Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows XP doesn't shutdown


  • Please log in to reply
19 replies to this topic

#1 Ali_11

Ali_11

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:00 AM

Posted 08 July 2015 - 09:05 AM

My Windows XP doesn't shutdown when I try to shutdown it. I think it is affected by some malicious software. pls help !


Edited by hamluis, 08 July 2015 - 10:22 AM.
Moved from XP to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:06:00 AM

Posted 09 July 2015 - 01:31 PM

Hi,

 

lets check for malware to see if malware cause a problem. 

 

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:

§  Flush DNS

§  Report IE Proxy Settings

§  Reset IE Proxy Settings

§  Report FF Proxy Settings

§  Reset FF Proxy Settings

§  List content of Hosts

§  List IP configuration

§  List Winsock Entries

§  List last 10 Event Viewer log

§  List Installed Programs

§  List Devices

§  List Users, Partitions and Memory size.

§  List Minidump Files

§  List Restore Points

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

-------

 

Download Security Check from here or here and save it to your Desktop.

§  Double-click SecurityCheck.exe

§  Follow the onscreen instructions inside of the black box.

§  Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1: If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2: SecurityCheck may produce some false warning(s), so leave the results reading to me.

NOTE 3: If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! Message, restart computer and Security Check should run.

---------------

 

ESET Online Scanner

§  Click here to download the installer for ESET Online Scanner and save it to your Desktop.

§  Disable all your antivirus and antimalware software - see how to do that here.

§  Right click on esetsmartinstaller_enu.exe and select Run as Administrator.

§  Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.

§  Select Enable detection of potentially unwanted applications.

§  Click Advanced Settings, then place a checkmark in the following:

o    Remove found threats

o    Scan archives

o    Scan for potentially unsafe applications

o    Enable Anti-Stealth technology

§  Click Start to begin scanning.

§  ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.

§  When the scan is done, click List threats (only available if ESET Online Scanner found something).

§  Click Export, then save the file to your desktop.

§  Click Back, then Finish to exit ESET Online Scanner.

-------

 

Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

 

§  Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.

§  At the end, be sure a checkmark is placed next to the following:
 

o    Launch Malwarebytes Anti-Malware

o    A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

 

§  Click Finish.

§  On the Dashboard, click the 'Update Now >>' link

§  After the update completes, on Settings tab, set under Detection and Protection next options: 

1. 'Scan for rootkits'

2. Non-Malware Protection, for 'PUP detections', check, 'Threat detections as malware' option.

§  Return to Dashboard, click the 'Scan Now >>' button.

§  A Threat Scan will begin.

§  When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

§  In most cases, a restart will be required.

§  Wait for the prompt to restart the computer to appear, than click on Yes.


If you already have MBAM 2.0 installed:
 

§  On the Dashboard, click the 'Update Now >>' link.

§  After the update completes, on Settings tab, set under Detection and Protection next options: 

1. 'Scan for rootkits'

2. Non-Malware Protection, for 'PUP detections', check, 'Threat detections as malware' option.

§  Return to Dashboard, click the Scan Now >> button.

§  A Threat Scan will begin.

§  When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

§  In most cases, a restart will be required.

§  Wait for the prompt to restart the computer to appear, than click on Yes.

 

§  After the restart once you are back at your desktop, open MBAM once more.

§  Click on the History tab > Application Logs.

§  Double click on the Scan Log which shows the Date and time of the scan just performed.

§  Click 'Export'.

§  Click 'Copy to Clipboard'

§  Paste the contents of the clipboard into your reply.

 

-----------

Please download AdwCleaner by Xplode onto your desktop.

§  Close all open programs and internet browsers.

§  Double click on adwcleaner.exe to run the tool.

§  Click on Scan button.

§  When the scan has finished click on Clean button.

§  Your computer will be rebooted automatically. A text file will open after the restart.

§  Please post the contents of that logfile with your next reply.

§  You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

-------

Please download Junkware Removal Tool to your desktop.

§  Shut down your protection software now to avoid potential conflicts.

§  Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

§  The tool will open and start scanning your system.

§  Please be patient as this can take a while to complete depending on your system's specifications.

§  On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

§  Post the contents of JRT.txt into your next message.


