Desktop Endless Rebooting

Satisfied with your incredible help on my laptop, I'm looking for assistance with my daughter's desktop. It is an HP/Compaq operating Windows XP. The computer continuously reboots, only when it detects an internet connection.

I have ran all programs as instructed in READ ME FIRST except for Bitdefender and Panda. To download all the malware cleaning programs it took almost two days of constant downloading before the computer would shutdown and reboot. One by one, but I did it! The messages that come up are as follows. As soon as the computer starts & the desktop appears the following error is shown: " Error Signature: SzAppName:lsass.exe szAppVer:5.1.2600.1106 szModName:unkown SzModVer:0.0.0.0. offset:00000000"

Then if I plug in the LAN cable (normal or safe mode) to download additional programs for cleaning or access the web (even if an explorer window is NOT opened), the following window opens with a 60 second timer countdown:
"SYSTEM SHUTDOWN X"
The system is shutting down. Please save all work in progress and log off. Any unsaved changes will be lost. This shutdown was initiated by NT AUTHORITY SYSTEM. Time before shutdown:00:00:60
Message:

THe system process 'C:\windows\system32\lsass.exe' terminated unexpectedly with status code - 1073741819. The system will now shut down and restart.

I have a HJT log availabel, let me know if I should post it. Sorry for the long message.

 

Go ahead and post the HijackThis log.

 

Here's the HJT log:

 

Scan with HijackThis and fix the following:

Download and Run
- CWShredder ......No installation required! Just unzip it to a folder.

REBOOT

Post a fresh HijackThis log.

 

Followed the instructions. CWShredder found nothing, here is the new log:

 

OK, those lines didn't come back.

REBOOT to Safe Mode.

Open Windows Explorer, navigate to and delete the following:

Now run CCleaner. If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.

Then, as an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

REBOOT to Normal Mode.
Follow the directions for Running Ewido Security Suite.

Run CCleaner before doing the below.

Download WinPFind

Extract it to the root folder of drive C ( C:\ ). This will create a folder called WinPFind in the C:\ folder. Inside C:\WinPFind is a file called WinPFind.exe. Double-click on this file to launch the program. Once it is launched, click on the Start Scan button and wait for it to finish. This program will scan large amounts of files on your computer for known patterns so please be patient while it works as it can take a while, upwards to 30 minutes or more.

When it is done, it will show the results of the scan. Click on the Copy to Clipboard button and then paste the contents of the log in your clipboard. Then save it to a file using notepad and upload the text file here as an attachment.

Post both the Ewido log and the WinPFind log.

 

same problem

 

REBOOT to Safe Mode; open Windows Explorer and delete the following files:

Next scan with HijackThis and fix teh following:

REBOOT to Normal Mode.

Post a fresh HijackThis log.

 

same problems still

 

Your log is clean.

Update your system to Service Pack 2.
http://www.microsoft.com/downloads/...be-3b8e-4f30-8245-9e368d3cdb5a&displaylang=en

That should fix your error.

 

I cannot connect to the internet with enough time to download the update because the virus is continually rebooting. Is there a way to save the update to cd or flash drive from another computer and then transfer? If so please advise.

 

I used a flash drive on another computer and downloaded service pack 2 onto the problem pc. I no longer have the continual reboot. However the LSA Shell error message did come up once on a reboot. Here are my logs, I'm sure they need some cleaning......

 

Scan with HijackThis and fix the following:

REBOOT to Safe Mode.

Open Windows Explorer; navigate to and delete the following:

Now run CCleaner. If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.

Then, as an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

REBOOT to Normal Mode.

Try running Panda ActiveScan and post the log along with a fresh HijackThis log.

 

I cannot run PANDA even after numerous reboots and uninstalls??? Here is an updated HJT. COuld you also advise on the explorer settings in the log. Some don't look familiar. Thanks

 

Download, install and run BlackLight by F-Secure.

Post the log once finished.

Your HijackThis log doesn't so the infecton amymore.

 

Ran Blacklight and it found nothing. I wasn't sure if you wanted a log from Blacklight or HJT. Blacklight didn't offer a log so I posted another HJT log. Could you please let me know what the " http://qus10.hpwis.com" lines are in the HJT log and if I should get rid of it?

 

Scan with HijackThis and fix the following:

Other than that your logs are clean.

You are most likely experiencing problems with the OS itself, and you would get better assistance with thatover in the software forum.

 

rescanned and fixed above. Here's a new HJT. Should I create a restore point now?

 

Yes, disable system restore then enable system restore. You don't have to reboot.

 

Thanks for all the help, MajorGeeks Rules!