Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Shutdown.........


  • Please log in to reply
7 replies to this topic

#1 Toria123

Toria123

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:44 PM

Posted 26 November 2011 - 10:46 AM

I turned my pc on today and once it had booted up i turned the monitor on i noticed a warning box (never ever seen this before) telling me my computer was being shutdown and there was a countdown, i paniced a bit so i cant really remember what it said but i remember something like NT Authority system??? when it shutdown and i switched back on i only has access to the internet for a minute then it cut off so i couldnt update anything so i ran AVG scan, superantispyware quick scan and malwarebytes quick scan but nothing so i have shutdown and started up a few times and eventually im back on the internet but i really dont know what went wrong or what that shutdown warning was?

Quick update i keep losing the internet, my router seem fine and connected with the right lights lit up yet i can only connect now and again for about 5 mins and internet wouldn't work in safe mode.Should I do a system restore?

Edited by Toria123, 26 November 2011 - 11:35 AM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:44 AM

Posted 29 November 2011 - 09:47 AM

Hello, this may not be malware. When you get a message that the system is shutting down, follow these steps to stop the cycle:
  • Press the Windows Key + R keys on your keyboard or go to Posted Image > Run..., and in the Open dialog box, type: cmd
  • Click Ok or press Enter.
  • At the command prompt C:\>, type: shutdown -a
  • Press Enter.
-- Vista users can refer to these instructions: How to Enable Run Command in Vista - How to Run a command prompt as an Administrator

That should give you enough time to run Rkill and rescan immediately afterwards with Malwarebytes. Rkill terminates malware processes which target your security tools and keeps them from running or completing a scan.



Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.




I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Toria123

Toria123
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:44 PM

Posted 29 November 2011 - 10:33 AM

Thank you so much for replying and helping me. I was worried that it was malware because i was reading things about blaster worm and the same message i was getting.
Anyway here's the Minitoolbox log and im goin to run the eset scan.

MiniToolBox by Farbar
Ran by Victoria1 (administrator) on 29-11-2011 at 15:29:47
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 ll.atdmt.com 127.0.0.1 rmd.atdmt.com






127.0.0.1 dk.imrworldwide.com
127.0.0.1 fe-au.imrworldwide.com
127.0.0.1 fe1-au.imrworldwide.com
127.0.0.1 fe1-fi.imrworldwide.com
127.0.0.1 fe1-it.imrworldwide.com
127.0.0.1 fe2-au.imrworldwide.com
127.0.0.1 fe2-gc.imrworldwide.com
127.0.0.1 fe3-au.imrworldwide.com
127.0.0.1 fe3-gc.imrworldwide.com
127.0.0.1 fe3-uk.imrworldwide.com
127.0.0.1 fe4-uk.imrworldwide.com
127.0.0.1 imrworldwide.com
127.0.0.1 lycos-eu.imrworldwide.com
127.0.0.1 ninemsn.imrworldwide.com
127.0.0.1 rc-au.imrworldwide.com
127.0.0.1 redsheriff.com
127.0.0.1 secure-au.imrworldwide.com
127.0.0.1 secure-uk.imrworldwide.com
127.0.0.1 secure-us.imrworldwide.com

There are 41 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

Realtek RTL8139/810x Family Fast Ethernet NIC = Local Area Connection (Connected)
1394 Net Adapter = 1394 Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : victoria

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : cable.virginmedia.net



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : cable.virginmedia.net

Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Ethernet NIC

Physical Address. . . . . . . . . : 00-14-85-FE-FE-3C

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 82.12.118.205

Subnet Mask . . . . . . . . . . . : 255.255.252.0

Default Gateway . . . . . . . . . : 82.12.116.1

DHCP Server . . . . . . . . . . . : 62.253.131.141

DNS Servers . . . . . . . . . . . : 194.168.4.100

194.168.8.100

NetBIOS over Tcpip. . . . . . . . : Disabled

Lease Obtained. . . . . . . . . . : 29 November 2011 15:24:24

Lease Expires . . . . . . . . . . : 03 December 2011 14:54:51

Server: cache1.service.virginmedia.net
Address: 194.168.4.100

Name: google.com.cable.virginmedia.net
Address: 81.200.64.50



Pinging google.com [173.194.67.99] with 32 bytes of data:



Reply from 173.194.67.99: bytes=32 time=23ms TTL=47

Reply from 173.194.67.99: bytes=32 time=25ms TTL=47



Ping statistics for 173.194.67.99:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 23ms, Maximum = 25ms, Average = 24ms

Server: cache1.service.virginmedia.net
Address: 194.168.4.100

Name: yahoo.com.cable.virginmedia.net
Address: 81.200.64.50



Pinging yahoo.com [98.139.180.149] with 32 bytes of data:



Reply from 98.139.180.149: bytes=32 time=592ms TTL=49

Reply from 98.139.180.149: bytes=32 time=634ms TTL=49



Ping statistics for 98.139.180.149:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 592ms, Maximum = 634ms, Average = 613ms

Server: cache1.service.virginmedia.net
Address: 194.168.4.100

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 14 85 fe fe 3c ...... Realtek RTL8139/810x Family Fast Ethernet NIC
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 82.12.116.1 82.12.118.205 20
82.12.116.0 255.255.252.0 82.12.118.205 82.12.118.205 20
82.12.118.205 255.255.255.255 127.0.0.1 127.0.0.1 20
82.255.255.255 255.255.255.255 82.12.118.205 82.12.118.205 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 82.12.118.205 82.12.118.205 20
224.0.0.0 240.0.0.0 82.12.118.205 82.12.118.205 20
255.255.255.255 255.255.255.255 82.12.118.205 82.12.118.205 1
Default Gateway: 82.12.116.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Windows\System32\nwprovau.dll [142336] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/26/2011 03:10:39 PM) (Source: Application Hang) (User: )
Description: Hanging application mbam.exe, version 1.51.0.1118, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (11/26/2011 02:56:38 PM) (Source: EventSystem) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 80070005 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Error: (11/26/2011 02:56:01 PM) (Source: EventSystem) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 80070005 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Error: (11/26/2011 02:55:23 PM) (Source: Application Error) (User: )
Description: Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [!ws!]

Error: (11/04/2011 01:57:11 PM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- SA_Error25101: StandardAction(0xC007620D): We have detected that ZoneAlarm, is already installed on your system, therefore the installation can not continue. We recommend that you uninstall this product first and then try to launch the installation again.

Error: (11/04/2011 01:57:08 PM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- SA_Error25101: StandardAction(0xC007620D): We have detected that ZoneAlarm, is already installed on your system, therefore the installation can not continue. We recommend that you uninstall this product first and then try to launch the installation again.

Error: (10/25/2011 00:27:03 PM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- SA_Error25101: StandardAction(0xC007620D): We have detected that ZoneAlarm, is already installed on your system, therefore the installation can not continue. We recommend that you uninstall this product first and then try to launch the installation again.

Error: (10/24/2011 02:06:57 PM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x048485a1.
Processing media-specific event for [explorer.exe!ws!]

Error: (10/24/2011 02:03:33 PM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module sftxtgp.dll, version 0.0.0.0, fault address 0x000385c6.
Processing media-specific event for [explorer.exe!ws!]

Error: (10/24/2011 02:00:02 PM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x047d85a1.
Processing media-specific event for [explorer.exe!ws!]


System errors:
=============
Error: (11/26/2011 04:18:04 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (11/26/2011 04:15:45 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AFD
Avgldx86
Avgmfx86
Avgtdix
Fips
intelppm
IPSec
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
SASDIFSV
SASKUTIL
Tcpip
Vsdatant

Error: (11/26/2011 04:15:45 PM) (Source: Service Control Manager) (User: )
Description: The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:
%%31

Error: (11/26/2011 04:15:45 PM) (Source: Service Control Manager) (User: )
Description: The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%31

Error: (11/26/2011 04:15:45 PM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%31

Error: (11/26/2011 04:15:45 PM) (Source: Service Control Manager) (User: )
Description: The TrueVector Internet Monitor service depends on the Vsdatant service which failed to start because of the following error:
%%31

Error: (11/26/2011 04:15:45 PM) (Source: Service Control Manager) (User: )
Description: The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error:
%%31

Error: (11/26/2011 04:15:45 PM) (Source: Service Control Manager) (User: )
Description: The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%31

