Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

computer shuts down


  • This topic is locked This topic is locked
5 replies to this topic

#1 nats4584

nats4584

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 04 February 2009 - 01:49 AM

sometimes when I am on the computer, it just shuts down, with applications up and everything. There are also pop ups that have been popping up way more frequently, vidshadow or something like that, and adcpx thing. please help

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:03 AM

Posted 04 February 2009 - 01:14 PM

The symptoms you describe could be symptomatic of a variety of things to include hardware/software issues, overheating caused by a failed processor fan, bad memory (RAM), failing or underpowered power supply, CPU overheating, motherboard, video card, faulty or unsigned device drivers, CMOS battery going bad, BIOS and firmware problems, dirty hardware components, programs hanging or unresponsive in the background, and even malware. If the computer is overheating, it usually begins to shutdown/restart on a more regular basis.

Some rootkits can trigger BSODs, shutdowns and various stop error/shutdown messages so it would also be wise to perform a scan for this type of malware. If you are experiencing a lot of crashes and not finding anything in Event Viewer or from troubleshooting the error messages, then perform an anti-rootkit scan to at least investigate that as a possible cause.Before performing an ARK scan it is recommended to do the following to ensure more accurate results and avoid common issues that may cause false detections.
  • Disconnect from the Internet or physically unplug you Internet cable connection.
  • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
  • Temporarily disable your anti-virus and real-time anti-spyware protection.
  • After starting the scan, do not use the computer until the scan has completed.
  • When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.
Note: Not all hidden components detected by ARKs are malicious. It is normal for a Firewall, some Anti-virus and Anti-malware software (ProcessGuard, Prevx1, AVG AS), sandboxes, virtual machines and Host based Intrusion Prevention Systems (HIPS) to hook into the OS kernal/SSDT in order to protect your system. You should not be alarmed if you see any hidden entries created by these software programs after performing a scan.

Then print out and follow the Instructions for using Malwarebytes Anti-Malware (scroll down).
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 nats4584

nats4584
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 09 February 2009 - 03:41 PM

Nothing cam up for both scans....

Malwarebytes' Anti-Malware 1.33
Database version: 1725
Windows 5.1.2600 Service Pack 2

2/9/2009 11:54:02 AM
mbam-log-2009-02-09 (11-54-02)

Scan type: Quick Scan
Objects scanned: 69521
Time elapsed: 7 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:03 AM

Posted 10 February 2009 - 09:33 AM

How old is your system? As I stated earlier:

The symptoms you describe could be symptomatic of a variety of things to include hardware/software issues, overheating caused by a failed processor fan, bad memory (RAM), failing or underpowered power supply, CPU overheating, motherboard, video card, faulty or unsigned device drivers, CMOS battery going bad, BIOS and firmware problems, dirty hardware components, programs hanging or unresponsive in the background, and even malware. If the computer is overheating, it usually begins to shutdown/restart on a more regular basis.

If you're not finding any malware then its sounds like one of the latter problems.

When was the last time you cleaned the inside of your computer? Dust restricts the airflow and prevents proper cooling. This in turn can cause overheating and faulty processor fans which can result in unexpected shutdowns, random restarts, booting problems, etc.
  • Open your machine, check all the connections and make sure the fans are all operational.
  • Remove the CPU's cooling unit and clean the fins on the heat sink that sits under the CPU with a can of compressed air.
  • Inspect the thermal compound between the CPU and heat sink as it can deteriorate over time so. You may need to remove it, scrape away the old thermal gel that makes contact with the processor, then apply a very thin coat of fresh thermal gel on the surface and fit the heat sink back in place again.
  • Feel the CPU heatsink when it powers down. It should be warm to very warm but not hot.
  • Monitor the temperature of your CPU, motherboard, hard disks, voltages, and fan speeds.
See "Cleaning the Interior of your PC" and "Getting The Grunge Out Of Your PC".

If the video card needs replacing, see "Illustrated How to Replace an AGP Video Card".
Note: Some video cards can generate such intense heat while playing games with high quality graphics that they require a separate cooling system. If that fan fails, the video processor will not be far behind and your system may start crashing.

