Random restarts on startup

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

vista_guy_123

Thread Starter
Joined
Apr 21, 2013
Messages
40
Hi there,

I've a Vista machine (motherboard ASUS P5KPL-VM). Intel Core Duo CPU. 2.66 GHz. 3 GBs RAM. 32-bit OS. I've using a Nvidia graphics card and it always prompts me to update the drivers to gain better gaming experiences with certain PC games.

I've had this machine for 7 years. I'm experiencing random restarts mainly on startup (i.e. I boot the machine and it restarts again) and after waking the computer from sleep mode it restarts after this. I've tried to fix this but no luck. I have tested most aspects of my computer:

Hard drive - Checked with 'crystal disk'. Passed
Power supply - checked by technician at computer shop. Passed
RAM - checked using Memtest. Passed.
Spyware - Found spyware on machine using malwarebytes.......removed spyware....still does random restarts.
Viruses - Found 6 viruses using Avast free version - still does random restarts.

I don't know what's causing this. Please help me stop random restarts for good!
 
Joined
Mar 30, 2014
Messages
4,445
Does the same thing happen to another computer plugged into the same power source? If so, you might want to call an electrician and have it checked. If not, recommend replacing that 7-year-old computer.
 

blues_harp28

Moderator
Joined
Jan 9, 2005
Messages
19,431
Spyware - Found spyware on machine using malwarebytes.......removed spyware....still does random restarts.
Viruses - Found 6 viruses using Avast free version - still does random restarts.
To check if it is Malware/Virus related.
Start Malwarebytes Anti-Malware again.
Click History > Application Logs.
Select the most recent scan log.
Click View.
Select Export >Text File.
Name it mbam > then save it on the desktop.
Copy-and-paste its contents in the reply box below.
======
Post the log file from Avast.
C:\ProgramData\Avast Software\Avast\Log
 

vista_guy_123

Thread Starter
Joined
Apr 21, 2013
Messages
40
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 17/04/2015
Scan Time: 4:48:24 p.m.
Logfile: malwarebyteslog.txt
Administrator: Yes

Version: 2.01.4.1018
Malware Database: v2015.04.16.06
Rootkit Database: v2015.03.31.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: user

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 495387
Time Elapsed: 32 min, 10 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 4
PUP.Optional.SurfAndKeep.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{E2343056-CC08-46AC-B898-BFC7ACF4E755}, Quarantined, [a5a1fe6f8208a690182b1e38de275ba5],
PUP.Optional.SurfAndKeep.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}, Quarantined, [a5a1fe6f8208a690182b1e38de275ba5],
PUP.Optional.SurfAndKeep.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}, Quarantined, [a5a1fe6f8208a690182b1e38de275ba5],
PUP.Optional.SurfAndKeep.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}, Quarantined, [a5a1fe6f8208a690182b1e38de275ba5],

Registry Values: 0
(No malicious items detected)

Registry Data: 1
PUP.Optional.Babylon.A, HKU\S-1-5-21-834678876-121628085-4119492225-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://search.babylon.com/?babsrc=HP_Prot, Good: (www.google.com), Bad: (http://search.babylon.com/?babsrc=HP_Prot),Replaced,[8bbb09642c5efc3abf7df312a165eb15]

Folders: 3
PUP.Optional.MultiPlug.A, C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\dokgdoccmafcbcnhjemjkpnkncdhhgkh\2.3, Quarantined, [ee580964f7932a0cd0949cb9a065af51],
PUP.Optional.MultiPlug.A, C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\dokgdoccmafcbcnhjemjkpnkncdhhgkh, Quarantined, [ee580964f7932a0cd0949cb9a065af51],
PUP.Optional.SurfAndKeep.A, C:\Program Files\surf and! keEP, Quarantined, [a5a1fe6f8208a690182b1e38de275ba5],