Error: (11/26/2011 04:15:45 PM) (Source: Service Control Manager) (User: )
Description: The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error:
%%31

Error: (11/26/2011 04:15:24 PM) (Source: DCOM) (User: Administrator)
Description: DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}


Microsoft Office Sessions:
=========================
Error: (11/26/2011 03:10:39 PM) (Source: Application Hang)(User: )
Description: mbam.exe1.51.0.1118hungapp0.0.0.000000000

Error: (11/26/2011 02:56:38 PM) (Source: EventSystem)(User: )
Description: d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp4480070005

Error: (11/26/2011 02:56:01 PM) (Source: EventSystem)(User: )
Description: d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp4480070005

Error: (11/26/2011 02:55:23 PM) (Source: Application Error)(User: )
Description: 0.0.0.0unknown0.0.0.000000000

Error: (11/04/2011 01:57:11 PM) (Source: MsiInstaller)(User: SYSTEM)SYSTEM
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- SA_Error25101: StandardAction(0xC007620D): We have detected that ZoneAlarm, is already installed on your system, therefore the installation can not continue. We recommend that you uninstall this product first and then try to launch the installation again.(NULL)(NULL)(NULL)

Error: (11/04/2011 01:57:08 PM) (Source: MsiInstaller)(User: SYSTEM)SYSTEM
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- SA_Error25101: StandardAction(0xC007620D): We have detected that ZoneAlarm, is already installed on your system, therefore the installation can not continue. We recommend that you uninstall this product first and then try to launch the installation again.(NULL)(NULL)(NULL)

Error: (10/25/2011 00:27:03 PM) (Source: MsiInstaller)(User: SYSTEM)SYSTEM
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- SA_Error25101: StandardAction(0xC007620D): We have detected that ZoneAlarm, is already installed on your system, therefore the installation can not continue. We recommend that you uninstall this product first and then try to launch the installation again.(NULL)(NULL)(NULL)

Error: (10/24/2011 02:06:57 PM) (Source: Application Error)(User: )
Description: explorer.exe6.0.2900.5512unknown0.0.0.0048485a1

Error: (10/24/2011 02:03:33 PM) (Source: Application Error)(User: )
Description: explorer.exe6.0.2900.5512sftxtgp.dll0.0.0.0000385c6

Error: (10/24/2011 02:00:02 PM) (Source: Application Error)(User: )
Description: explorer.exe6.0.2900.5512unknown0.0.0.0047d85a1