When Windows XP detects a problem from which it cannot recover, it displays Stop Error Messages which contain specific information that can help diagnose and resolve the problem detected by the Windows kernel. An error message can be related to a broad number of problems such as driver conflicts, hardware issues, read/write errors, and software malfunctions. In Windows XP, the default setting is for the computer to reboot automatically when a fatal error or crash occurs. You should be able to see the error by looking in the Event Log or reading the memory dump file.You can then gather more information doing a Google search of the Event ID or searching these links:An alternative is to turn off the automatic reboot feature so you can actually see the error code/STOP Message when it happens - this is also known as the Blue Screen Of Death (BSOD).

To change the recovery settings and Disable Automatic Rebooting, go to Start > Run and type: sysdm.cpl
Click Ok or just press WINKEY + Pause/Break keys to bring up System Properties.
  • Go to the Advanced tab and under "Startup and Recovery", click on the "Settings" button and go to "System failure".
  • Make sure "Write an event to the system log" is checked and that "Automatically restart" is unchecked.
  • Click "OK" and reboot for the changes to take effect.
Note: You can also do this by booting into "Safe Mode" and selecting the "Disable automatic restart on system failure" option if you have SP2 installed.

Doing this won't cure your problem but instead of crashing and restarting you will get a blue diagnostic screen with an error code and other information to include file(s) that may be involved which will allow you to better trace your problem. Write down the full error code and the names of any files/drivers listed, then provide that information in your next reply so we can assist you with investigating the cause.

You can also use the links below to investigate and troubleshoot.Look for problem entries (colored coded symbols) in Device Manager as described here. Check for any updates that may be available for your drivers. Driver issues are a known source of conflicts that can cause stop errors and BSODs. If you need to update a driver, a convenient place to start is at DriverGuide.com or MrDriver.com. If you're not sure how to update a driver, please read How to update a Windows hardware driver and How to manage devices in Windows XP.

Other Troubleshooting Tools:
Download and run Motherboard Monitor 5. If Motherboard Monitor's seems to be reporting high temperatures for your CPU check to see what your max CPU temp is from here.

You can also use NextSensor to check temperature and voltage or SpeedFan to monitor voltages, fan speed, SMART status, and temperatures. SpeedFan can help you investigate the reasons for an unpredictable reboot or for a failing hard disk as well as whether you are likely to experience temperature related issues.

Suggestions for troubleshooting power supply, video card, CPU, RAM, MB and hard drive:You can use BurnInTest to stress test the CPU, hard drives, RAM, CD-ROMs, CD burners, DVDs, sound cards, graphics, network connection, printers, video playback. This utility works on all Windows versions to include Vista (32-bit & 64-bit).

Another option is to use Microsoft's Online Crash Analysis. The Windows Memory Diagnostic tests the RAM for errors with a comprehensive set of diagnostic memory tests or you can test your RAM with either of the following tools:

Memtest86+ and follow the instructions to Diagnose with Memtest86+.
Once a bootable disk is made, just leave it in the drive and reboot your computer. However, before rebooting, you need to enter the BIOS setup and make sure that the Boot Order is set so that your first boot device is either the floppy drive or the CD-ROM drive, depending on which type of disk you made. If necessary, change the boot order, save your changes, and exit Setup. When the machine restarts it should boot from your Memtest disk, and the program will start automatically.

Memtest86.
Download ISO images for creating a bootable Memtest86 CD-ROM or an installable from Windows/DOS to create a bootable floppy disk or usb flash drive. Read the directions under Technical Info and allow Memtest86 to run through the entire battery of tests for at least 4 full passes (or let it run overnight). Any errors indicate that there is likely a problem with your physical memory (RAM).

Note: If you need to replace your RAM and unsure what type you current have, then use the Crucial System Scanner.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 nats4584

nats4584
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 13 February 2009 - 10:43 PM

Here are some of the warnings that I got from Event Log

Event Type: Warning
Event Source: Tcpip
Event Category: None
Event ID: 4226
Date: 2/13/2009
Time: 17:45:37
User: N/A
Computer: NATALIE
Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 01 00 54 00 ......T.
0008: 00 00 00 00 82 10 00 80 ....‚..€
0010: 01 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

