PC rebooting repeatedly, serious system error

The log from GetRunkey is runkeys.txt All other files are temporary work files to build the final log. Please attch runkeys.txt


Did you install all those keyloggers found by CounterSpy? If so, why! Also why did you have CounterSpy Ignore everything?

 

You should uninstall all of them!

Run it again and allow it to quarantine or delete all the problems it finds. You can ignore Weatherbug if you really want it but it is considered adware.

You saved GetRunKey.zip and ShowNew.zip like this

Code:

 "C:\Documents and Settings\Owner\Local Settings\Temp\"
getrun~1.zip  Feb 28 2007       68823  "GetRunKey.zip"
shownew.zip   Feb 28 2007       64035  "ShowNew.zip"

anything saved in a temp folder is susceptable to deletion. Running CCleaner or similar will delete these files. Thus this is not a good place to save things to.

I also suggest you cleanup all the clutter from your Desktop. You are making it too easy for malware to hide there. Save downloads someplace else that is more permanent if you need them. If not needed, delete them.

 

I suggest you remove them all for now to make our cleanup easier. Otherwise you risk having it get broken anyway since it is hard for the tools to know the difference between what you would consider a valid keylogger and a bad one. They all look suspicious to the tools. You can reinstall it after we have finished.

Okay! I suggest you learn to navigate to a different folder (like a C:\Downloads folder) to save you downloads in. It only takes a couple of clicks and can keep you more organized.

Yes I can!

NOOOO! HijackThis is not a malware reporting tool! If you fix everything reported by HJT you could make your PC unusable. Only fix what we tell you to.

After removing all the keyloggers, continue with the below.

You already have the current Sun Java version install but you have a load of old versions you should have uninstalled first.

Uninstall the below old versions of software:
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_05
Java 2 Runtime Environment, SE v1.4.2_06
Mozilla Firefox (1.5.0.9)

Make sure you reboot after uninstalling the above!

Then install the current version of FireFox from: Mozilla Firefox

ShowNew removed a bunch of bad files!
Why are you running without any antivirus and without a real software firewall to protect you. The Windows firewall does not provide adequate protection.

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O21 - SSODL: URLREWIN - {EB9BDABE-1BD2-445B-9A13-BA9C7D2E3CA9} - (no file)

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
C:\Documents and Settings\Owner\Desktop\hk_setup.exe
C:\old data\My Documents\iMeshV3.exe
C:\WINDOWS\system32\asrupdate.exe

Now we need to Reset Web Settings:

1. If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
2. Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
3. If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

Note for IE 7 users: You need to select Internet Options then the Advanced tab and then Reset Internet Explorer Settings!

Now reboot in normal mode

Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Now locate the below folders and delete it if found:
C:\Program Files\Common Files\{30C1037B-0833-1033-0709-040804030001}
C:\Program Files\Common Files\{60C1037B-0833-1033-0709-040804030001}
C:\Program Files\Common Files\{60C1037B-0834-1033-0709-040804030001}

Now run Ccleaner

Now please download BlacklightBeta

• Download blbeta.exe and save it to the Desktop.
• Once saved... double click blbeta.exe to install the program.
• Click accept agreement and Click scan
  This app too may fire off a warning from antivirus. Let the driver load.
  Wait for it to finish.
• If it displays any items...don't do anything with them yet. Just hit exit (close)
• It will drop a log on Desktop that starts with fsbl....big number

Now attach the below new logs and tell me how the above steps went.

1. BlackLight log
2. GetRunKey
3. ShowNew
4. HJT

Make sure you tell me how things are working now!

 

After you finish the other steps, download, install, update, and run a full scan with the below:

AVG Free Edition


This free tool also automatically updates.

 

This is not likely to be a malware issue. It is more than likely related to your hardware and drivers. You would be better off addressing this in the Hardware (maybe Software but it is hardware specific) Forum.

Okay now uninstall the Sunbelt CounterSpy trial since we are finished with it now! Then delete the below two folders left behind by the uninstall:
C:\Documents and Settings\All Users\Application Data\Sunbelt Software
C:\Program Files\Sunbelt Software

Do you know what the below very large file is for? It is extremely suspicious to have such a large DLL file. Could this have been related to one of your keyloggers?

Code:

"C:\WINDOWS\system32\"
pnccache.dll  Feb 28 2007   178803351  "pnccache.dll"

I would like to get some more info on the pnccache.dll file. Locate it using Windows Explorer and then right click on it and select Properties. Now see if there is a Version tab in the window. If so, select the Version tab and on the next window select each of the listed Item names (one at a time) to get more info about the file. The most important Item is the company name. If there is no Version tab, tell me that too.


If you are not having any other malware problems, it is time to do our final steps:

1. If we used Pocket Killbox during your cleanup, do the below
   • Run Pocket Killbox and select File, Cleanup, Delete All Backups
2. If we used ComboFix you can delete the ComboFix.exe file and associated C:\combofix.txt log that was created.
3. If we user SDFix you can delete all the SDFix related files and folders from your Desktop or whereever you installed it.
4. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
5. If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.
6. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
7. You can delete the ShowNew.Zip and GetRunkey.Zip files and the files that you extracted from the ZIP files. You can also delete the C:\newfiles.txt and C:\runkeys.txt logs that were created
8. If you are running Windows XP or Windows ME, do the below:
   • go back to step 8 of the READ & RUN ME to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
9. After doing the above, you should work thru the below link:
   • How to Protect yourself from malware!