| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 93816 | 2008-10-01 22:16:00 | Computer doesn't shut down | raydan42 (13837) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 709160 | 2008-10-01 22:16:00 | Hi . My computer has recently been attacked by a virus, and I am slowly building it back to full workings again . The virus has been removed, and I have fixed some things, but am struggling with a lot of other problems . The most important one being that my computer does not switch off properly . I click shut down, and the computer commences with shut down, until near the end, where it just sits and gathers dust . The red light on the front of my PC stops flashing, and nothing happens . I have left the PC for more than an entire night, and it still hasn't shut down . This has happened a couple of times, ending with me switching the plug off . I run XP, with all the latest updates . I would really like to find out hoe to switch off, as my PC has been running for 2 days so far . Thanks . |
raydan42 (13837) | ||
| 709161 | 2008-10-01 22:56:00 | Building it back how exactly? Did you clean it out or do a fresh install? Or worse install over the top of itself? If you cleaned it out what did you use to do so? Its not shutting down because it can't close something - what is what we need to establish - and we need more info from you. Also whats its specs? |
pctek (84) | ||
| 709162 | 2008-10-01 23:41:00 | OK Ray - first thing would be to download Hijack This (in my sig) and do a scan saving a log Then post the complete log back here and we can see where to start |
bevy121 (117) | ||
| 709163 | 2008-10-02 21:25:00 | Building it back how exactly? Did you clean it out or do a fresh install? Or worse install over the top of itself? If you cleaned it out what did you use to do so? Its not shutting down because it can't close something - what is what we need to establish - and we need more info from you . Also whats its specs? I am fixing the errors, for example, my DVD Rom isn't working, so I'm trying to fix it . :dogeye: It has 648MB RAM, 120GB & 20GB (Main) hard drives, 1 . 7 GHz, DVD Rom (not recognized by PC (It used to be)) . Need anything else? |
raydan42 (13837) | ||
| 709164 | 2008-10-02 21:31:00 | Here is the Log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:04, on 3/10/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\EPSON\ESM2\eEBSVC.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe R:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\D-Link\AirPlus G\AirGCFG.exe C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe R:\Program Files\Nero\Nero 7\InCD\InCD.exe C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe R:\Program Files\Winamp\winampa.exe C:\WINDOWS\system32\kek.exe C:\Documents and Settings\Vision Media\Local Settings\Application Data\Google\Update\GoogleUpdate.exe R:\Program Files\uTorrent\uTorrent.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe R:\Corel\Graphics8\Programs\MFIndexer.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS\System32\svchost.exe R:\Program Files\PowerArchiver\PASTARTER.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Mozilla Thunderbird\thunderbird.exe C:\Documents and Settings\Vision Media\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Vision Media\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Vision Media\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Vision Media\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Vision Media\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer - When Mozilla Firefox Gives Problems R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\ Yahoo! \Companion\Installs\cpn\yt.dll R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file) O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\ Yahoo! \Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {265E6540-2B95-4A81-9AF9-1456522F975B} - (no file) O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - R:\Program Files\Real Player\rpbrowserrecordplugin.dll O2 - BHO: (no name) - {3CD89079-9719-4554-A2DC-22B53E5A46A0} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: {d6571a96-dd52-f8ca-fb04-773727bdfd9a} - {a9dfdb72-7377-40bf-ac8f-25dd69a1756d} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.5470\sw g.dll O2 - BHO: (no name) - {EC7910F9-B6DD-46ED-8A82-755764529A3C} - (no file) O3 - Toolbar: (no name) - {81705D67-3F73-4983-859B-97D0922E5ABE} - (no file) O3 - Toolbar: (no name) - {BC591F2C-E443-4333-8AC9-CE77EDA05849} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\ Yahoo! \Companion\Installs\cpn\yt.dll O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL O3 - Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - (no file) O3 - Toolbar: (no name) - {C3FCD4C3-09EA-42DA-BED3-5452445EF824} - (no file) O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [D-Link AirPlus G] "C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" O4 - HKLM\..\Run: [ANIWZCS2Service] "C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [InCD] R:\Program Files\Nero\Nero 7\InCD\InCD.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\M3PLUGIN.DLL,UPF O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=0 O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe O4 - HKLM\..