Files: 6
PUP.Optional.MultiPlug.A, C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\dokgdoccmafcbcnhjemjkpnkncdhhgkh\2.3\lsdb.js, Quarantined, [ee580964f7932a0cd0949cb9a065af51],
PUP.Optional.MultiPlug.A, C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\dokgdoccmafcbcnhjemjkpnkncdhhgkh\2.3\background.html, Quarantined, [ee580964f7932a0cd0949cb9a065af51],
PUP.Optional.MultiPlug.A, C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\dokgdoccmafcbcnhjemjkpnkncdhhgkh\2.3\content.js, Quarantined, [ee580964f7932a0cd0949cb9a065af51],
PUP.Optional.MultiPlug.A, C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\dokgdoccmafcbcnhjemjkpnkncdhhgkh\2.3\manifest.json, Quarantined, [ee580964f7932a0cd0949cb9a065af51],
PUP.Optional.SurfAndKeep.A, C:\Program Files\surf and! keEP\_gnNFvC.tlb, Quarantined, [a5a1fe6f8208a690182b1e38de275ba5],
PUP.Optional.SurfAndKeep.A, C:\Program Files\surf and! keEP\_gnNFvC.dat, Quarantined, [a5a1fe6f8208a690182b1e38de275ba5],

Physical Sectors: 0
(No malicious items detected)


(end)
 

blues_harp28

Moderator
Joined
Jan 9, 2005
Messages
19,431
Run Malwarebytes again.
But before you run a scan.
Under Settings > Detection and Protection in the left pane.
Under Detection Options - make sure that all three entries are ticked
Under Non-Malware detections - set to Treat detections as Malware
Run a quick scan - remove all that if finds and then post the log file.
======
Download Junkware Removal Tool
http://www.bleepingcomputer.com/download/junkware-removal-tool/

Temporarily shutdown your anti-virus to avoid any conflicts.
http://www.bleepingcomputer.com/for...nti-virus-firewall-and-anti-malware-programs/
Be sure to enable the anti-virus program after the scan.

Right-mouse click JRT.exe and select Run as administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete.
It will close down your desktop and then restart your pc - allow it to do so.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.
======
Download Security Check by screen317 from.
http://screen317.spywareinfoforum.org/
Or
http://www.bleepingcomputer.com/download/securitycheck/dl/123/

Save it to your Desktop.
Double click the install icon.
If using Vista - Win 7 - right click the install icon and select "Run as Administrator"
A command Prompt window will open.
Let it scan the Pc - press any key when asked.
It should now open in Notepad.
Copy and Paste the result of the scan in the reply box below.

The saved log will be called checkup.txt.
 

vista_guy_123

Thread Starter
Joined
Apr 21, 2013
Messages
40
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 18/04/2015
Scan Time: 11:00:40 a.m.
Logfile: mbam.txt
Administrator: Yes

Version: 2.01.4.1018
Malware Database: v2015.04.17.07
Rootkit Database: v2015.03.31.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: user

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 495332
Time Elapsed: 25 min, 35 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 8
Trojan.Poweliks.B, HKU\S-1-5-21-834678876-121628085-4119492225-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}, Quarantined, [8229b7b691f9b0860669847e2ad67e82],
Hijack.Trojan.Siredef.C, HKU\S-1-5-21-834678876-121628085-4119492225-1000_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}, Quarantined, [1398ff6e87036fc71506b849ac54d12f],
Hijack.Trojan.Siredef.C, HKU\S-1-5-21-834678876-121628085-4119492225-1001_Classes\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}, Quarantined, [1398ff6e87036fc71506b849ac54d12f],
Hijack.Trojan.Siredef.C, HKU\S-1-5-21-834678876-121628085-4119492225-1002_Classes\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}, Quarantined, [1398ff6e87036fc71506b849ac54d12f],
Hijack.Trojan.Siredef.C, HKU\S-1-5-21-834678876-121628085-4119492225-1003_Classes\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}, Quarantined, [1398ff6e87036fc71506b849ac54d12f],
Trojan.Poweliks.B, HKU\S-1-5-21-834678876-121628085-4119492225-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}, Quarantined, [dfccabc2f39742f475fa56acb848d52b],
Trojan.Poweliks.B, HKU\S-1-5-21-834678876-121628085-4119492225-1002_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}, Quarantined, [75362d40484255e1393653af11efdf21],
Trojan.Poweliks.B, HKU\S-1-5-21-834678876-121628085-4119492225-1003_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}, Quarantined, [65469fce79115bdb5f103ec455ab7090],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
 

vista_guy_123

Thread Starter
Joined
Apr 21, 2013
Messages
40
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.8 (04.17.2015:1)
OS: Windows Vista (TM) Home Premium x86
Ran by user on Sat 18/04/2015 at 11:34:09.65
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks

Successfully deleted: [Task] C:\Windows\System32\Tasks\Driver Booster Scan
Successfully deleted: [Task] C:\Windows\System32\Tasks\Driver Booster SkipUAC (user)
Successfully deleted: [Task] C:\Windows\System32\Tasks\Driver Booster Update



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698F}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E26990}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\ProgramData\surf and! keEP
Successfully deleted: [Folder] C:\Users\user\AppData\Roaming\desktopicon
Successfully deleted: [Folder] C:\Users\user\AppData\Roaming\drivercure
Successfully deleted: [Folder] C:\Users\user\AppData\Roaming\getrighttogo
Successfully deleted: [Folder] C:\Users\user\AppData\Roaming\performersoft
Successfully deleted: [Folder] C:\Users\user\AppData\Roaming\pluswinks
Successfully deleted: [Folder] C:\Users\user\Local Settings\Application Data\genienext
Successfully deleted: [Folder] C:\Users\user\Local Settings\Application Data\swvupdater
Successfully deleted: [Folder] C:\Program Files\mobogenie
Successfully deleted: [Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\uniblue
Successfully deleted: [Folder] C:\Users\user\documents\optimizer pro
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{022E4EF7-FD1D-49DF-89C2-3BA0CDDB077B}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{03ED38E0-CF56-4436-8541-D042D350B26B}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{067A5446-6621-4FC2-AE47-C3A1315483E8}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{07F79979-3C90-4028-B5F3-0151688CB191}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{17F06D97-EE17-46E9-B3F3-30010A350DCD}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{1A04E2F7-FFA8-4C19-BF1C-E76C225B9252}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{1A4387A4-5364-4004-9DC3-8BAAFE737B6A}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{1BED28FF-D9AC-463A-84F4-A047302460C9}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{1E12D667-4357-4E7B-92BF-C7549A4B560A}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{1E847912-371D-4F62-A88B-BDF441FFAEEE}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{1F7BF2CC-A2BE-473D-8165-73C93C3DE15C}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{22D82E5F-E15D-4B7E-AEE9-88AA3EB21FBC}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{250146F1-3208-445A-9D65-EF0706F43C2F}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{2896DEE2-19E7-47BE-9599-622CFE4807DA}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{33C295D3-7225-4599-93F4-42F9D488E388}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{34CDB530-A832-4DDD-90FE-8FDE2562B324}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{34E4276B-7F03-47A7-87A8-E6A9D54AD111}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{37F2BAC9-7BA7-4E78-A1CD-22FF066E4032}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{3C9DADA3-8121-460E-BFA9-890130A78C5E}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{3CD95B8A-6FE1-43E0-8B62-173855B449A5}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{43B8DBDA-FB5B-4CDF-B7D1-CAC13C6FBC40}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{4A3AEB53-4173-4FCA-84AF-A089C15ECFC1}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{4AEB5F88-FB5F-4722-8717-B6FEC5A9455C}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{4D1C149C-24DB-46C7-AC5A-AE31B47E7068}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{4D81D8C7-71FC-4F39-AFA2-16EBD094306F}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{4E37BD77-180B-40C6-A1ED-5B05A25CF0D9}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{4E40B263-8D58-4DA9-BCCC-7B7E6E38E1EA}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{4EF1BA0C-66CC-4411-9758-5962A852B69A}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{517F9250-1B29-4E31-A401-398747F856FC}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{520758B9-0338-4A89-9132-A803C899154B}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{5482A4FF-9321-465D-ACB2-D415E2576015}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{57473292-201F-48AF-9255-E6593B336A45}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{58A2B71E-B9ED-4FDB-9071-5D4780A509AF}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{59974EB9-7A50-4634-B6A1-3E9137C235AE}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{5AB97E99-BF6A-4757-8023-D0A878065BD8}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{5C120AFB-30B5-4AC5-A59C-2444F78E13D4}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{5C2D93F8-066D-4581-9EA2-F32462DF83B5}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{625E4A51-889F-4F91-87DF-071F560A64BF}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{6447999C-ADA5-44AE-97AE-EBF37C12DF69}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