Event Type: Error
Event Source: Application Hang
Event Category: (101)
Event ID: 1002
Date: 2/13/2009
Time: 18:43:15
User: N/A
Computer: NATALIE
Description:
Hanging application iexplore.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 48 61 6e 67 ion Hang
0010: 20 20 69 65 78 70 6c 6f iexplo
0018: 72 65 2e 65 78 65 20 36 re.exe 6
0020: 2e 30 2e 32 39 30 30 2e .0.2900.
0028: 35 35 31 32 20 69 6e 20 5512 in
0030: 68 75 6e 67 61 70 70 20 hungapp
0038: 30 2e 30 2e 30 2e 30 20 0.0.0.0
0040: 61 74 20 6f 66 66 73 65 at offse
0048: 74 20 30 30 30 30 30 30 t 000000
0050: 30 30 00

Event Type: Error
Event Source: Media Center Extender Services
Event Category: None
Event ID: 36864
Date: 2/12/2009
Time: 09:42:38
User: N/A
Computer: NATALIE
Description:
The description for Event ID ( 36864 ) in Source ( Media Center Extender Services ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: 0x80004005.

Event Type: Warning
Event Source: System.ServiceModel.Install 3.0.0.0
Event Category: None
Event ID: 0
Date: 2/12/2009
Time: 03:12:57
User: N/A
Computer: NATALIE
Description:
Configuration section system.serviceModel.activation already exists in c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Warning
Event Source: ASP.NET 2.0.50727.0
Event Category: Setup
Event ID: 1020
Date: 2/12/2009
Time: 03:11:34
User: N/A
Computer: NATALIE
Description:
Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Warning
Event Source: System.ServiceModel.Install 3.0.0.0
Event Category: None
Event ID: 0
Date: 2/12/2009
Time: 03:04:37
User: N/A
Computer: NATALIE
Description:
HttpHandlers node *.svc does not exist in System.Web section group.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Warning
Event Source: Avira AntiVir
Event Category: Infection
Event ID: 4113
Date: 2/11/2009
Time: 21:28:04
User: NT AUTHORITY\SYSTEM
Computer: NATALIE
Description:
The description for Event ID ( 4113 ) in Source ( Avira AntiVir ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: HTML/Crypted.Gen, C:\Documents and Settings\Natalie Roberts\Local Settings\Temporary Internet Files\Content.IE5\CX67GLM3\get[1].htm, , .

Event Type: Warning
Event Source: WinMgmt
Event Category: None
Event ID: 5603
Date: 2/11/2009
Time: 12:15:39
User: NT AUTHORITY\SYSTEM
Computer: NATALIE
Description:
A provider, Rsop Planning Mode Provider, has been registered in the WMI namespace, root\RSOP, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Application Error
Event Category: None
Event ID: 1000
Date: 2/8/2009
Time: 22:11:24
User: N/A
Computer: NATALIE
Description:
Faulting application iexplore.exe, version 6.0.2900.2180, faulting module unknown, version 0.0.0.0, fault address 0x0002028f.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 69 65 78 ure iex
0018: 70 6c 6f 72 65 2e 65 78 plore.ex
0020: 65 20 36 2e 30 2e 32 39 e 6.0.29
0028: 30 30 2e 32 31 38 30 20 00.2180
0030: 69 6e 20 75 6e 6b 6e 6f in unkno
0038: 77 6e 20 30 2e 30 2e 30 wn 0.0.0
0040: 2e 30 20 61 74 20 6f 66 .0 at of
0048: 66 73 65 74 20 30 30 30 fset 000
0050: 32 30 32 38 66 0d 0a 2028f..

Event Type: Error
Event Source: Application Hang
Event Category: (101)
Event ID: 1002
Date: 2/9/2009
Time: 23:20:31
User: N/A
Computer: NATALIE
Description:
Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 48 61 6e 67 ion Hang
0010: 20 20 49 45 58 50 4c 4f IEXPLO
0018: 52 45 2e 45 58 45 20 36 RE.EXE 6
0020: 2e 30 2e 32 39 30 30 2e .0.2900.
0028: 32 31 38 30 20 69 6e 20 2180 in
0030: 68 75 6e 67 61 70 70 20 hungapp
0038: 30 2e 30 2e 30 2e 30 20 0.0.0.0
0040: 61 74 20 6f 66 66 73 65 at offse
0048: 74 20 30 30 30 30 30 30 t 000000
0050: 30 30 00

Also, I keep having the same pop up repeatadly pop up, up 30 times, while I was away from my computer. Thanks for the help!

#6 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:05:03 AM

Posted 17 February 2009 - 01:07 PM

As you currently have an active log posted in the HiJackThis forums you should not attempt any other fixes unless so advised by the helper there. As such, this topic is closed.
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users