Windows XP loads then automatically reboots

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

jschuber1

Thread Starter
Joined
Feb 27, 2010
Messages
1
I'm running Windows XP Home w/ sp3. I think I have the same problem reported by octa21 on August 18, 2009. I'm not sure I posted in the correct category, but that's where I found the August post.

Originally machine would load desk top and reboot automatically. While rebooting I would get message: 'msln program not found - skipping autocheck'. I followed advice for the August post:

1) rebooted in safe mode with networking
2) ran Malwarebytes and deleted problems
3) ran Combofix
4) ran speedyPC and fixed problems suggested (this was not suggested in the original post)

If I reboot normally I no longer get the 'msln' message but the auto reboot cycle continues.
There were a number of problems found with the malware scan. Included is the log from Malwarebytes and part of the Combofix log. I exceeded the 30,000 character limit.

Any help would be greatly appreciated!

------------------------------
Malwarebytes' Anti-Malware 1.44
Database version: 3805
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 7.0.5730.11
2/27/2010 7:40:24 PM
mbam-log-2010-02-27 (19-40-24).txt
Scan type: Quick Scan
Objects scanned: 180786
Time elapsed: 6 minute(s), 33 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 2
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a072ec12-a40b-41dd-9a1a-cdb848b70f3c} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a3ed5288-f558-4f6e-8d5c-740cb6f89029} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7370f91f-6994-4595-9949-601fa2261c8d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bad4551d-9b24-42cb-9bcd-818ca2da7b63} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bd4f7a6d-0107-4bdf-b72b-021b717b06ce} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f919fbd3-a96b-4679-af26-f551439bb5fd} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AvScan (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c003e790 (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
C:\Program Files\AntiVirus 2009 (Rogue.AntiVirus2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\John\Start Menu\Antivirus 2009 (Rogue.AntiVirus2008) -> Quarantined and deleted successfully.
Files Infected:
C:\RECYCLER\ADAPT_Installer.exe (Trojan.Agent) -> Quarantined and deleted successfully.
----------------------------

ComboFix 10-02-27.04 - John 02/27/2010 19:57:20.1.2 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.350 [GMT -5:00]
Running from: c:\documents and settings\John\Desktop\Combo-Fix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\RegGenie
c:\program files\RegGenie\Backups\40236.723479456
c:\program files\RegGenie\Logs\Scan on 2-27-2010 5-21-45 PM.txt
c:\program files\RegGenie\RegGenie.bim
c:\program files\RegGenie\RegGenie.bin
c:\program files\RegGenie\unins000.dat
c:\program files\RegGenie\unins000.msg
c:\recycler\S-1-5-21-1960408961-616249376-725345543-1003
c:\recycler\S-1-5-21-3977344382-2026929294-377546046-1003
c:\recycler\S-1-5-21-4177353770-3306631302-1120986501-1003
c:\windows\jestertb.dll
c:\windows\setup.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ZESOFT