=========================== Installed Programs ============================

1500 (Version: 50.0.206.000)
1500_Help (Version: 50.0.206.000)
1500Trb (Version: 50.0.206.000)
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Adobe AIR (Version: 1.0.4990)
Adobe AIR (Version: 1.0.8.4990)
Adobe Flash Player 10 Plugin (Version: 10.1.53.64)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.55)
Adobe Reader 9.4.6 (Version: 9.4.6)
AiO_Scan (Version: 50.0.206.000)
AiOSoftware (Version: 50.0.206.000)
Apple Mobile Device Support (Version: 2.1.1.13)
Apple Software Update (Version: 2.1.1.116)
AVG 2012 (Version: 12.0.1873)
AVG 2012 (Version: 12.0.2102)
AVG 2012 (Version: 2012.0.1873)
Bonjour (Version: 1.0.105)
BufferChm (Version: 53.0.13.000)
CardRd81 (Version: 4.00.0000.0004)
CCleaner (remove only)
CCScore (Version: 5.02.0000.0001)
CP_Package_Variety1 (Version: 53.0.13.000)
CP_Package_Variety2 (Version: 53.0.13.000)
CP_Package_Variety3 (Version: 53.0.13.000)
CR2 (Version: 4.00.0000.0003)
Destinations (Version: 53.0.13.000)
DeviceManagementQFolder (Version: 1.00.0000)
Disc2Phone (Version: 1.4.0.112)
DocProc (Version: 5.2.0.0)
Driving Test Success 2006/7
Driving Test Success ROAD SIGNS
ESSBrwr (Version: 5.02.0000.0001)
ESSCDBK (Version: 5.02.0000.0001)
ESScore (Version: 5.02.0000.0003)
ESSCT (Version: 5.01.0000.0101)
ESSEMAIL (Version: 5.01.0000.0001)
ESSgui (Version: 5.02.0000.0001)
ESShelp (Version: 5.02.0000.0001)
ESSini (Version: 5.02.0000.0104)
ESSPCD (Version: 5.02.0000.0001)
ESSPDock (Version: 5.02.0000.0004)
ESSSONIC (Version: 5.00.0000.0002)
ESSTOOLS (Version: 5.00.0000.0004)
ESSTUTOR (Version: 5.02.0000.0101)
essvatgt (Version: 5.02.0000.0001)
essvcpt (Version: 5.01.0000.0002)
ESSvpaht (Version: 5.01.0000.0004)
ESSvpot (Version: 5.01.0000.0101)
eSupportQFolder (Version: 1.00.0000)
Fax (Version: 50.0.206.000)
High Definition Audio Driver Package - KB888111 (Version: 20040219.000000)
HijackThis 2.0.2 (Version: 2.0.2)
HLPIndex (Version: 5.02.0000.0001)
HLPPDOCK (Version: 5.02.0000.0001)
HLPSFO (Version: 5.02.0000.0101)
HP Image Zone Express (Version: 1.5.1.29)
HP Imaging Device Functions 5.3 (Version: 5.3)
HP Product Assistant (Version: 100.000.001.000)
HP PSC & OfficeJet 5.3.B
HP Solution Center & Imaging Support Tools 5.3 (Version: 5.3)
HP Update (Version: 5.003.001.001)
HPProductAssistant (Version: 53.0.13.000)
Image Resizer Powertoy for Windows XP (Version: 1.00.0001)
iTunes (Version: 8.0.1.11)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 29 (Version: 6.0.290)
Kodak EasyShare software
KSU (Version: 632.62.0003.0003)
Macromedia Shockwave Player (Version: 10.1.0.011)
Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Web Publishing Wizard 1.52
Microsoft Works (Version: 08.04.0623)
Motorola SM56 Data Fax Modem
MSN
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NewCopy (Version: 50.0.206.000)
Notifier (Version: 5.01.0000.0101)
NVIDIA Drivers
OfotoXMI (Version: 5.02.0000.0001)
OpenOffice.org 3.0 (Version: 3.0.9358)
OTtBP (Version: 5.02.0000.0001)
OTtBPSDK (Version: 4.00.0000.0000)
PrintMaster 16 (Version: 16.00.0000)
ProductContext (Version: 50.0.206.000)
QuickTime (Version: 7.55.90.70)
Readme (Version: 50.0.206.000)
Realtek High Definition Audio Driver (Version: 2.02)
Scan (Version: 5.2.0.0)
ScannerCopy (Version: 5.2.0.0)
Segoe UI (Version: 14.0.4327.805)
SFR (Version: 5.00.0000.0005)
SHASTA (Version: 5.02.0000.0001)
Shockwave
SKIN0001 (Version: 5.02.0000.0001)
SKINXSDK (Version: 5.00.0000.0004)
SolutionCenter (Version: 50.0.152.000)
Sonic MyDVD (Version: 5.3.0)
Sonic RecordNow! (Version: 7.3)
Sony Ericsson PC Suite (Version: 2.0.58)
Spybot - Search & Destroy (Version: 1.6.2)
SpywareBlaster 4.4 (Version: 4.4.0)
Status (Version: 53.0.13.000)
SUPERAntiSpyware Free Edition (Version: 4.25.0.1014)
The Sims™ Life Stories
TrayApp (Version: 53.0.13.000)
Unload (Version: 5.0.0)
VC 9.0 Runtime (Version: 1.0.0)
Virgin Media Broadband Help (Version: 1.00.0000)
VPRINTOL (Version: 5.02.0000.0001)
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 53.0.13.000)
Windows Defender (Version: 1.1.1593.0)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.7.0018.5)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 7 (Version: 20061107.210142)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Sign-in Assistant (Version: 5.000.818.6)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Media Encoder 9 Series (Version: 9.00.2980)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0 (Version: 04.00.6001.503)
Windows XP Service Pack 3 (Version: 20080414.031525)
WIRELESS (Version: 5.02.0000.0001)
ZoneAlarm Firewall (Version: 10.1.065.000)
ZoneAlarm Free (Version: 10.1.065.000)
ZoneAlarm Security (Version: 10.1.065.000)
ZoneAlarm Toolbar