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#3 Ali_11

Ali_11
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:00 AM

Posted 10 July 2015 - 07:09 AM

MiniToolBox, Junkware Removal Tool and  AdwCleaner gave 'Security warning'  that it doesn't have a 'valid Digital signature' after download. So. I didnt run them.ESET Online Scanner also gave some error of 'proxy' after 2 hrs of updating.

 

 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/10/2015
Scan Time: 2:43:04 PM
Logfile: mbam.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.07.10.02
Rootkit Database: v2015.07.09.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: ???

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 290396
Time Elapsed: 28 min, 15 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 1
Broken.OpenCommand, HKCR\regfile\shell\open\command, regedit.exe /s "Good: (regedit.exe "Bad: (regedit.exe /s "%1"),Replaced,[ffffffffffffffffffffffffffffffff]")", %4, %5

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.OpenCandy, C:\Documents and Settings\-\My Documents\Downloads\PhotoScape_V3.7.exe, Quarantined, [64b6f9e7a8e23006a6c94e0304017888],

Physical Sectors: 0
(No malicious items detected)


(end)


Edited by Ali_11, 10 July 2015 - 07:10 AM.


#4 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:00 PM

Posted 10 July 2015 - 08:57 AM

Hello -

Just a quick note re : "MiniToolBox, Junkware Removal Tool and  AdwCleaner gave 'Security warning'  that it doesn't have a 'valid Digital signature' after download."

 

This is not unusual depending on your installed Antivirus and Antimalware programs. They are False Positives, since your computer does not want to be looked at.

Temporary disable your Security programs while you download these programs that we ask you to use, as all are 100% good if you use the supplied links -

 

severac has listed "Shut down your protection software now to avoid potential conflicts." in the given directions.

 

Thank You -

 

P.S. Did you also post this on "SuperUser" forum ??



#5 Ali_11

Ali_11
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:00 AM

Posted 10 July 2015 - 10:42 AM

Still getting Security warning even after disabling antivirus & anti malware software. you mean it is safe to run these programs even after the warning ???



#6 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:06:00 AM

Posted 10 July 2015 - 11:09 AM

Yes, it is safe. These programs are legitimate programs. 


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#7 Ali_11

Ali_11
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:00 AM

Posted 10 July 2015 - 11:10 AM

MiniToolBox:

 

MiniToolBox by Farbar  Version: 01-07-2015
Ran by ? (administrator) on 10-07-2015 at 20:59:49
Running from "C:\Documents and Settings\?\My Documents\Downloads"
Microsoft Windows XP Professional Service Pack 3 (X86)
Model: 828992U Manufacturer: LENOVO
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1       localhost

========================= IP Configuration: ================================

Broadcom NetLink ™ Gigabit Ethernet = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration         
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



        Host Name . . . . . . . . . . . . : home-15489df13c

        Primary Dns Suffix  . . . . . . . :

        Node Type . . . . . . . . . . . . : Unknown

        IP Routing Enabled. . . . . . . . : No

        WINS Proxy Enabled. . . . . . . . : No

        DNS Suffix Search List. . . . . . : Home



Ethernet adapter Local Area Connection:



        Connection-specific DNS Suffix  . : Home

        Description . . . . . . . . . . . : Broadcom NetLink ™ Gigabit Ethernet

        Physical Address. . . . . . . . . : 00-10-C6-B3-24-5C

        Dhcp Enabled. . . . . . . . . . . : Yes

        Autoconfiguration Enabled . . . . : Yes

        IP Address. . . . . . . . . . . . : 192.168.1.2

        Subnet Mask . . . . . . . . . . . : 255.255.255.0

        Default Gateway . . . . . . . . . : 192.168.1.1

        DHCP Server . . . . . . . . . . . : 192.168.1.1

        DNS Servers . . . . . . . . . . . : 192.168.1.1

        Lease Obtained. . . . . . . . . . : Friday, July 10, 2015 8:33:45 PM

        Lease Expires . . . . . . . . . . : Saturday, July 11, 2015 8:33:45 PM

Server:  Broadcom.Home
Address:  192.168.1.1

Name:    google.com
Addresses:  173.194.113.33, 173.194.113.40, 173.194.113.32, 173.194.113.38
      173.194.113.35, 173.194.113.39, 173.194.113.34, 173.194.113.37, 173.194.113.46
      173.194.113.41, 173.194.113.36



