Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

computer won't shut down


  • Please log in to reply
19 replies to this topic

#1 dreamwalk

dreamwalk

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:33 PM

Posted 09 August 2009 - 12:52 PM

Helping a friend with computer problems. I was called in because the computer won't stay shut down and my friend wondered if she had a virus. If you click start>turn off>turn off , the computer reacts as if you clicked start>turn off>restart.

This computer has WinXP Home. Using AVG 8.5 and Windows Defender. Manually scanned with AVG, but nothing detected. Also, I've run Malwarebytes Antimalware that only found a few cookies. I installed several overdue updates over the last couple of days including SP 3 and IE 8, but none of those had an effect.

I've tried shutting down from Task Manager. Once again, it goes through the shut down process, then starts back up again as if I selected restart. The only way to turn it off is to cut the power--either (1) hold in the power button until it dies or (2) unplug it. Not the best way to turn off a computer as I'm sure you will agree.

There was another issue where an earlier installed antivirus (Defender Pro 2008 5-in-1) didn't want to be completely uninstalled and AVG wouldn't install with it there. I'd tried their tech support with no luck and finally found (or rather was shown) the cure in the BC Antivirus forum. (Romeo29 is "King of the Lab" :thumbsup: and after solving the antivirus problem, he suggested this forum as the best place for posting this issue.)

Thanks in advance for all the help and suggestions, you folks are the greatest.

Paula the admiring
No trees were killed in the creation of this message, but a number of electrons were diverted from their chosen path

BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 55,246 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:07:33 PM

Posted 09 August 2009 - 01:56 PM

Troubleshooting Windows XP Shutdown Issues - http://www.theeldergeek.com/shutdown_issues_in_xp.htm

Scroll through to see if you find your situation.

Louis

#3 dreamwalk

dreamwalk
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:33 PM

Posted 09 August 2009 - 05:41 PM

Did not find my situation here. At least, not that I could recognize. The site suggests that the issue could be a hardware conflict. So I checked Device Manager and sure enough there's a problem. The SM Bus Controller wasn't happy. I tried to install a driver. It couldn't find one. I have the WinXP Home System Recovery CD/DVD that came with computer. As near as I can tell, this one will "merely" reset computer to when it came out of the box, losing all data, etc. (I've been calling it my last resort cd.)

Anyway, when I couldn't install a driver, I tried disabling it. That didn't help either.

Still working on the hardware possibility, I checked with friend (owner) and she said that the only thing that had been added was a new sound card, and possibly a printer (HP Deskjet 3740). The only other thing she's plugged into it is an ipod charger. I asked when the sound card and printer were added vs. when the problem started. She said the problem started about the time she got the computer back from the local computer fix it shop who installed her sound card (second person who's told me they are never going there again). But there are no apparent issues with the sound card showing in Device Manager. I looked at all the Sound hardware drivers listed in Device Manager and they all had Microsoft's name on them somewhere.

I also uninstalled the printer using add/remove programs (just in case) as follows :
Uninstalled HP Deskjet 3740
Restart
Uninstalled HP Product Detection
Uninstalled HP Software Updater
Turned off the computer

And then it restarted itself again :thumbsup:

I've looked in the Admin Tools Event Viewer. Every time it reboots, the following two warnings are posted in the Applications Error Records.

Source: Userenv
User: NT AUTHORITY\SYSTEM
Event ID: 1517
Windows saved user OWNER-B2AB92955\Owner registry while an application or service was still using the registry during log off. The memory used by the user's registry has no been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.


Source: Userenv
User: OWNER-B2AB92955\Owner
Event ID: 1524
Windows cannot unload your classes registry file - it is still in use by other applications or services. the will be unloaded when it is no longer in use.


A poster at the elder geek site said he'd had something similar with a newly installed printer. He turned off fax services and seemed to fix it. That's why I tried uninstalling the printer (see above). But as I said, that didn't help either.