========================= Memory info: ===================================

Percentage of memory in use: 67%
Total physical RAM: 1022.48 MB
Available physical RAM: 335.54 MB
Total Pagefile: 2456.38 MB
Available Pagefile: 1709.66 MB
Total Virtual: 2047.88 MB
Available Virtual: 1962.43 MB

========================= Partitions: =====================================

1 Drive c: (HDD) (Fixed) (Total:29.99 GB) (Free:10.48 GB) NTFS
2 Drive d: (DATA) (Fixed) (Total:111.24 GB) (Free:105.05 GB) NTFS

========================= Users: ========================================

User accounts for \\VICTORIA

Administrator ASPNET Guest
HelpAssistant SUPPORT_388945a0 Victoria1

========================= Minidump Files ==================================

C:\WINDOWS\Minidump\Mini010408-01.dmp
C:\WINDOWS\Minidump\Mini010408-02.dmp
C:\WINDOWS\Minidump\Mini010608-01.dmp
C:\WINDOWS\Minidump\Mini011008-01.dmp
C:\WINDOWS\Minidump\Mini011108-01.dmp
C:\WINDOWS\Minidump\Mini011408-01.dmp
C:\WINDOWS\Minidump\Mini011408-02.dmp
C:\WINDOWS\Minidump\Mini011508-01.dmp
C:\WINDOWS\Minidump\Mini011508-02.dmp
C:\WINDOWS\Minidump\Mini011708-01.dmp
C:\WINDOWS\Minidump\Mini011908-01.dmp
C:\WINDOWS\Minidump\Mini012108-01.dmp
C:\WINDOWS\Minidump\Mini012208-01.dmp
C:\WINDOWS\Minidump\Mini012408-01.dmp
C:\WINDOWS\Minidump\Mini012408-02.dmp
C:\WINDOWS\Minidump\Mini012608-01.dmp
C:\WINDOWS\Minidump\Mini021207-01.dmp
C:\WINDOWS\Minidump\Mini022108-01.dmp
C:\WINDOWS\Minidump\Mini022307-01.dmp
C:\WINDOWS\Minidump\Mini022508-01.dmp
C:\WINDOWS\Minidump\Mini022508-02.dmp
C:\WINDOWS\Minidump\Mini022808-01.dmp
C:\WINDOWS\Minidump\Mini030108-01.dmp
C:\WINDOWS\Minidump\Mini030208-01.dmp
C:\WINDOWS\Minidump\Mini030308-01.dmp
C:\WINDOWS\Minidump\Mini030508-01.dmp
C:\WINDOWS\Minidump\Mini030508-02.dmp
C:\WINDOWS\Minidump\Mini030708-01.dmp
C:\WINDOWS\Minidump\Mini031408-01.dmp
C:\WINDOWS\Minidump\Mini031408-02.dmp
C:\WINDOWS\Minidump\Mini031508-01.dmp
C:\WINDOWS\Minidump\Mini032208-01.dmp
C:\WINDOWS\Minidump\Mini032708-01.dmp
C:\WINDOWS\Minidump\Mini032708-02.dmp
C:\WINDOWS\Minidump\Mini032808-01.dmp
C:\WINDOWS\Minidump\Mini040108-01.dmp
C:\WINDOWS\Minidump\Mini040108-02.dmp
C:\WINDOWS\Minidump\Mini040508-01.dmp
C:\WINDOWS\Minidump\Mini040508-02.dmp
C:\WINDOWS\Minidump\Mini040508-03.dmp
C:\WINDOWS\Minidump\Mini040608-01.dmp
C:\WINDOWS\Minidump\Mini041308-01.dmp
C:\WINDOWS\Minidump\Mini041308-02.dmp
C:\WINDOWS\Minidump\Mini041808-01.dmp
C:\WINDOWS\Minidump\Mini041808-02.dmp
C:\WINDOWS\Minidump\Mini041908-01.dmp
C:\WINDOWS\Minidump\Mini042508-01.dmp
C:\WINDOWS\Minidump\Mini050408-01.dmp
C:\WINDOWS\Minidump\Mini050708-01.dmp
C:\WINDOWS\Minidump\Mini050808-01.dmp
C:\WINDOWS\Minidump\Mini051008-01.dmp
C:\WINDOWS\Minidump\Mini052008-01.dmp
C:\WINDOWS\Minidump\Mini052308-01.dmp
C:\WINDOWS\Minidump\Mini052508-01.dmp
C:\WINDOWS\Minidump\Mini052607-01.dmp
C:\WINDOWS\Minidump\Mini052808-01.dmp
C:\WINDOWS\Minidump\Mini052808-02.dmp
C:\WINDOWS\Minidump\Mini052808-03.dmp
C:\WINDOWS\Minidump\Mini052908-01.dmp
C:\WINDOWS\Minidump\Mini060208-01.dmp
C:\WINDOWS\Minidump\Mini060408-01.dmp
C:\WINDOWS\Minidump\Mini070706-01.dmp
C:\WINDOWS\Minidump\Mini072207-01.dmp
C:\WINDOWS\Minidump\Mini080306-01.dmp
C:\WINDOWS\Minidump\Mini080407-01.dmp
C:\WINDOWS\Minidump\Mini082510-01.dmp
C:\WINDOWS\Minidump\Mini100207-01.dmp
C:\WINDOWS\Minidump\Mini101407-01.dmp
C:\WINDOWS\Minidump\Mini101507-01.dmp
C:\WINDOWS\Minidump\Mini101707-01.dmp
C:\WINDOWS\Minidump\Mini101806-01.dmp
C:\WINDOWS\Minidump\Mini101907-01.dmp
C:\WINDOWS\Minidump\Mini102107-01.dmp
C:\WINDOWS\Minidump\Mini103007-01.dmp
C:\WINDOWS\Minidump\Mini103007-02.dmp
C:\WINDOWS\Minidump\Mini103107-01.dmp
C:\WINDOWS\Minidump\Mini110107-01.dmp
C:\WINDOWS\Minidump\Mini110107-02.dmp
C:\WINDOWS\Minidump\Mini110907-01.dmp
C:\WINDOWS\Minidump\Mini111007-01.dmp
C:\WINDOWS\Minidump\Mini112607-01.dmp
C:\WINDOWS\Minidump\Mini112707-01.dmp
C:\WINDOWS\Minidump\Mini113007-01.dmp
C:\WINDOWS\Minidump\Mini120107-01.dmp
C:\WINDOWS\Minidump\Mini120807-01.dmp
C:\WINDOWS\Minidump\Mini121507-01.dmp
C:\WINDOWS\Minidump\Mini121907-01.dmp
C:\WINDOWS\Minidump\Mini122407-01.dmp
C:\WINDOWS\Minidump\Mini122407-02.dmp
C:\WINDOWS\Minidump\Mini122907-01.dmp
C:\WINDOWS\Minidump\Mini123007-01.dmp
C:\WINDOWS\Minidump\Mini123107-01.dmp
C:\WINDOWS\Minidump\Mini123107-02.dmp