Pinging google.com [173.194.113.35] with 32 bytes of data:



Reply from 173.194.113.35: bytes=32 time=161ms TTL=55

Reply from 173.194.113.35: bytes=32 time=161ms TTL=55



Ping statistics for 173.194.113.35:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 161ms, Maximum = 161ms, Average = 161ms

Server:  Broadcom.Home
Address:  192.168.1.1

Name:    yahoo.com
Addresses:  98.139.183.24, 206.190.36.45, 98.138.253.109



Pinging yahoo.com [206.190.36.45] with 32 bytes of data:



Reply from 206.190.36.45: bytes=32 time=331ms TTL=50

Reply from 206.190.36.45: bytes=32 time=329ms TTL=50



Ping statistics for 206.190.36.45:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 329ms, Maximum = 331ms, Average = 330ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 10 c6 b3 24 5c ...... Broadcom NetLink ™ Gigabit Ethernet - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.2      20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1      1
      192.168.1.0    255.255.255.0      192.168.1.2     192.168.1.2      20
      192.168.1.2  255.255.255.255        127.0.0.1       127.0.0.1      20
    192.168.1.255  255.255.255.255      192.168.1.2     192.168.1.2      20
        224.0.0.0        240.0.0.0      192.168.1.2     192.168.1.2      20
  255.255.255.255  255.255.255.255      192.168.1.2     192.168.1.2      1
Default Gateway:       192.168.1.1
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/08/2015 06:31:12 PM) (Source: Application Error) (User: )
Description: Faulting application skype.exe, version 7.6.0.103, faulting module skype.exe, version 7.6.0.103, fault address 0x01694aab.
Processing media-specific event for [skype.exe!ws!]

Error: (07/07/2015 05:28:32 PM) (Source: Application Error) (User: )
Description: Faulting application skype.exe, version 7.6.0.103, faulting module skype.exe, version 7.6.0.103, fault address 0x00463343.
Processing media-specific event for [skype.exe!ws!]

Error: (07/01/2015 03:59:56 PM) (Source: MsiInstaller) (User: HOME-15489DF13C)
Description: Product: Microsoft Office Enterprise 2007 -- Error 1713. Setup cannot install one of the required products for Microsoft Office Enterprise 2007.

Error: (06/30/2015 09:16:45 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (06/30/2015 09:16:45 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (06/30/2015 09:16:45 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (06/30/2015 09:16:45 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (06/30/2015 09:16:45 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (06/30/2015 09:16:45 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (06/30/2015 09:16:44 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.


System errors:
=============
Error: (07/10/2015 08:34:26 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.

Error: (07/10/2015 08:33:42 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.2 for the Network Card with network address 0010C6B3245C has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (07/10/2015 03:13:33 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.

Error: (07/10/2015 03:13:03 PM) (Source: 0) (User: )
Description: 0xC0000001HarddiskVolume1

Error: (07/10/2015 02:28:54 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.2 for the Network Card with network address 0010C6B3245C has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (07/09/2015 10:17:21 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.2 for the Network Card with network address 0010C6B3245C has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (07/09/2015 00:42:21 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.2 for the Network Card with network address 0010C6B3245C has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (07/08/2015 08:59:18 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.2 for the Network Card with network address 0010C6B3245C has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (07/08/2015 06:25:13 PM) (Source: Service Control Manager) (User: )
Description: The Application Layer Gateway Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/08/2015 06:25:12 PM) (Source: Service Control Manager) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.


Microsoft Office Sessions:
=========================
Error: (07/08/2015 06:31:12 PM) (Source: Application Error)(User: )
Description: skype.exe7.6.0.103skype.exe7.6.0.10301694aab

Error: (07/07/2015 05:28:32 PM) (Source: Application Error)(User: )
Description: skype.exe7.6.0.103skype.exe7.6.0.10300463343

Error: (07/01/2015 03:59:56 PM) (Source: MsiInstaller)(User: HOME-15489DF13C)
Description: Product: Microsoft Office Enterprise 2007 -- Error 1713. Setup cannot install one of the required products for Microsoft Office Enterprise 2007.  (NULL)(NULL)(NULL)

Error: (06/30/2015 09:16:45 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe specified server cannot perform the requested operation.