((((((((((((((((((((((((( Files Created from 2010-01-28 to 2010-02-28 )))))))))))))))))))))))))))))))
.
2010-02-28 00:29 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-28 00:29 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-27 23:23 . 2010-02-27 23:23 -------- d-----w- c:\windows\system32\wbem\Repository
2010-02-27 23:22 . 2010-02-27 23:22 -------- d-----w- c:\documents and settings\John\Application Data\McAfee
2010-02-27 23:19 . 2010-02-27 23:20 -------- d-----w- c:\program files\AllMusicConverter
2010-02-27 23:19 . 2010-02-27 23:20 -------- d-----w- c:\program files\AllMusicConverter Media Suite
2010-02-27 23:19 . 2010-02-27 23:19 -------- d-----w- c:\program files\Musicnotes
2010-02-27 22:03 . 2010-02-27 22:03 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedyPC
2010-02-27 22:03 . 2010-02-28 00:05 -------- d-----w- c:\program files\SpeedyPC
2010-02-27 13:38 . 2010-02-27 23:19 -------- d-----w- C:\RECYCLER(2)
2010-02-27 00:29 . 2010-02-27 00:29 -------- d-----w- c:\documents and settings\John\Application Data\Malwarebytes
2010-02-27 00:29 . 2010-02-28 00:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-27 00:29 . 2010-02-27 00:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-25 15:32 . 2010-02-25 15:32 -------- d-----w- c:\windows\system32\drivers\NAV
2010-02-25 15:32 . 2010-02-27 23:21 -------- d-----w- c:\program files\Norton AntiVirus
2010-02-25 15:32 . 2010-02-25 15:32 -------- d-----w- c:\program files\Windows Sidebar
2010-02-25 15:09 . 2010-02-25 15:09 -------- d-----w- c:\program files\NortonInstaller
2010-02-25 13:19 . 2010-02-27 23:22 -------- d-----w- c:\documents and settings\Administrator.SCHUBERTPC1.000\Local Settings\Application Data\Microsoft
2010-02-25 13:19 . 2007-11-25 21:21 -------- d-----w- c:\documents and settings\Administrator.SCHUBERTPC1.000\Local Settings\Application Data\Apple Computer
2010-02-25 13:19 . 2007-11-25 21:21 -------- d-----w- c:\documents and settings\Administrator.SCHUBERTPC1.000\Application Data\Apple Computer
2010-02-25 13:19 . 2010-02-27 23:22 -------- d-s---w- c:\documents and settings\Administrator.SCHUBERTPC1.000
2010-02-25 12:49 . 2007-11-25 21:21 -------- d-----w- c:\documents and settings\Administrator.SCHUBERTPC1\Application Data\Apple Computer
2010-02-25 12:49 . 2010-02-27 23:22 -------- d-s---w- c:\documents and settings\Administrator.SCHUBERTPC1
2010-02-25 12:49 . 2010-02-27 23:22 -------- d-----w- c:\documents and settings\Administrator.SCHUBERTPC1\Local Settings\Application Data\Microsoft
2010-02-25 12:49 . 2007-11-25 21:21 -------- d-----w- c:\documents and settings\Administrator.SCHUBERTPC1\Local Settings\Application Data\Apple Computer
2010-02-25 05:44 . 2007-11-25 21:21 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer
2010-02-25 05:44 . 2007-11-25 21:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer
2010-02-25 05:44 . 2010-02-27 23:23 -------- d-s---w- c:\documents and settings\Administrator
2010-02-24 22:46 . 2010-02-24 22:46 749376 ----a-w- c:\windows\system32\drivers\5P82255.sys
2010-02-20 22:47 . 2010-02-20 22:47 -------- d-----w- c:\program files\Photo Story 3 for Windows
2010-02-20 19:22 . 2008-04-14 01:12 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2010-02-20 19:22 . 2008-04-14 01:12 8192 ----a-w- c:\windows\system32\wshirda.dll
2010-02-20 19:22 . 2008-04-14 01:11 28160 -c--a-w- c:\windows\system32\dllcache\irmon.dll
2010-02-20 19:22 . 2008-04-14 01:11 28160 ----a-w- c:\windows\system32\irmon.dll
2010-02-20 19:22 . 2008-04-14 01:12 151552 -c--a-w- c:\windows\system32\dllcache\irftp.exe
2010-02-20 19:22 . 2008-04-14 01:12 151552 ----a-w- c:\windows\system32\irftp.exe
2010-02-20 19:22 . 2008-04-13 19:39 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2010-02-20 19:22 . 2008-04-13 19:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-02-19 02:23 . 2010-02-18 12:46 5688 ----a-w- c:\windows\system32\MusCVideo.sys
2010-02-19 02:23 . 2010-02-18 12:46 14392 ----a-w- c:\windows\system32\MusCVideo.dll
2010-02-19 02:23 . 2010-02-18 12:46 23096 ----a-w- c:\windows\system32\MusCAudio.sys
2010-02-19 02:23 . 2010-02-18 12:46 23096 ----a-w- c:\windows\system32\drivers\MusCAudio.sys
2010-02-19 02:23 . 2010-02-17 23:21 245760 ----a-w- c:\windows\system32\snmvtsvc.exe
2010-02-12 13:42 . 2010-02-12 13:43 -------- d-----w- C:\Click to DVD 2
2010-01-30 15:54 . 2010-01-30 15:54 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-01-29 13:39 . 2010-01-29 13:39 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-28 00:43 . 2008-08-25 03:15 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-02-27 23:36 . 2009-12-09 23:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-02-27 23:21 . 2009-12-09 23:49 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-02-26 21:13 . 2005-01-31 02:45 262144 -c--a-w- C:\NTUSER.DAT
2010-02-25 15:44 . 2004-11-17 03:07 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-02-25 15:33 . 2004-11-17 03:07 -------- d-----w- c:\program files\Symantec
2010-02-25 05:55 . 2010-02-25 05:55 136 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\fusioncache.dat
2010-02-25 05:55 . 2010-02-25 05:55 67728 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-25 01:55 . 2005-01-31 02:34 90112 ----a-w- c:\windows\DUMP34cb.tmp
2010-02-12 13:42 . 2005-02-16 00:25 -------- d-----w- c:\documents and settings\John\Application Data\Sony Corporation
2010-02-04 02:22 . 2005-01-31 01:38 67728 ----a-w- c:\documents and settings\John\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-02 02:52 . 2007-11-25 22:05 2346 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2008\qbbackup.sys
2010-02-02 01:54 . 2005-01-31 23:13 52840 ----a-w- c:\documents and settings\Beth\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-29 13:38 . 2004-11-15 23:42 -------- d-----w- c:\program files\Google
2010-01-24 01:29 . 2010-01-24 01:29 849184 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2008\Components\DownloadQB18\Patch\qbpatch.exe
2010-01-05 10:00 . 2004-11-15 20:30 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2004-11-15 20:29 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2004-11-15 20:29 17408 ----a-w- c:\windows\system32\corpol.dll
2009-12-31 16:50 . 2004-11-15 20:30 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-16 18:43 . 2004-11-15 21:41 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2004-11-15 20:29 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:26 . 2004-08-03 23:18 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2004-08-03 22:59 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2004-11-15 20:30 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2005-04-12 17:09 . 2005-04-12 17:09 676813 -c--a-w- c:\program files\VBC.ZIP
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 88209]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-10-08 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-10-08 126976]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 61952]
"CreateCD_Reminder"="c:\windows\Sonysys\VAIO Recovery\reminder.exe" [2004-07-16 53248]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"SoundMan"="SOUNDMAN.EXE" [2004-10-21 77824]
"AlcWzrd"="ALCWZRD.EXE" [2004-10-22 2744832]
"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2004-09-22 151552]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2004-12-14 176128]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"V0230Mon.exe"="c:\windows\V0230Mon.exe" [2006-09-06 32768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-29 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"NAV"="c:\program files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV\562C4DD5\17.5.0.127\InstStub.exe" [2010-02-27 728704]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
$McRebootA5E6DEAA56$.lnk - c:\windows\system32\cmd.exe [2004-11-15 389120]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2008-10-22 972064]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2005-4-12 118784]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
backup=c:\windows\pss\NkbMonitor.exe.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVFX Engine]
2006-08-16 05:12 24576 -c----w- c:\program files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top