Author Topic: Cannot Reboot  (Read 5461 times)

0 Members and 1 Guest are viewing this topic.

Offline avastprobs

  • Newbie
  • *
  • Posts: 6
Cannot Reboot
« on: May 22, 2008, 01:02:50 AM »
When I started avast, the splash screen came up, and said it was testing my memory. Soon enough, it found a virus, so I asked avast to remove it for me. After avast finished scanning, it said that I should restart my computer so it can perform a check and delete the found virus. When I pressed OK, it said "A required privilege is not held by this client, avast cannot reboot operating system," and the program just ended. It didn't restart or anything. Can someone help me, please?

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67247
Re: Cannot Reboot
« Reply #1 on: May 22, 2008, 01:23:52 AM »
You need to login as an administrator to schedule a boot time scanning.
Are you using Windows XP/Vista?
Start avast! > Right click the skin > Schedule a boot-time scanning.
Select for scanning archives.
Boot.
If infected files are found, it's safer to send them to Chest instead of deleting them.
This way you can further analysis them.

I also suggest:

1. Disable System Restore and reenable it after step 3.
2. Clean your temporary files.
3. Use SUPERantispyware, MBAM or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
4. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
5. Make a HijackThis log to post here or, better, submit the RunScanner log to to on-line analysis.
6. Immunize your system with SpywareBlaster or Windows Advanced Care.
7. Check if you have insecure applications with Secunia Software Inspector.
The best things in life are free.

Offline avastprobs

  • Newbie
  • *
  • Posts: 6
Re: Cannot Reboot
« Reply #2 on: May 22, 2008, 02:38:24 AM »
I'm using Vista.

It says the boot-time scan is already scheduled, but nothing seems to happen when I boot.

How do I disable system restore?

Are the temporary files the files in Application Data? Can I delete all of those?

I'm running Spyware Terminator now. It's finding many infected files. None critical, though.

I'll run avast antiroot after Spyware Terminator, since it's asking me to close all programs before starting.

What's a hijackthis log? a type of spyware remover?

I downloaded Spyware Blaster.

I also scanned with Secunia.


Offline rassel

  • Avast Evangelist
  • Poster
  • ***
  • Posts: 468
  • Avast always the best choice
    • www.avast.com
Re: Cannot Reboot
« Reply #3 on: May 22, 2008, 11:00:27 AM »
Quote
How do I disable system restore?
Right click My Computer>Properties>System Restore Tab>Turn Off system Restore and for more information go check here

Quote
Are the temporary files the files in Application Data? Can I delete all of those?

Only the useless.
« Last Edit: May 22, 2008, 11:04:04 AM by rassel »

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67247
Re: Cannot Reboot
« Reply #4 on: May 22, 2008, 04:29:25 PM »
How do I disable system restore?
Disable System Restore on Windows ME, XP or Vista. System Restore cannot be disabled on Windows 9x and it's not available in Windows 2k. After boot you can enable System Restore again after step 3. To use System Restoration it's necessary to disable avast! self-protection: avast! settings > Troubleshooting > Disable avast! self-defence module then start a System Restore.

Are the temporary files the files in Application Data? Can I delete all of those?
You can use CleanUp or the Windows Advanced Care features for that.

What's a hijackthis log? a type of spyware remover?
http://www.hijackthis.de/en
The best things in life are free.

Offline avastprobs

  • Newbie
  • *
  • Posts: 6
Re: Cannot Reboot
« Reply #5 on: May 23, 2008, 01:06:32 AM »
I downloaded hijackthis, and scanned with it, but I don't know what to delete.

Also, why should I disable system restore? Isn't that a bad thing?

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67247
Re: Cannot Reboot
« Reply #6 on: May 23, 2008, 02:54:59 PM »
I downloaded hijackthis, and scanned with it, but I don't know what to delete.
There are a lot of 'automatic' hijackthis log analyzers that could help. Other people can do it here. Sorry, I'm not an expert on it.

Also, why should I disable system restore? Isn't that a bad thing?
You will disable and then enable again. You will delete the infected restore points, a trick that a lot of viruses use to come back and reinfect the system.
The best things in life are free.

