remaining nasties from your old restore points.

    After that turn system restore back on.
    This would have created a new safe and clean restore point for your system.

    Often times, an infection can occur again not due to the incompetence of programs, but because of user habits.
    May I recommend you to read this article.
    This can help to prevent future infections.

    Should you have any further problems, please post in this thread.


    Regards,
    Your friendly Momok =)

    This thread is for the use of fgersten only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  7. fgersten

    fgersten TS Rookie Topic Starter

    Thanks so much.

    I just realized that the 017 entry on HJT only shows up when I am connected to the internet. I tried fixing it and the entry went away. However i disconnected and reconnected to the internet just to see if it would show up again in HJT and it did.

    What does this mean?
     
  8. momok

    momok TS Rookie Posts: 2,265

    Hi,

    I've checked the domains with a few sites and turned up nothing. The domain is most likely safe. However, I have to admit I'm a little unsure why the entry appears only when you go online. I'll check with Howard and see if he knows anything about this.


    Regards,
    Your friendly Momok =)

    This thread is for the use of fgersten only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  9. fgersten

    fgersten TS Rookie Topic Starter

    Thanks for all your help momok

    I havent had any reboots lately but now my computer is running inordinately slow. It takes over 5 minutes to boot up and just opening any program takes forever. I defragged but i dont see any difference. any other suggestions?
     
  10. momok

    momok TS Rookie Posts: 2,265

    Hi,

    Could you check your task manager, and see which of the processes are usually taking up so much of your resources?

    May I also suggest that you read this thread here on how to speed up your system.

    Hope it helps.


    Regards,
    Your friendly Momok =)

    This thread is for the use of fgersten only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...