Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Restarts everyday with out warning!


  • This topic is locked This topic is locked
1 reply to this topic

#1 Ready2Work

Ready2Work

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:45 PM

Posted 12 October 2011 - 08:14 AM

my laptop restarts everyday around 11:00. it asks me real quick if i want to save my excel but doesn't wait for a reply and begins to restart. i can not figure out why it is doing this.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by GPG Employee at 16:49:58 on 2011-10-11
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3327.1062 [GMT -7:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\FedEx\ShipManager\BIN\FedEx.Gsm.Common.LoggingService.exe
C:\Program Files\FedEx\ShipManager\SQLAnywhere\Bin32\dbsrv11.exe
C:\ProgramData\FileOpen\Services\FileOpenManagerSvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\System Control Manager\MSIService.exe
c:\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\FedEx\ShipManager\BIN\AdminService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\windows\system32\conhost.exe
C:\Program Files\FedEx\ShipManager\BIN\ShipEngineService.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\FedEx\ShipManager\BIN\TransEngineService.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\System Control Manager\MGSysCtrl.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Crawler\Smileys\CSmileysIM.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\MPower2006\mpower2006.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\windows\system32\spool\DRIVERS\W32X86\3\hpmup094.bin
C:\ProgramData\FileOpen\Services\FileOpenBroker32.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\GPG Employee\Downloads\mwm7ceur.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\windows\system32\conhost.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\windows\system32\conhost.exe
C:\Users\GPG Employee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\GPG Employee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\GPG Employee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\system32\prevhost.exe
C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe
C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.hawthornecat.com/
uDefault_Page_URL = hxxp://www.msi.com
uSearch Bar = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80012
mCustomizeSearch = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80012
uURLSearchHooks: N/A: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - c:\progra~1\inboxt~1\Inbox.dll
BHO: : {11bf46c6-b3de-48bd-bf70-3ad85cab80b5} - c:\progra~1\sitera~1\SiteRank.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: : {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - c:\progra~1\crawler\ctbr.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: : {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - c:\progra~1\inboxt~1\Inbox.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Crawler Toolbar: {4b3803ea-5230-4dc3-a7fc-33638f3d3542} - c:\progra~1\crawler\ctbr.dll
TB: &Inbox Toolbar: {d7e97865-918f-41e4-9cd0-25ab1c574ce8} - c:\progra~1\inboxt~1\Inbox.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [MGSysCtrl] c:\program files\system control manager\MGSysCtrl.exe
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [CSmileys] "c:\program files\crawler\smileys\CSmileysIM.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\autoru~1\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvLsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {FB298ECE-4D17-414A-A5E8-FABC938796B2} - hxxp://www.kohlerplus.com/_bin/AWSDrawingViewer.cab
TCP: DhcpNameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{2F5F947D-01DC-426A-B06C-01A84DC1770E} : DhcpNameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{2F5F947D-01DC-426A-B06C-01A84DC1770E}\36963736F63726 : DhcpNameServer = 68.105.28.11 68.105.29.12
TCP: Interfaces\{2F5F947D-01DC-426A-B06C-01A84DC1770E}\74C6F62616C60205F6775627027427F65707 : DhcpNameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{2F5F947D-01DC-426A-B06C-01A84DC1770E}\84F6C64656D6 : DhcpNameServer = 10.0.0.1
TCP: Interfaces\{2F5F947D-01DC-426A-B06C-01A84DC1770E}\C696E6B6379737 : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{2F5F947D-01DC-426A-B06C-01A84DC1770E}\E4544574541425D223E243D274 : DhcpNameServer = 10.0.0.1
TCP: Interfaces\{E89683FE-1C5F-43DE-B274-84500B139139} : DhcpNameServer = 208.67.222.222 208.67.220.220
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - c:\progra~1\inboxt~1\Inbox.dll
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\crawler\ctbr.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 10.0.1.12 NPI7FD12C
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\gpg employee\appdata\roaming\mozilla\firefox\profiles\46vha4dg.default\
FF - prefs.js: browser.search.selectedEngine - Inbox Search
FF - prefs.js: browser.startup.homepage - hxxp://66.240.236.242/admin/
FF - prefs.js: keyword.URL - hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=sf&tbid=80012&language=en&qkw=
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\gpg employee\appdata\local\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-10-6 36000]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-10-6 86224]
R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2011-10-6 110032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-10-6 74640]
R2 FedExAdminService;FedEx Administration Service;c:\program files\fedex\shipmanager\bin\AdminService.exe [2011-5-10 24576]
R2 FedExLoggingService;FedEx Logging Service;c:\program files\fedex\shipmanager\bin\FedEx.Gsm.Common.LoggingService.exe [2011-5-10 7168]
R2 FedExShipnetDBService;FedEx Shipnet Database Service;c:\program files\fedex\shipmanager\sqlanywhere\bin32\dbsrv11.exe [2011-5-10 130352]
R2 FileOpenManagerSvc;FileOpenManagerSvc;c:\programdata\fileopen\services\FileOpenManagerSvc32.exe [2011-3-9 212352]
R2 Micro Star SCM;Micro Star SCM;c:\program files\system control manager\MSIService.exe [2009-11-6 160768]
R2 MSSQL$UPSWSDBSERVER;SQL Server (UPSWSDBSERVER);c:\ups\wstd\mssql.1\mssql\binn\sqlservr.exe -supswsdbserver --> c:\ups\wstd\mssql.1\mssql\binn\sqlservr.exe -sUPSWSDBSERVER [?]
R3 FedExShipService;FedEx Shipping Engine;c:\program files\fedex\shipmanager\bin\ShipEngineService.exe [2011-5-10 5120]
R3 FedExTransactionService;FedEx Transaction Engine;c:\program files\fedex\shipmanager\bin\TransEngineService.exe [2011-5-10 6656]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2009-6-17 40720]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2009-6-17 10384]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-11-6 64032]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [2009-11-6 17920]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-1-14 55264]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2008-12-8 533344]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\drivers\netr28.sys [2009-11-2 626688]
S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2010-10-13 16472]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-11-6 166912]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2009-5-25 32408]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-8 52224]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-31 1343400]
.
=============== Created Last 30 ================
.
2011-10-11 18:05:57 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{e69da50a-bd57-43d7-88ba-95b530f39e48}\offreg.dll
2011-10-11 10:39:20 7269712 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{e69da50a-bd57-43d7-88ba-95b530f39e48}\mpengine.dll
2011-10-06 18:52:41 -------- d-----w- c:\users\gpg employee\appdata\roaming\Avira
2011-10-06 18:52:13 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-10-06 18:52:13 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-10-06 18:52:12 -------- d-----w- c:\programdata\Avira
2011-10-06 18:52:12 -------- d-----w- c:\program files\Avira
2011-10-06 18:04:54 388096 ----a-r- c:\users\gpg employee\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-10-06 18:04:54 -------- d-----w- c:\program files\Trend Micro
2011-09-12 20:25:00 -------- d-----w- c:\program files\Microsoft Streets & Trips
2011-09-12 20:24:15 -------- d-----w- c:\program files\Microsoft Location Finder
.
==================== Find3M ====================
.
2011-09-06 13:18:10 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-22 02:54:43 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-07-22 02:48:26 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-07-22 02:44:36 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-16 04:27:30 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 02:17:19 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
.
============= FINISH: 16:51:03.80 ===============

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:45 PM

Posted 12 October 2011 - 01:31 PM

Duplicate topic it will be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users