Offline avastprobs

  • Newbie
  • *
  • Posts: 6
Re: Cannot Reboot
« Reply #7 on: May 24, 2008, 12:29:03 AM »
Oh, okay. I'll disable system restore for a little while then.

I used hijackthis, and I accidentally deleted something important. It was a dll, and I think it was the one that controls my laptop's built-in mouse pad. The dll's name was "fccdefeb.dll" If anyone can help me get this back, that would be great. Maybe a website to download dll's? I have a compaq, by the way.


Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67247
Re: Cannot Reboot
« Reply #8 on: May 24, 2008, 12:59:47 AM »
Maybe a website to download dll's? I have a compaq, by the way.
Maybe http://www.dll-download.net/
Or into Compaq drivers download page ;)
The best things in life are free.

Offline avastprobs

  • Newbie
  • *
  • Posts: 6
Re: Cannot Reboot
« Reply #9 on: May 24, 2008, 07:18:53 AM »
That didn't have the dll I needed...

Offline rassel

  • Avast Evangelist
  • Poster
  • ***
  • Posts: 468
  • Avast always the best choice
    • www.avast.com
Re: Cannot Reboot
« Reply #10 on: May 24, 2008, 08:38:31 AM »
Quote
That didn't have the dll I needed...

Well i helped you to search for that dll and there's no answer provided.

Can you make a system restore to the previous?

Than redo everything as Tech said.

Quote
also suggest:

1. Disable System Restore and reenable it after step 3.
2. Clean your temporary files.
3. Use SUPERantispyware, MBAM or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
4. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
5. Make a HijackThis log to post here or, better, submit the RunScanner log to to on-line analysis.
6. Immunize your system with SpywareBlaster or Windows Advanced Care.
7. Check if you have insecure applications with Secunia Software Inspector.

OR you can get some help to search for that dll on some website ect. Computing
« Last Edit: May 24, 2008, 08:45:32 AM by rassel »

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: Cannot Reboot
« Reply #11 on: May 24, 2008, 09:34:56 AM »
A little tip.

When you delete/fix something with HJT, you do not remove the file or dll or whaatever. It's just the registry key, that can be restored. Looking at the name of the file, I don't think it's a good one to have around. BTW, the dll is still on your computer if one of the other programs you ran didn't remove it.

Post your HJT log and don't fix anything else with it untill advised to  do so.

Offline avastprobs

  • Newbie
  • *
  • Posts: 6
Re: Cannot Reboot
« Reply #12 on: May 24, 2008, 06:01:12 PM »
Well, I don't think there's any hope for my lost dll, but here's my log file:

Quote
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:59:53 AM, on 5/24/2008
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Progs\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
C:\Progs\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Progs\Alwil Software\Avast4\ashDisp.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Progs\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
C:\PROGS\MOZILL~1\FIREFOX.EXE
C:\Progs\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [OpwareSE4] "C:\Progs\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [AAWTray] C:\Progs\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\Progs\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O9 - Extra button: CyberFlash - {696bbd5a-950e-445b-b9c9-dfc7b9f3cfc6} - (no file)
O9 - Extra 'Tools' menuitem: CyberFlash - {696bbd5a-950e-445b-b9c9-dfc7b9f3cfc6} - (no file)
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - (no file)
O20 - Winlogon Notify: DfLogon - LogonDll.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Progs\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Progs\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Progs\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Progs\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Progs\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7011 bytes

Thank you.

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: Cannot Reboot
« Reply #13 on: May 24, 2008, 08:45:27 PM »
Hi
This log looks free from malware. There are several entries to legitimate programs with missing files.

Since you didn't say which file avast removed, we can't be sure it wasn't the dll you are concerned with.

If you do a google search for fccdefeb.dll , you will see that file does not exist anywhere. If it were compaq related the internet would be full of references to it.

What symptoms are you experiencing?

Quote
Also, why should I disable system restore? Isn't that a bad thing?

Normally system restore is left on untill after the system  is cleaned. Then the old infected restore points are removed. This way if a problem is encountered, there still is a way back.

Quote
"A required privilege is not held by this client, avast cannot reboot operating system,"

This may very well be vista rights related.