**** End of log ****

#4 Toria123

Toria123
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:44 PM

Posted 29 November 2011 - 12:12 PM

Ok i done an Eset scan and it found nothing also my internet has been ok past 2 days because i done the shutdown -a command then and i dont know if that helped anyway i managed to update and run malwarebytes but i never used Rkill should i still have done that even though i updated and scanned? I dont know if its malware but if its not what else could have caused the forced shutdown?

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8271

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

29/11/2011 17:12:07
mbam-log-2011-11-29 (17-12-06).txt

Scan type: Quick scan
Objects scanned: 219219
Time elapsed: 6 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by Toria123, 29 November 2011 - 12:13 PM.


#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:44 AM

Posted 30 November 2011 - 10:28 PM

Ok,all the malware is gone, If you still have shut down issues you need to start an XP topic and I think they'll want to look at your dump files.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 Toria123

Toria123
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:44 PM

Posted 01 December 2011 - 05:54 AM

Thanks for your help, so it probably wasn't a malware issue then? So do you think its safe to carry on with some online christmas shopping?

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:44 AM

Posted 01 December 2011 - 09:43 PM

Yes,looks ok to me.
Safety Tips for Online Shopping
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 Toria123

Toria123
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:44 PM

Posted 02 December 2011 - 12:54 PM

Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users