{69964F84-DA9F-4E3C-9DEC-468A8326519A}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{6BCC6702-8488-4F92-BBF4-5E60F419C11C}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{6D9D1EFF-3216-488F-ACCB-0C55D5AEC72E}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{6DA0007B-7076-4D9E-B235-25B0F0635C28}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{6E20A408-3FE1-459E-A754-9975AC6428AF}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{6FD5927B-656B-4997-9843-89DB9FC016CB}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{74885389-17CE-4506-9C27-B04922BBAB6E}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{756894F0-51EA-472F-83B2-A1689BF803CD}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{77BB3B4A-A265-4669-9E89-A838DB1D0B5D}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{7B9B0A42-B03B-44E5-88F1-AF513CCA876F}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{7D26FF99-F6F3-4DBD-A6D9-D3375857AA99}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{803CB367-97DF-4660-81F3-13E0F439BC19}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{8489D748-0AD0-4797-9963-41EF26F73AE4}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{8545C0E7-4F70-4933-9D90-8176C873D41C}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{883108F6-FABD-4E78-8AA4-BA8F7EF64BAC}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{8AC016D6-553D-4002-9EEC-95EC3985D5EC}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{917B8499-2705-4F23-B327-B1DE5C389772}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{91A955D1-06DA-461C-9110-DE0E61C13740}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{94D17326-713D-4432-8BB2-272AF6875A1F}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{99E0E0A7-CBEF-4BBB-AD23-D3021AF35A1F}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{9E70499C-67A2-47DF-AAB8-6C58D7B06FE3}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{A0FB4120-8CF6-4F1D-9224-04EFAEEC1049}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{A2F4F0EF-C111-4F4D-8BE6-79DB5CDA2C1B}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{A3565319-2BFA-4A33-988F-A3B715F7FFC2}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{A6222E9B-0A87-42E7-ABC3-D27E603B5799}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{A8989EA7-88E2-4765-850F-248F6C37EC15}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{A9243B10-CDA8-4D31-A104-53D86D189DF9}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{AD423655-F864-40E3-9355-3F2CD31FEF56}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{AE6F9F4E-80D5-4D0A-A9F9-82EF053BEC57}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{AFDBF427-0C2F-4B13-BE60-C1C2E891617F}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{B01D2965-2DAD-4732-A0A1-25829190812C}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{B67305D0-0AFA-42BF-B9AB-16D9864B3D0F}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{B6828895-304C-4744-B407-0C274284CB8B}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{BC125BF9-34BD-4D13-8325-63E8485184B9}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{C36274CE-2065-4093-8676-B779FEAA644A}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{C5A9C4C4-538A-4283-8418-368086FCB0E0}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{C6CE3579-F50B-4E97-B403-5EA3939D4C54}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{D2921ABB-E2C3-41CA-9E5A-EF1BF3FE9BD4}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{D9BE2610-AD63-4299-96A9-D07204A5EC34}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{DC64342B-4FBB-42BE-868D-B1DA4F996AAA}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{DC93F1A2-94AC-4BBE-83A3-1AC346DA6264}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{E03D1419-438E-4F95-9C94-811B73A4533B}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{E1AF6EA8-E989-4574-A4ED-77A490B52ECD}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{E4EB2857-E33D-4C12-B5E1-77AAFB94824F}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{E6CD3432-A886-46A3-A471-E69E125FEC20}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{EA9773D7-AAE0-4154-9310-9480D2142D2F}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{EFC30657-C1F3-4D59-987C-973E4209329E}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{F183ACC2-9CC9-4E99-BB20-D6E12FE99356}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{F3D28F41-766A-4B2A-A4D4-E7D9FAEFE07A}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{F46BEF33-C01A-4A03-AC05-FB3333DA115D}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{F5EAA791-A1A3-4B38-B48D-5E2CA0F646D4}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{FC92F10B-CCB4-4FE8-8B90-EA7A688067E2}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{FDF947A8-055E-4F95-93A7-02D51FA816FC}





