Report

My laptop is shutting down and restarting over and over [Solved]

Ask a question Romario704 1Posts Saturday November 19, 2016Registration date November 19, 2016 Last seen - Last answered on Nov 20, 2016 06:57AM
Hi,
I have an asus rog g752 with windows 10, i resently tried to download a file but i'm guessing it turned out to be a virus. After 2 to 5 minutes from turning on the laptop the mouse icon disappears and the laptop restarts.
I would really appreciate it if someone can help me out.
Thanks in advance
See more 
Helpful
+1
moins plus
To help you and prescribe the remedy, I must make a diagnostic and to do so, I require a report.

Try to boot your machine in safemode with networking

1. Open this link and download ZHPDiag :
http://www.nicolascoolman.fr/download/zhpdiag/
(Don't be alarmed is the site is in French, it sometimes happens, the tool will take your system language and allow the download if you get a warning message, ignore it.) Click on the download button

2. Save the file on your Desktop.

3. Double click on ZHPDiag.exe and follow the installation instructions.

(For Vista, Win 7 and 8 users, click right to ensure you execute with admin right)

4. Double click on the short cut ZHPDiag on your Destktop.

5 Click on scan
Wait for the tool to finished (maybe a long time)

6. Close ZHPDiag.

7. To transmit the report, click on this link :

http://www.tinyupload.com/index.php

8. Search the directory where you installed ZHPDiag (usually C:\desktop\zhpdiag.txt).
9. Copy the url link obtained from tinyupload and paste it here in your reply.
Ambucias
Moderator and Virus/Security Contributor
Add comment
Helpful
+0
moins plus
Hi Ambucias,

thank you for your fast reply. i didwhat you asked me to do and this is the link:
http://s000.tinyupload.com/pgbar.php?iTotal=-1&iRead=0&iStatus=1&sessionid=r90m7t7ske73nbbp0ubv0a9ol6
Thank you for your help
Add comment
Helpful
+0
moins plus
hi again,
sorry i sent you the wrong link
this is the correct one:
http://s000.tinyupload.com/?file_id=05697760017526243481

thank you,
Add comment
Helpful
+0
moins plus
Hello

Sorry for the late reply, I had to logout for awhile.

You do have an infected computer.

Here is the remedy:

1. Download ZHPFix here

http://www.nicolascoolman.fr/download/zhpfix/

2. Select and copy all of the following bold lines:

Script ZHPFix
FirewallRaz
EmptyPrefetch
EmptyTemp
EmptyFlash
O42 - Logiciel: ContentPush - (.ContentPush.) [HKLM][64Bits] -- ContentPush
HKLM\SOFTWARE\Wow6432Node\4A4CF1958828126D99BCEF1DEF9B2EF8
HKCU\SOFTWARE\4A4CF1958828126D99BCEF1DEF9B2EF8
3 - CFD: 19/11/2016 - [] D -- C:\Program Files (x86)\ContentPush
3 - CFD: 08/08/2016 - [] D -- C:\ProgramData\KMSAutoS
3 - CFD: 19/11/2016 - [] D -- C:\Users\romar\AppData\Roaming\ContentPush
3 - CFD: 24/09/2016 - [] D -- C:\Users\romar\AppData\Roaming\FileOpenerWindows
O61 - LFC: 2016/11/19 18:11:31 A . (..) -- C:\Users\romar\AppData\Roaming\ContentPush\ContentPush.exe [263621]
O61 - LFC: 2016/11/19 18:13:27 A . (..) -- C:\Users\romar\AppData\Roaming\ContentPush\Uninstall.exe [75485]
C:\ProgramData\KMSAutoS
C:\Users\romar\AppData\Roaming\FileOpenerWindows
M0 - MFSP: prefs.js [romar - v6t3jur0.default] https://mail.ru/cnt/11956636?fr=ffhp1.0.3&gp=818406
P2 - EXT FILE: (...) -- C:\Users\romar\AppData\Roaming\Mozilla\Firefox\Profiles\v6t3jur0.default\searchplugins\mailru.xml
O4 - HKLM\..\Run: [WindowsDefender] C:\Program Files (x86)\Windows Defender\MSASCuiL.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [app] C:\Program Files (x86)\wanttoxiamen\uc.exe (.not file.)
HKCU\SOFTWARE\IM
HKCU\SOFTWARE\Mail.Ru
HKCU\SOFTWARE\AppDataLow\Software\Mail.Ru
O43 - CFD: 23/07/2016 - [0] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarGame
O43 - CFD: 23/10/2016 - [] D -- C:\ProgramData\boost_interprocess
O43 - CFD: 19/11/2016 - [] D -- C:\ProgramData\Mail.Ru
O43 - CFD: 02/07/2016 - [] D -- C:\Users\romar\AppData\Local\CrashRpt =>.Superfluous.CrashReports
O43 - CFD: 19/11/2016 - [] D -- C:\Users\romar\AppData\Local\Mail.Ru
O61 - LFC: 2016/11/19 16:32:18 A . (.A files company.) -- C:\Users\romar\Downloads\Quixel SUITE 2 Full Crack.exe [4596416] {00F9A0B732F6BE25D1CD00F711ACFC1228}
O87 - FAEL: "UDP Query User{0078F22E-2DB9-47B9-AA20-181AE5719C63}C:\program files (x86)\sacc - tdl\call of duty black ops ii\t6sp.exe" [In-None-P17-TRUE] .(...) -- C:\program files (x86)\sacc - tdl\call of duty black ops ii\t6sp.exe (.not file.)
O87 - FAEL: "TCP Query User{6F852BA7-CA2F-49BB-8D36-3BBCBFA73311}C:\program files (x86)\sacc - tdl\call of duty black ops ii\t6sp.exe" [In-None-P6-TRUE] .(...) -- C:\program files (x86)\sacc - tdl\call of duty black ops ii\t6sp.exe (.not file.)
O87 - FAEL: "UDP Query User{756FC004-BF25-484B-896D-AA6A45C8915B}C:\program files (x86)\sacc - tdl\call of duty black ops ii\t6sp.exe" [In-None-P17-TRUE] .(...) -- C:\program files (x86)\sacc - tdl\call of duty black ops ii\t6sp.exe (.not file.)
O87 - FAEL: "TCP Query User{0A34B9D0-8ADE-46C4-BE1A-EB06DCFF30EF}C:\program files (x86)\sacc - tdl\call of duty black ops ii\t6sp.exe" [In-None-P6-TRUE] .(...) -- C:\program files (x86)\sacc - tdl\call of duty black ops ii\t6sp.exe (.not file.)
O87 - FAEL: "UDP Query User{1E1F1466-C977-438B-B92C-C62FB08DCF51}C:\users\romar\desktop\warcraft iii - the tales of raviganion on server\war3.exe" [In-None-P17-TRUE] .(...) -- C:\users\romar\desktop\warcraft iii - the tales of raviganion on server\war3.exe (.not file.)
O87 - FAEL: "TCP Query User{72FCF9E2-22A8-4108-B6E6-A7AB80CFFCA8}C:\users\romar\desktop\warcraft iii - the tales of raviganion on server\war3.exe" [In-None-P6-TRUE] .(...) -- C:\users\romar\desktop\warcraft iii - the tales of raviganion on server\war3.exe (.not file.)
O87 - FAEL: "{4CA26448-F966-4487-8093-1AB2EBF19792}" [In-None-P17-TRUE] .(...) -- C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (.not file.)
O87 - FAEL: "{63DA432A-90F5-4D3D-9BDB-62E73501F5A0}" [In-None-P6-TRUE] .(...) -- C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (.not file.)
O87 - FAEL: "TCP Query User{D256B491-BC55-490E-A869-14F469E4E964}C:\program files (x86)\topgun - hardlock\binary\topgun.exe" [In-None-P6-TRUE] .(...) -- C:\program files (x86)\topgun - hardlock\binary\topgun.exe (.not file.)
O87 - FAEL: "UDP Query User{2C045296-DBD8-46CA-875D-0FAF7B1F6461}C:\program files (x86)\topgun - hardlock\binary\topgun.exe" [In-None-P17-TRUE] .(...) -- C:\program files (x86)\topgun - hardlock\binary\topgun.exe (.not file.)
C:\Users\romar\AppData\Local\CrashRpt =>.Superfluous.CrashReports