How can I tell what has a hold of the registry and more importantly, how do I convince whatever it is to let go???

Paula the perplexed
No trees were killed in the creation of this message, but a number of electrons were diverted from their chosen path

#4 .dll

.dll

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:33 PM

Posted 09 August 2009 - 06:18 PM

Try logging on in Safe Mode, then click "Turn Off". That should tell you if it's a virus or a problem with your computer.

-.dll

#5 hamluis

hamluis

    Moderator


  • Moderator
  • 55,246 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:07:33 PM

Posted 09 August 2009 - 06:34 PM

Step One:

Right-click My Computer, and then click Properties.

On the Advanced tab, click Settings under Startup and Recovery.

Clear the Automatically restart check box under System failure, and then click OK. The error message should remain on the screen so that you can record the error information.

Do so and post it when the system reboots rather than shutting down.

FW: The SM Bus Controller should install with the chipset/basic system drivers.

System manufacturer and model?

Louis

#6 Stang777

Stang777

    Just Hoping To Help


  • Members
  • 1,821 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:33 PM

Posted 09 August 2009 - 06:40 PM

The first error you posted from Event Viewer is one that I get too, always have, but I have no problems with my computer. My computer shuts down just fine so I doubt that one has anything to do with the problems you are experiencing.

#7 dreamwalk

dreamwalk
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:33 PM

Posted 09 August 2009 - 08:20 PM

To .dll:
I've logged in to safe mode, same result. Also ran AVG and MalwareBytes from safe mode, they found nothing new. :thumbsup:


To hamluis:
I had already cleared the Automatically restart on System Failure check box per elder geek website (my bad, should have told you that). Turning off the computer shows no error message :flowers: What happens is as follows:

After a few moments, the computer begins shut down
WinXP logo screen with "Logging off"
WinXP logo screen with "saving your settings"
WinXP logo screen with "Windows is shutting down"
Computer is off for almost a second
then boot process begins
eMachine splash with bios and boot menu f keys info
black screen for a second or so
Loading screen- the black one with the Win logo and the blue bar running across the bottom
"Windows is starting up" (on the blue screen with darker blue bars at top and bottom)
"Welcome" (on the blue screen with darker blue bars at top and bottom)
Desktop appears and the busy hourglass (startup items loading?)

The only thing I noticed is that when the black screen with the Win logo and the blue bar running across the bottom comes up, after a second it does a little flicker-makes me think of the animation you'd see for turning a page in a book only the screen doesn't change. Another second and the "Windows is starting up" appears. If you don't have your eyes glued to the screen you miss it. I think I've only noticed it because I've turned it off and watched it reboot several times, watching for an error message after clearing the Automatically restart on Sys Failure check box, .

No part of the boot up seems to take an inordinately long time. The whole computer is a little slow but not considering a Celeron processor that's been around more than a couple of years and too little RAM.

Sys Info is:

eMachine T3504
Sticker on front says of computer says:
3.2GHZ Celeron D processor | 533 Mhz FSB 512 KB L2 cache
256 MB DDR SDRAM (sys info in My Computer properties says 368MB. Some must have been added, although owner doesn't know when or if. Could this be problem or part of problem?)

Paula the puzzled
No trees were killed in the creation of this message, but a number of electrons were diverted from their chosen path

#8 hamluis

hamluis

    Moderator


  • Moderator
  • 55,246 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:07:33 PM

Posted 10 August 2009 - 09:25 AM

What errors are reflected in Event Viewer (last 5)? There probably won't be any on the Security tab, but if there are post such.

Tab, Event ID, Source, Category for each.

How To Use Event Viewer - http://www.bleepingcomputer.com/forums/t/40108/how-to-use-event-viewer/

Louis

Edited by hamluis, 10 August 2009 - 09:25 AM.


#9 dreamwalk

dreamwalk
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:33 PM

Posted 10 August 2009 - 09:34 PM

Did you mean list the last ERRORS or the last five items? Here are the errors.