Error: (06/30/2015 09:16:45 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis operation returned because the timeout period expired.

Error: (06/30/2015 09:16:45 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe specified server cannot perform the requested operation.

Error: (06/30/2015 09:16:45 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe specified server cannot perform the requested operation.

Error: (06/30/2015 09:16:45 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe specified server cannot perform the requested operation.

Error: (06/30/2015 09:16:45 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis operation returned because the timeout period expired.

Error: (06/30/2015 09:16:44 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe specified server cannot perform the requested operation.


=========================== Installed Programs ============================

Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.203 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.2.2218 - AVAST Software)
CS16 Full v32.1 Non-Steam (HKLM\...\CS16 Full v32.1 Non-Steam) (Version:  - )
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.132 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.27.5 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 39.0 (x86 en-US) (HKLM\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 38.0.5 - Mozilla)
OpenOffice 4.0.0 (HKLM\...\{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}) (Version: 4.00.9702 - Apache Software Foundation)
PhotoScape (HKLM\...\PhotoScape) (Version:  - )
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.12.01.5410 - Analog Devices)
WebFldrs XP (HKLM\...\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
WinRAR 5.21 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 35%
Total physical RAM: 1013.11 MB
Available physical RAM: 654.36 MB
Total Virtual: 2440.18 MB
Available Virtual: 2176.42 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:29.29 GB) (Free:20.22 GB) NTFS
2 Drive d: () (Fixed) (Total:45.2 GB) (Free:42.9 GB) NTFS

========================= Users: ========================================

User accounts for \\HOME-15489DF13C

Administrator            ?                     Guest                    
HelpAssistant            

========================= Minidump Files ==================================

No minidump file found

========================= Restore Points ==================================

30-06-2015 15:32:38 System Checkpoint
30-06-2015 15:44:36 Installed SoundMAX
30-06-2015 15:44:41 Installed SoundMAX
01-07-2015 11:01:50 Installed Microsoft Office Enterprise 2007
01-07-2015 11:02:04 Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
01-07-2015 11:02:26 Installed OpenOffice 4.0.0
01-07-2015 11:54:47 avast! antivirus system restore point
01-07-2015 15:14:00 BricoPack Automatic Restore Point
01-07-2015 15:46:33 Installed SDFormatter.
01-07-2015 16:42:50 Removed SDFormatter.
02-07-2015 09:49:52 Restore Operation
02-07-2015 09:51:03 Restore Operation
02-07-2015 12:39:50 Installed Adobe Reader XI (11.0.10).
09-07-2015 07:43:13 Removed Skype™ 7.6
10-07-2015 11:38:27 System Checkpoint

**** End of log ****

 

 

---------------------------------------------------------------------------------------------------------------------------------------------------------

 

Junkware Removal Tool :

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.4.0 (07.10.2015:1)
OS: Microsoft Windows XP x86
Ran by ? on Fri 07/10/2015 at 20:50:32.43
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 07/10/2015 at 20:55:05.48
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

---------------------------------------------------------------------------------------------------------------------------------------------------------------

 

AdwCleaner:

 

# AdwCleaner v4.208 - Logfile created 10/07/2015 at 20:56:58
# Updated 09/07/2015 by Xplode
# Database : 2015-07-09.2 [Local]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : ? - HOME-15489DF13C
# Running from : C:\Documents and Settings\?My Documents\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v39.0 (x86 en-US)


-\\ Google Chrome v43.0.2357.132


*************************

AdwCleaner[R0].txt - [1188 bytes] - [08/07/2015 18:20:50]
AdwCleaner[R1].txt - [745 bytes] - [10/07/2015 20:56:58]
AdwCleaner[S0].txt - [1256 bytes] - [08/07/2015 18:25:13]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [862 bytes] ##########

 

----------------------------------------------------------------------------------------------------------------------------------------------------------------
 

 

Security Check:

 

Results of screen317's Security Check version 1.005  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Please wait while WMIC is being installed.d
i
s
p
l
a
y
N
a
m
e
ECHO is off.
a
v
a
s
t
!
ECHO is off.
A
n
t
i
v
i
r
u
s
ECHO is off.
 Antivirus out of date!  
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Flash Player     18.0.0.203  
 Adobe Reader XI  
 Mozilla Firefox (39.0)
 Google Chrome (43.0.2357.130)
 Google Chrome (43.0.2357.132)
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 13% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

 

 



#8 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:06:00 AM

Posted 10 July 2015 - 11:28 AM

Update your antivirus.