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 18/04/2015 at 11:36:09.26
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

vista_guy_123

Thread Starter
Joined
Apr 21, 2013
Messages
40
Results of screen317's Security Check version 1.00
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus out of date!
`````````Anti-malware/Other Utilities Check:`````````
CCleaner
Cleaner 5 EZ
Java 7 Update 72
Java 8 Update 45
Java version 32-bit out of Date!
Adobe Flash Player 16.0.0.305 Flash Player out of Date!
Adobe Reader XI
Google Chrome (41.0.2272.101)
Google Chrome (41.0.2272.118)
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
AVAST Software Avast ng vbox\AvastVBoxSVC.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1 %
````````````````````End of Log``````````````````````
 

blues_harp28

Moderator
Joined
Jan 9, 2005
Messages
19,431
Malwarebytes Anti-Malware

Registry Keys: 8
Trojan.Poweliks.B, HKU\S-1-5-21-834678876-121628085-4119492225-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}, Quarantined, [8229b7b691f9b0860669847e2ad67e82],
Hijack.Trojan.Siredef.C, HKU\S-1-5-21-834678876-121628085-4119492225-1000_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}, Quarantined, [1398ff6e87036fc71506b849ac54d12f],
Hijack.Trojan.Siredef.C, HKU\S-1-5-21-834678876-121628085-4119492225-1001_Classes\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}, Quarantined, [1398ff6e87036fc71506b849ac54d12f],
Hijack.Trojan.Siredef.C, HKU\S-1-5-21-834678876-121628085-4119492225-1002_Classes\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}, Quarantined, [1398ff6e87036fc71506b849ac54d12f],
Hijack.Trojan.Siredef.C, HKU\S-1-5-21-834678876-121628085-4119492225-1003_Classes\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}, Quarantined, [1398ff6e87036fc71506b849ac54d12f],
Trojan.Poweliks.B, HKU\S-1-5-21-834678876-121628085-4119492225-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}, Quarantined, [dfccabc2f39742f475fa56acb848d52b],
Trojan.Poweliks.B, HKU\S-1-5-21-834678876-121628085-4119492225-1002_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}, Quarantined, [75362d40484255e1393653af11efdf21],
Trojan.Poweliks.B, HKU\S-1-5-21-834678876-121628085-4119492225-1003_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}, Quarantined, [65469fce79115bdb5f103ec455ab7090],
Although Malwarebytes has Quarantined the registry keys above.
We will need to ask one of our Malware experts to check that your pc is clean
 

blues_harp28

Moderator
Joined
Jan 9, 2005
Messages
19,431
A message has been sent to one of our Malware experts.
They are always busy and will reply when they are available.
 

blues_harp28

Moderator
Joined
Jan 9, 2005
Messages
19,431
A Malware expert has checked your post and it is not good news.
I quote their reply.

This is a Remote Access Infection.

A Remote Access Infection allows the person who infected your computer to use your computer as if he were sitting in front of it, and he may ....
  • Steal bank account details.
  • Steal credit card numbers.
  • Steal your personal details.
  • Modify your computer to make it easier to infect.
  • Use your computer as part of a botnet, to distribute porn or spam.
  • Anything else he cares to think of ..... and most attackers are very inventive people.

You are strongly advised to do the following immediately ....
  • Disconnect the infected computer from the internet and from any networked computers.
  • Call all of your banks, credit card companies, and financial institutions, and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.
  • From a clean computer, change all your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups you belong to.

Do not change passwords or do any transactions while using the infected computer, because the attacker will get the new passwords and transaction information.

The only way to remove these type of infections and leave yourself with a secure computer, is to re-format your hard drive and re-install Windows.

It is impossible to discover all of the modifications that your attacker may have made to your computer while he had access to it, and though we may be able to remove all the obvious signs of infection from your computer, and leave you with an apparently fully functioning machine, that does NOT mean it would be Secure.

If you use your computer for banking, finance, online payments, other confidential data..... then a re-format and re-installation should be the only choice you should make.

If you insist, we are prepared to help you "clean" your machine, but we advise you against this course of action, and you must understand that although we may be able to restore your computer to a usable condition, it will NOT be secure until a re-format and Windows re-installation is performed, and should not be used for any of the activities listed above.
To help you decide, please take some time to read the following articles, then let me know how you want to proceed.
(Any removal help would actually come from here at TSG, but you need to understand the agenda.)
 

vista_guy_123

Thread Starter
Joined
Apr 21, 2013
Messages
40
It turns out my power supply was faulty. A new power supply was installed and the computer is fine again.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top