The last five Application Errors are as follows:
APP ERROR #1
Event Type: Error
Event Source: Application Error
Event Category: (100)
Event ID: 1000
Date: 8/9/2009
Time: 5:25:35 PM
User: N/A
Computer: OWNER-B2AB92955
Description:
Faulting application hpdj00.exe, version 2.323.0.0, faulting module unknown, version 0.0.0.0, fault address 0x0012e731.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 68 70 64 ure hpd
0018: 6a 30 30 2e 65 78 65 20 j00.exe
0020: 32 2e 33 32 33 2e 30 2e 2.323.0.
0028: 30 20 69 6e 20 75 6e 6b 0 in unk
0030: 6e 6f 77 6e 20 30 2e 30 nown 0.0
0038: 2e 30 2e 30 20 61 74 20 .0.0 at
0040: 6f 66 66 73 65 74 20 30 offset 0
0048: 30 31 32 65 37 33 31 012e731


APP ERROR #2
Event Type: Error
Event Source: MPSampleSubmission
Event Category: None
Event ID: 5000
Date: 8/7/2009
Time: 2:08:44 AM
User: N/A
Computer: OWNER-B2AB92955
Description:
EventType mptelemetry, P1 80240016, P2 begininstall, P3 install, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 6d 00 70 00 74 00 65 00 m.p.t.e.
0008: 6c 00 65 00 6d 00 65 00 l.e.m.e.
0010: 74 00 72 00 79 00 2c 00 t.r.y.,.
0018: 20 00 38 00 30 00 32 00 .8.0.2.
0020: 34 00 30 00 30 00 31 00 4.0.0.1.
0028: 36 00 2c 00 20 00 62 00 6.,. .b.
0030: 65 00 67 00 69 00 6e 00 e.g.i.n.
0038: 69 00 6e 00 73 00 74 00 i.n.s.t.
0040: 61 00 6c 00 6c 00 2c 00 a.l.l.,.
0048: 20 00 69 00 6e 00 73 00 .i.n.s.
0050: 74 00 61 00 6c 00 6c 00 t.a.l.l.
0058: 2c 00 20 00 31 00 2e 00 ,. .1...
0060: 31 00 2e 00 31 00 35 00 1...1.5.
0068: 39 00 33 00 2e 00 30 00 9.3...0.
0070: 2c 00 20 00 6d 00 70 00 ,. .m.p.
0078: 73 00 69 00 67 00 64 00 s.i.g.d.
0080: 77 00 6e 00 2e 00 64 00 w.n...d.
0088: 6c 00 6c 00 2c 00 20 00 l.l.,. .
0090: 31 00 2e 00 31 00 2e 00 1...1...
0098: 31 00 35 00 39 00 33 00 1.5.9.3.
00a0: 2e 00 30 00 2c 00 20 00 ..0.,. .
00a8: 77 00 69 00 6e 00 64 00 w.i.n.d.
00b0: 6f 00 77 00 73 00 20 00 o.w.s. .
00b8: 64 00 65 00 66 00 65 00 d.e.f.e.
00c0: 6e 00 64 00 65 00 72 00 n.d.e.r.
00c8: 2c 00 20 00 4e 00 49 00 ,. .N.I.
00d0: 4c 00 2c 00 20 00 4e 00 L.,. .N.
00d8: 49 00 4c 00 20 00 4e 00 I.L. .N.
00e0: 49 00 4c 00 0d 00 0a 00 I.L.....