3 Close all applications and open ZHP Fix
4. Click on the Import button and the lines will automatically paste themselves.
5. Click on the Go button to clean
6. Confirm by clicking OK
7. ZHP Fix will ask if you wish to empty the bin, click on your choice...it may take time
8. A report will appear on your desktop and on C:\ZHP\ZHPFix[R1].txt which you can copy and paste in your reply.
Add comment
Helpful
+0
moins plus
hello,

i did follow your instruction in a previous post of yours. and did manage to delete some threats using "Malwarebytes Anti-Malware" and my laptop stopped restarting. so i'm not in safe mode anymore, should i go into safe mode again and do the steps you recently required me to do?

thank you
Ambucias 35151Posts Monday February 1, 2010Registration date ModeratorStatus December 6, 2016 Last seen - Nov 20, 2016 06:34AM
No, stay in normal mode.

P.S. You have too many antivirus software on your machine, you should have only one otherwise they may come in conflict with one another.
Reply
Add comment
Helpful
+0
moins plus
hi,
i only had windows deffender it came with the laptop, the other ones can you mention them here please, i did download the antiviruses you recommended in a previous post of yours.

please find attached the report u asked for:

Rapport de ZHPFix 2015.10.19.9 par Nicolas Coolman, Update du 19/10/2015
Fichier d'export Registre :
Run by romar at 11/20/2016 1:36:37 PM
High Elevated Privileges : OK
Windows 8 Home Premium Edition, 64-bit Service Pack 1 (14393)

Recycle Bin emptied (07mn AMs)
Prefetcher emptied

========== Registry keys ==========
REMOVES: HKLM\SOFTWARE\Wow6432Node\4A4CF1958828126D99BCEF1DEF9B2EF8
REMOVES: HKCU\SOFTWARE\4A4CF1958828126D99BCEF1DEF9B2EF8
REMOVES: HKCU\SOFTWARE\IM
REMOVES: HKCU\SOFTWARE\Mail.Ru
REMOVES: HKCU\SOFTWARE\AppDataLow\Software\Mail.Ru

========== Registry values ==========
ABSENT value Standard Profile: FirewallRaz :
ABSENT value Domain Profile: FirewallRaz :
REMOVES: FirewallRaz (None) : MCX-Prov-Out-TCP
REMOVES: FirewallRaz (None) : MCX-McrMgr-Out-TCP
REMOVES: FirewallRaz (Public) : UDP Query User{E699A1DE-A69B-4729-BAA9-2F41C8AF9A6C}C:\program files (x86)\sniper ghost warrior 2\bin32\sniperghostwarrior2.exe
REMOVES: FirewallRaz (Public) : TCP Query User{DE722C2F-4337-4D37-92B4-22C924F28591}C:\program files (x86)\sniper ghost warrior 2\bin32\sniperghostwarrior2.exe
REMOVES: FirewallRaz (Private) : UDP Query User{0078F22E-2DB9-47B9-AA20-181AE5719C63}C:\program files (x86)\sacc - tdl\call of duty black ops ii\t6sp.exe
REMOVES: FirewallRaz (Private) : TCP Query User{6F852BA7-CA2F-49BB-8D36-3BBCBFA73311}C:\program files (x86)\sacc - tdl\call of duty black ops ii\t6sp.exe
REMOVES: FirewallRaz (Public) : UDP Query User{756FC004-BF25-484B-896D-AA6A45C8915B}C:\program files (x86)\sacc - tdl\call of duty black ops ii\t6sp.exe
REMOVES: FirewallRaz (Public) : TCP Query User{0A34B9D0-8ADE-46C4-BE1A-EB06DCFF30EF}C:\program files (x86)\sacc - tdl\call of duty black ops ii\t6sp.exe
REMOVES: FirewallRaz (Public) : UDP Query User{1E1F1466-C977-438B-B92C-C62FB08DCF51}C:\users\romar\desktop\warcraft iii - the tales of raviganion on server\war3.exe
REMOVES: FirewallRaz (Public) : TCP Query User{72FCF9E2-22A8-4108-B6E6-A7AB80CFFCA8}C:\users\romar\desktop\warcraft iii - the tales of raviganion on server\war3.exe
REMOVES: FirewallRaz (Public) : {78A38ED8-7168-4145-819F-22528FB6B38B}
REMOVES: FirewallRaz (Public) : {58A7379D-735B-4BA5-B832-393F13171725}
REMOVES: FirewallRaz (Public) : {12AE6BB1-BE32-4062-AE0A-0E615133C2A1}
REMOVES: FirewallRaz (Public) : {72ED72FF-DB05-4778-A502-28DFD6233744}
REMOVES: FirewallRaz (None) : {4CA26448-F966-4487-8093-1AB2EBF19792}
REMOVES: FirewallRaz (None) : {63DA432A-90F5-4D3D-9BDB-62E73501F5A0}
REMOVES: FirewallRaz (Public) : TCP Query User{D256B491-BC55-490E-A869-14F469E4E964}C:\program files (x86)\topgun - hardlock\binary\topgun.exe
REMOVES: FirewallRaz (Public) : UDP Query User{2C045296-DBD8-46CA-875D-0FAF7B1F6461}C:\program files (x86)\topgun - hardlock\binary\topgun.exe
REMOVES: FirewallRaz (Public) : TCP Query User{1DA4A186-CF61-44E6-B2B0-8ABB31D440B0}C:\program files (x86)\tom clancy's h.a.w.x\hawx.exe
REMOVES: FirewallRaz (Public) : UDP Query User{FA4F444E-A873-420E-BC76-20CADE9EAB71}C:\program files (x86)\tom clancy's h.a.w.x\hawx.exe
REMOVES: FirewallRaz (None) : {2218A3D3-9B06-4B6A-9126-034ABCC0C729}
REMOVES: FirewallRaz (None) : {30A1C91A-30FC-45DE-A417-24223EE4AE53}
REMOVES: FirewallRaz (None) : {242D27CD-5EBC-4643-8E70-D53CF7BBE961}
REMOVES RunValue: WindowsDefender

