Pc Reebots Randomly Dont Know What to Do..

Status
Not open for further replies.
D

Diddy89

Posts: 9   +0
Hi I'm pretty new to this site but i know how things go i think..
OK, Starting Last Friday my pc all of a suddenly reboots. Then when i come back to the desktop i get an error report message i don't know exactly which two files where corrupt, but what i do know it was a problem with my video device so i followed the solutions Microsoft showed me, but it didn't work so i tried to uncheck that automatic restart thing in system restore settings, but now it causes a BSOD. So I just saved my HiJackThis log so please come up with something because i really dont want to reformat this pc.

Thanks

*The First one is a Hijack log before I did the renaming thing and the second one is after I renamed it. I added the first because it seemed to have alot more stuff...

View attachment 11701

View attachment 11702

Moderator Edit: Merged your two posts. Please only post one thread per issue. Thank you.
 
umm.. I have a Pentium 4 CPU 2.53 GHZ 1.00GB of RAM I have a GeForce 6800GS 256 mb video card the whole pc is hp pavillion 753n but i installed a 512mb Kingston memory card and the GeForce video card everything else is stock(?)
 
please someone help i cant use my computer properly because it will restart everytime. Im in safemode right now and i cant do anything but wait...
all my logs where made in normal mode which took awhile because it would restart between tests -_-
 
Hello and welcome to Techspot.

Your system is riddled with nasties.

Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.


Post fresh HJT and AVG Antispyware logs as attachments into this thread, only after doing the above.


Regards Howard :wave: :wave:


This thread is for the use of Diddy89 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Ok im trying to do this online scanning thing but my pc keeps restarting evertime i never have enough time and it doesnt work in safe mode should i skip that step or do something else??
 
Yes, skip that and go onto the rest of the instructions.

Follow as many of the instructions as you can.

Regards Howard :)

This thread is for the use of Diddy89 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Download the Pocket Killbox programme from HERE. Extract it but don`t run it yet.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Turn off system restore.(XP/ME only) See how HERE.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Go to add remove programmes in your control panel and uninstall anything to do with(if there).

AusLogics Visual Styler

Click start/run and type services.msc into the run box and press the enter key.

When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

AusLogics Windows Themes Helper
Microsoft authenticate service

Close the services window.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

msasvc.exe
themehelpersvc.exe

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O2 - BHO: (no name) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - (no file)

O2 - BHO: (no name) - {0057BC78-4CF7-E42E-F4FC-014397D6431C} - (no file)

O2 - BHO: (no name) - {178AA662-D306-13FA-E38E-0236E464E2A3} - (no file)

O2 - BHO: (no name) - {3FD6B99C-A275-46ea-8FD1-3D63986E51E4} - (no file)

O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)

O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)

O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)

O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\ihmneydt.dll",setvm

O20 - Winlogon Notify: winbjv32 - winbjv32.dll (file missing)

O23 - Service: AusLogics Windows Themes Helper (ALThemeHelper) - Unknown owner - C:\Program Files\AusLogics Visual Styler\themehelpersvc.exe

O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe (file missing)

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\WINDOWS\system32\msasvc.exe
C:\Program Files\AusLogics Visual Styler<Delete the entire folder.

Run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and check the delete file on reboot button. press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, select no until you have finished inputting the files you want to delete, only then allow it to reboot and hopefully your files will now be deleted. If your computer doesn`t automatically restart, restart it manually.

This is the filepath you need to enter into killbox.

C:\WINDOWS\system32\ihmneydt.dll

Once your system has rebooted, turn system restore back on and rehide your protected OS files.

Post a fresh HJT log and let me know how your system is running.

Regards Howard :)

This thread is for the use of Diddy89 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Turn off system restore.(XP/ME only) See how HERE.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Click start/run and type services.msc into the run box and press the enter key.

When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

Microsoft authenticate service (MsaSvc) <Disable the service name or the name in brackets.

Close the services window.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

msasvc.exe

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O2 - BHO: (no name) - {0057BC78-4CF7-E42E-F4FC-014397D6431C} - (no file)

O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe (file missing)

Click on the fix checked button.

Close HJT.

Run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and check the delete file on reboot button. press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, select no until you have finished inputting the files you want to delete, only then allow it to reboot and hopefully your files will now be deleted. If your computer doesn`t automatically restart, restart it manually.

This is the filepath you need to enter into killbox.

C:\WINDOWS\system32\msasvc.exe

Once your system has rebooted, turn system restore back on and rehide your protected OS files.

Post a fresh HJT log and let me know how your system is running.

Regards Howard :)

This thread is for the use of Diddy89 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
That`s got it, your HJT log is now clean.

Delete the killbox backups.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard :)

This thread is for the use of Diddy89 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Actually I still have a BSOD it says some random stuff but the file it named was
system32: Lzx32.sys Address F934434 BASE AT F4932000 DATESTAMP 45830b7f

i looked for it and i dont have it whats up?
 
That`s very useful info. You have a rootkit infection. The Lzx32.sys file is part of the rustock rootkit. Rootkits by their very nature can be almost impossible to remove.

Go HERE and download and run the prevx programme.

Let me know the results please.

Regards Howard :)

This thread is for the use of Diddy89 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
I couldnt use that prevx software because my computer always crashed and it wouldnt work in safe mode so i found a program called rustbfix its very nice and easy to use and it deleted all the stuff so i recommend it for people who had the same problem as i had
 
Thanks for getting back to me and for the info.

I trust your system is now running ok?

Regards Howard :)

This thread is for the use of Diddy89 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Status
Not open for further replies.

Similar threads

D
Samsung Foundry renames 3nm process to 2nm to better compete with Intel 20A
Replies
12
Views
274
liljom
L
T
Windows Logon Password Box Fully Populated Coming Out of Hibernation, Why?
Replies
1
Views
464
Nelson28
N
D
Wifi suddenly stopped working but ethernet works
Replies
1
Views
491
learninmypc
learninmypc

Latest posts

Back