APP ERROR #3
Event Type: Error
Event Source: Application Hang
Event Category: (101)
Event ID: 1002
Date: 8/7/2009
Time: 12:40:25 AM
User: N/A
Computer: OWNER-B2AB92955
Description:
Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 48 61 6e 67 ion Hang
0010: 20 20 69 65 78 70 6c 6f iexplo
0018: 72 65 2e 65 78 65 20 38 re.exe 8
0020: 2e 30 2e 36 30 30 31 2e .0.6001.
0028: 31 38 37 30 32 20 69 6e 18702 in
0030: 20 68 75 6e 67 61 70 70 hungapp
0038: 20 30 2e 30 2e 30 2e 30 0.0.0.0
0040: 20 61 74 20 6f 66 66 73 at offs
0048: 65 74 20 30 30 30 30 30 et 00000
0050: 30 30 30 000


APP ERROR #4
Event Type: Error
Event Source: Application Hang
Event Category: (101)
Event ID: 1002
Date: 8/7/2009
Time: 12:39:29 AM
User: N/A
Computer: OWNER-B2AB92955
Description:
Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 48 61 6e 67 ion Hang
0010: 20 20 69 65 78 70 6c 6f iexplo
0018: 72 65 2e 65 78 65 20 38 re.exe 8
0020: 2e 30 2e 36 30 30 31 2e .0.6001.
0028: 31 38 37 30 32 20 69 6e 18702 in
0030: 20 68 75 6e 67 61 70 70 hungapp
0038: 20 30 2e 30 2e 30 2e 30 0.0.0.0
0040: 20 61 74 20 6f 66 66 73 at offs
0048: 65 74 20 30 30 30 30 30 et 00000
0050: 30 30 30 000


APP ERROR #5
Event Type: Error
Event Source: Application Hang
Event Category: (101)
Event ID: 1002
Date: 8/7/2009
Time: 12:37:31 AM
User: N/A
Computer: OWNER-B2AB92955
Description:
Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 48 61 6e 67 ion Hang
0010: 20 20 69 65 78 70 6c 6f iexplo
0018: 72 65 2e 65 78 65 20 38 re.exe 8
0020: 2e 30 2e 36 30 30 31 2e .0.6001.
0028: 31 38 37 30 32 20 69 6e 18702 in
0030: 20 68 75 6e 67 61 70 70 hungapp
0038: 20 30 2e 30 2e 30 2e 30 0.0.0.0
0040: 20 61 74 20 6f 66 66 73 at offs
0048: 65 74 20 30 30 30 30 30 et 00000
0050: 30 30 30 000


APP ERROR #6
Event Type: Error
Event Source: Application Error
Event Category: (100)
Event ID: 1000
Date: 8/6/2009
Time: 11:41:22 PM
User: N/A
Computer: OWNER-B2AB92955
Description:
Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 64 72 77 ure drw
0018: 74 73 6e 33 32 2e 65 78 tsn32.ex
0020: 65 20 35 2e 31 2e 32 36 e 5.1.26
0028: 30 30 2e 30 20 69 6e 20 00.0 in
0030: 64 62 67 68 65 6c 70 2e dbghelp.
0038: 64 6c 6c 20 35 2e 31 2e dll 5.1.
0040: 32 36 30 30 2e 35 35 31 2600.551
0048: 32 20 61 74 20 6f 66 66 2 at off
0050: 73 65 74 20 30 30 30 31 set 0001
0058: 32 39 35 64 295d



The last five System Errors are as follows:
SYS ERROR #1
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
Date: 8/9/2009
Time: 5:42:10 PM
User: N/A
Computer: OWNER-B2AB92955
Description:
The Application Management service terminated with the following error:
The specified module could not be found.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


SYS ERROR #2
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
Date: 8/9/2009
Time: 5:42:10 PM
User: N/A
Computer: OWNER-B2AB92955
Description:
The Application Management service terminated with the following error:
The specified module could not be found.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


SYS ERROR #3
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
Date: 8/9/2009
Time: 5:42:10 PM
User: N/A
Computer: OWNER-B2AB92955
Description:
The Application Management service terminated with the following error:
The specified module could not be found.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


SYS ERROR #4
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
Date: 8/9/2009
Time: 5:42:10 PM
User: N/A
Computer: OWNER-B2AB92955
Description:
The Application Management service terminated with the following error:
The specified module could not be found.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


SYS ERROR #5
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
Date: 8/9/2009
Time: 5:42:10 PM
User: N/A
Computer: OWNER-B2AB92955
Description:
The Application Management service terminated with the following error:
The specified module could not be found.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.