 

---

 

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

§  Make sure the following options are checked:
 

o    Internet Services

o    Windows Firewall

o    System Restore

o    Security Center/Action Center

o    Windows Update

o    Windows Defender

o    Other Services

§  Press "Scan".

§  It will create a log (FSS.txt) in the same directory the tool is run.

§  Please copy and paste the log to your reply.


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#9 Ali_11

Ali_11
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:00 AM

Posted 11 July 2015 - 03:39 AM

I would like to tell you that recently I uninstall Skype because of the following error after sign in 'Not enough server storage is available to process this command' and maybe after this error the windows were not shutting down. After the (Skype) uninstall the shutdown process iwas back to normal but I'm still getting this error. Please help me fix it.



#10 Ali_11

Ali_11
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:00 AM

Posted 11 July 2015 - 03:41 AM

Farbar Service Scanner:

 

Farbar Service Scanner Version: 17-01-2015
Ran by ? (administrator) on 11-07-2015 at 13:33:56
Running from "C:\Documents and Settings\?\My Documents\Downloads"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
"HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall" registry value does not exist.


System Restore:
============

System Restore Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\afd.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\netbt.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\tcpip.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\ipsec.sys => File is digitally signed
C:\WINDOWS\system32\dnsrslvr.dll => File is digitally signed
C:\WINDOWS\system32\ipnathlp.dll => File is digitally signed
C:\WINDOWS\system32\netman.dll => File is digitally signed
C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
C:\WINDOWS\system32\srsvc.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\sr.sys => File is digitally signed
C:\WINDOWS\system32\wscsvc.dll => File is digitally signed
C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
C:\WINDOWS\system32\wuauserv.dll => File is digitally signed
C:\WINDOWS\system32\qmgr.dll => File is digitally signed
C:\WINDOWS\system32\es.dll => File is digitally signed
C:\WINDOWS\system32\cryptsvc.dll => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed

Extra List:
=======
aswTdi(8) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x080000000400000001000000020000000300000008000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****



#11 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:06:00 AM

Posted 11 July 2015 - 03:45 AM

I would like to tell you that recently I uninstall Skype because of the following error after sign in 'Not enough server storage is available to process this command' and maybe after this error the windows were not shutting down. After the (Skype) uninstall the shutdown process iwas back to normal but I'm still getting this error. Please help me fix it.

 

So, you can now shut down your PC normally, but Skype is not working and giving error message?


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#12 Ali_11

Ali_11
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:00 AM

Posted 11 July 2015 - 04:00 AM

Yes, I can shutdown my pc now but I guess Skype was causing the problem. What do u say?



#13 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:06:00 AM

Posted 11 July 2015 - 05:18 AM

I can't imagine in what way that two things can be related. 


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#14 Ali_11

Ali_11
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:00 AM

Posted 11 July 2015 - 08:02 AM

I dont know either. It was just an assumption and I have no evidence for that.......... What do my scan logs say? Are they clear? Can you help me wih the skype error or do I have to post it in a new topic?



#15 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:06:00 AM

Posted 11 July 2015 - 08:58 AM

Logs are so far clean, do MBAR check and after that we will see, what to do next:

 

Download  Malwarebytes Anti-Rootkit (MBAR) to your desktop.
 

§  Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.

§  Double click on downloaded file. OK self extracting prompt.

§  MBAR will start. Click "Next" to continue.

§  Click in the following screen "Update" to obtain the latest malware definitions.

§  Once the update is complete select "Next" and click "Scan".

§  When the scan is finished and no malware has been found select "Exit".

§  If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.

§  Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:

§  "mbar-log-{date} (xx-xx-xx).txt"

§  "system-log.txt"


NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes Anti-Malware icon in the system tray and click on Exit.


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users