XP random reboots, missing files...

[fgersten]

I recently have been having problems with my computer.

My computer has been auto restarting at random points.

I tried a lot of things mentioned in other posts - diskcheck, memtest, updating drivers, using jp power tools to clean up registry.

I have AVG AV and AS installed and neither found any problems. I ran housecall and Spybot and they didnt find anything either

Now i'm also missing a lot of files from my documents (like all my recent pictures of my kids that i havent yet backed up)

I posted in XP forum but was told to post here.

what next?

 

[fastco]

Hi, Follow this guide if you haven't already:

https://www.techspot.com/vb/topic51365.html

Then if all else fails zip up 5 or 6 minidumps and attach them to this post and we can try to narrow down the cause of the restarts.

 

[fgersten]

Forgive my ignorance as a beginner - I am not sure if my problem is a virus problem or something else. I followed the directions in the removing malware post so here are those logs. Unfortunately my minidump logs were deleted with ccleaner
Something weird also came up with AVG AV - it didnt detect any infections but it said:
Boot Sector of Disk - change - C:\
hosts - change - c:\windows\system32\drivers\etc\hosts

i am totally lost - please help!!!

 

[momok]

Hi,

Please run AVG Antiroot kit scan as per the instructions given to you in the thread previously by fastco, and let me know the results.

You may wish to copy and paste these instructions on notepad for easier reference later.

Boot into safe mode under your normal user name. See how HERE

Next turn on "Show all files and folders, including hidden and system". See how HERE

Have HijackThis fix this entry:
O17 - HKLM\System\CCS\Services\Tcpip\..\{99C72C9D-CBBD-4389-807C-A28A0825343B}: NameServer = 194.90.1.5 212.143.212.143

Navigate in Windows Explorer and delete these files:
C:\WINDOWS\SYSTEM32\fdebddbcc5_s.dll
C:\FOUND.002
C:\FOUND.001
C:\FOUND.000
C:\FOUND.003
C:\FOUND.004

Reboot into normal mode and rehide your your OS files.

After that, please post fresh HijackThis and ComboFix logs from normal mode as attachments to this thread.


Regards,
Your friendly Momok =)

This thread is for the use of fgersten only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[fgersten]

AVG Antiroot kit found nothing

I went back into HJT and the 017 entry was not there anymore???

I deleted the other files and i am posting my fresh logs

Thank you so much for your help

 

[momok]

Hi,

Your logs look fairly clean. Have HijackThis fix these though:
O9 - Extra button: NetVision - {45726300-D5F0-11D6-BF74-D4280F03F94C} - http://www.netvision.net.il/ (file missing) (HKCU)
O9 - Extra button: Nana - {45726301-D5F0-11D6-BF74-D4280F03F94C} - http://www.nana.co.il/ (file missing) (HKCU)

Then go to start > run. Type regedit and press enter.
Press ctrl + f and search for all instances of the following and delete them.
shicome.exe
salm.exe
nidczut.exe

Next, please download and run CCleaner via step 9 of the instructions HERE.

Delete all files in AVG Antispyware Quarantine folder.

Turn off system restore (XP/ME only). Learn how to do that HERE.
This will remove all the remaining nasties from your old restore points.

After that turn system restore back on.
This would have created a new safe and clean restore point for your system.

Often times, an infection can occur again not due to the incompetence of programs, but because of user habits.
May I recommend you to read this article.
This can help to prevent future infections.

Should you have any further problems, please post in this thread.


Regards,
Your friendly Momok =)

This thread is for the use of fgersten only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[fgersten]

Thanks so much.

I just realized that the 017 entry on HJT only shows up when I am connected to the internet. I tried fixing it and the entry went away. However i disconnected and reconnected to the internet just to see if it would show up again in HJT and it did.

What does this mean?

 

[momok]

Hi,

I've checked the domains with a few sites and turned up nothing. The domain is most likely safe. However, I have to admit I'm a little unsure why the entry appears only when you go online. I'll check with Howard and see if he knows anything about this.


Regards,
Your friendly Momok =)

This thread is for the use of fgersten only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[fgersten]

Thanks for all your help momok

I havent had any reboots lately but now my computer is running inordinately slow. It takes over 5 minutes to boot up and just opening any program takes forever. I defragged but i dont see any difference. any other suggestions?

 

[momok]

Hi,

Could you check your task manager, and see which of the processes are usually taking up so much of your resources?

May I also suggest that you read this thread here on how to speed up your system.

Hope it helps.


Regards,
Your friendly Momok =)

This thread is for the use of fgersten only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.