As for Securtiy Errors, there were Failure Audits listed, are these the errors? All were the same and all occurred whenever I unplugged the cable internet while trying to get the antivirus installed. Each one is like this:

SECURITY FAILURE AUDIT
0Event Type: Failure Audit
Event Source: Security
Event Category: Policy Change
Event ID: 615
Date: 8/10/2009
Time: 8:47:00 PM
User: NT AUTHORITY\NETWORK SERVICE
Computer: OWNER-B2AB92955
Description:
IPSec Services: IPSec Services failed to get the complete list of network interfaces on the machine. This can be a potential security hazard to the machine since some of the network interfaces may not get the protection as desired by the applied IPSec filters. Please run IPSec monitor snap-in to further diagnose the problem.



For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


What else?

Paula the clueless

PS Hope the colors helped sort things out rather than confuse the issue more...
No trees were killed in the creation of this message, but a number of electrons were diverted from their chosen path

#10 hamluis

hamluis

    Moderator


  • Moderator
  • 55,246 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:07:33 PM

Posted 11 August 2009 - 09:25 AM

Event ID 615
Source Security
Type Failure Audit
Description IPSec Services: IPSec Services failed to get the complete list of network interfaces on the machine. This can be a potential security hazard to the machine since some of the network interfaces may not get the protection as desired by the applied IPSec filters. Please run IPSec monitor snap-in to further diagnose the problem.

http://technet.microsoft.com/en-us/library/cc959529.aspx

Hpdj00.exe is not clearly identified in origin, I suggest treating it as malware (lacking more concrete data).

EventType mptelemetry, P1 80240016, P2 begininstall, P3 install, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL: Indicates that Windows Defender is (possibly) not updating properly.

http://support.microsoft.com/kb/328213

Event ID 5000: http://social.technet.microsoft.com/Forums...d3-c5fe2c3212f8

Based on the above...and the IE 8 hang errors...I am going to suggest that your thread be moved to one of the malware forums. I'd like to get confirmation that the system is clean right now, rather than rely on the efforts you've conducted thus far.

Louis

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:33 PM

Posted 11 August 2009 - 10:39 AM

Moved from XP to Am I Infected...
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 dreamwalk

dreamwalk
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:33 PM

Posted 12 August 2009 - 05:43 PM

So, what do I do here? Restate the problem? (See first post.) Not sure what the turn around time is or if I'm supposed to post on arrival.

Paula the Unsure :thumbsup:
No trees were killed in the creation of this message, but a number of electrons were diverted from their chosen path

#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:33 PM

Posted 12 August 2009 - 07:44 PM

Hello and welcome please run these next. If you have Spybot installed temporarily disable it.
Next run ATF:
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

Please download ATF Cleaner by Atribune & save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.

Next run MBAM (MalwareBytes):

NOTE: Before saving MBAM please rename it to zztoy.exe....now save it to your desktop.

Please download Malwarebytes Anti-Malware and save it to your desktop.

alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 dreamwalk

dreamwalk
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:33 PM

Posted 13 August 2009 - 09:18 PM

MalwareBytes didn't find anything.

Malwarebytes' Anti-Malware 1.40
Database version: 2618
Windows 5.1.2600 Service Pack 3

8/13/2009 10:09:01 PM
mbam-log-2009-08-13 (22-09-01).txt

Scan type: Quick Scan
Objects scanned: 92475
Time elapsed: 7 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


I await your next instructions, O Wise One.

Paula the Obedient
No trees were killed in the creation of this message, but a number of electrons were diverted from their chosen path

#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:33 PM

Posted 13 August 2009 - 09:26 PM

Hello faithful dreamer
That was good nothing found, next we'll see if there are rootkits.

We Need to check for Rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract RootRepeal.exe from the archive.
  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users