========== Preferences browser ==========
REMOVES Mozilla Pref: https://mail.ru/cnt/11956636?fr=ffhp1.0.3&gp=818406

========== Folders ==========
Deletes temporary Windows (378)
REMOVES Flash Cookies (0)
REMOVES: c:\programdata\kmsautos
REMOVES: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarGame
REMOVES: C:\ProgramData\boost_interprocess
REMOVES: C:\ProgramData\Mail.Ru
REMOVES: C:\Users\romar\AppData\Local\CrashRpt
REMOVES: C:\Users\romar\AppData\Local\Mail.Ru

========== Files ==========
Deletes temporary Windows (3981) (1,113,767,979 octets)
REMOVES Flash Cookies (0) (0 octets)

========== Other ==========
NON-TREATY 3 - CFD: 19/11/2016 - [] D -- C:\Program Files (x86)\ContentPush
NON-TREATY 3 - CFD: 08/08/2016 - [] D -- C:\ProgramData\KMSAutoS
NON-TREATY 3 - CFD: 19/11/2016 - [] D -- C:\Users\romar\AppData\Roaming\ContentPush
NON-TREATY 3 - CFD: 24/09/2016 - [] D -- C:\Users\romar\AppData\Roaming\FileOpenerWindows


========== Summary ==========
5 : Registry keys
26 : Registry values
8 : Folders
2 : Files
1 : Preferences browser
4 : Other


End of clean in 21mn AMs

========== Path to file report ==========
C:\Users\romar\AppData\Roaming\ZHP\ZHPFix[R1].txt - 11/20/2016 1:36:45 PM [4485]
Add comment
Helpful
+0
moins plus
Okay, you should now be clean as a whistle.

Be careful pf what you download, here the main source of your problem was this: KMSAutoS also a file from Russia. Russian downloads are never to be trusted, not because they are Russian but because there a lot of malware on Russian sites.

Good luck
romario704- Nov 20, 2016 06:57AM
Merci beaucoup, i really appreciate it.
No more Russian sites

Best Regards.
Reply
Add comment

Member requests are more likely to be responded to.

Members can monitor the statuses of their requests from their account pages.

A CCM membership gives you access to additional options.

Not a member yet?

Sign up now. It takes less than a minute and is completely free!