\Run: [WinampAgent] "R:\Program Files\Winamp\winampa.exe" O4 - HKCU\..\Run: [kek] c:\WINDOWS\system32\kek.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Vision Media\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [uTorrent] "R:\Program Files\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [PowerArchiver Tray] R:\Program Files\PowerArchiver\PASTARTER.EXE O4 - HKLM\..\Policies\Explorer\Run: [v90g4HU1jy] C:\Documents and Settings\All Users\Application Data\uforunuf\ybyvwvkz.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: BoosterTray.lnk = C:\Program Files\RingThree\bin\BoosterTray.exe O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = R:\Corel\Graphics8\Programs\MFIndexer.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: &Search - edits.mywebsearch.com O8 - Extra context menu item: E&xport to Microsoft Excel - res://R:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - www.explorertool.net (file missing) O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - www.explorertool.net (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - R:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.google.co.nz O15 - Trusted Zone: http://www.trademe.co.nz O15 - Trusted Zone: http://www.wikipedia.org O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\ Yahoo! \Common\yinsthelper.dll O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - update.microsoft.com O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} (HPSDDX Class) - www.hp.com O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - messenger.zone.msn.com O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\WINDOWS\system32\__c002FFBA.dat O20 - Winlogon Notify: rqRIyYRJ - rqRIyYRJ.dll (file missing) O20 - Winlogon Notify: sqanobxr - sqanobxr.dll (file missing) O20 - Winlogon Notify: yayyXqqO - yayyXqqO.dll (file missing) O21 - SSODL: DriveSrv - {ec002be9-334e-48aa-ae6f-c7a25f4951a2} - (no file) O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\EPSON\ESM2\eEBSVC.exe O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - R:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwssvc.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: PVM Service - Unknown owner - C:\Program Files\RingThree\bin\pvmservice.exe (file missing) O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm -- End of file - 12846 bytes |
raydan42 (13837) | ||
| 709165 | 2008-10-02 21:33:00 | I post this info believing you will not abuse it!! | raydan42 (13837) | ||
| 709166 | 2008-10-02 21:50:00 | This PC is riddled with spyware, and a few other nasties - mainly my Web search - I could post all the infections but it will be quicker to do the following - Rerun Hijackthis - tick and then remove the following entries - this will remove the missing /empty files but not the myweb search. Removing the entries if I posted wouldn't remove the problem, it will come right back and bite again. O2 - BHO: (no name) - {265E6540-2B95-4A81-9AF9-1456522F975B} - (no file) O2 - BHO: (no name) - {3CD89079-9719-4554-A2DC-22B53E5A46A0} - (no file) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: {d6571a96-dd52-f8ca-fb04-773727bdfd9a} - {a9dfdb72-7377-40bf-ac8f-25dd69a1756d} - (no file) O2 - BHO: (no name) - {EC7910F9-B6DD-46ED-8A82-755764529A3C} - (no file) O3 - Toolbar: (no name) - {81705D67-3F73-4983-859B-97D0922E5ABE} - (no file) O3 - Toolbar: (no name) - {BC591F2C-E443-4333-8AC9-CE77EDA05849} - (no file) O3 - Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - (no file) O3 - Toolbar: (no name) - {C3FCD4C3-09EA-42DA-BED3-5452445EF824} - (no file) O20 - Winlogon Notify: rqRIyYRJ - rqRIyYRJ.dll (file missing) O20 - Winlogon Notify: sqanobxr - sqanobxr.dll (file missing) O20 - Winlogon Notify: yayyXqqO - yayyXqqO.dll (file missing) O21 - SSODL: DriveSrv - {ec002be9-334e-48aa-ae6f-c7a25f4951a2} - (no file) O23 - Service: PVM Service - Unknown owner - C:\Program Files\RingThree\bin\pvmservice.exe (file missing) O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm Disable system Restore - Right click My Computer/Properties/ Restore tab disable. Get Ccleaner from my sig, install and run. Then From My Sig, download and run Malwarebytes & Spybot S&D - update and run Malware bytes in full scan mode. once both have been run, post back another Hijack Log. This should take a good couple of hours. Some of these bugs could have been brought in by files downloaded through uTorrent. |
wainuitech (129) | ||
| 709167 | 2008-10-02 21:51:00 | Hopefully Speedy will be along soon to give you full analysis, but there's quite a bit of rubbish in there from what I can see . Start by downloading and running Ccleaner ( . ccleaner . com/download" target="_blank">www . ccleaner . com) . Then disable system restore, and download Trojan remover ( . simplysup . com/tremover/download . html" target="_blank">www . simplysup . com), update it and click the scan button . Once it's finished (may require a reboot), restart it and click all the options under the Utilities menu . Then download, update and run Malwarebytes ( . malwarebytes . org/mbam . php" target="_blank">www . malwarebytes . org) . |
nofam (9009) | ||
| 709168 | 2008-10-02 21:52:00 | Snap WT!! :punk |
nofam (9009) | ||
| 709169 | 2008-10-02 22:02:00 | :lol: Crackle and pop nofam | wainuitech (129) | ||
| 1 2 | |||||