iqbal
unexpected shutdown of windows xp
#1
Posted 19 March 2005 - 04:18 PM
iqbal
#2
Posted 19 March 2005 - 04:28 PM
Was it a registry error?
Windows XP pro or home?
Can you boot into safe mode? (tap F8 key while memory is counting up).
#3
Posted 20 March 2005 - 11:50 AM
iqbal
#4
Posted 20 March 2005 - 01:57 PM
AND
Can you boot into safe mode?
#5
Posted 20 March 2005 - 06:16 PM
but it wasnt as soon as the desktop loaded
it was when i was loading a game...or going ont he internet...pretty much at any given time
it turned out, it was my network adapter acting up for no reason....it was during summer, my brother was down for summer break, and we had networked teh computers
he went back to college, sot here was no more networked, so i unplugged my network cable...but didnt disable my netowrk card....so for some reason, it felt like restartgin here and there....
maybe it`s hardware problem? i duno
i think there`s a setting that said, restart my copmuter when there`s a system error....i think that was it...i duno
not 100% on it
#6
Posted 22 March 2005 - 02:23 PM
1. the first time when the problem came a message came telling that some file is missing and you have to restart with windows xp cd in cd rome and then recover the file from recovery console.....i did the same and then the windows started fine...but after that it never gave the message for recovery and straightaway shuts down upon startup(shuts down as soos as the desktop appears).
2. Few days before the problem occuring , a message use to came upon each startup from Google Desktop Search telling that another programe named Internet Download Manager prevents it from working and i should un-install one of these programes for the system to work properly.
3. The last thing: I use APACHE modem model: A56SP-HCF i had installed it according to its instruction manual , but during its installation a message had came from windows that it didnt pass the required test and there may occur a prolem in windows immidiately or afterwards..i clicked "continue anyway" according to the installation manual..i suspect that may be the apache modem incompatability have caused the problem.
anyway i will be very thankful if you suggest me further action for resolving the problem
iqbal
#7
Posted 22 March 2005 - 02:46 PM
Logfile of HijackThis v1.99.0
Scan saved at 7:14:22 PM, on 3/22/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
C:\unzipped\hijackthis28-12-04\HijackThis.exe
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - E:\New Folder\Internet Download Manager-xp\IDMIECC.dll (file missing)
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - E:\New Folder\Shareaza\Plugins\RazaWebHook.dll
O2 - BHO: PopupSlapdown BHO - {1FEA39D6-46B3-4F66-BC38-4839CFE198EA} - D:\Program Files\Geek Superhero\GeekSuperheroX.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - D:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\NEWFOL~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - E:\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: IeHelper Class - {A491D208-B353-490F-B81A-A8A3DC97042D} - D:\WINDOWS\System32\smiehlp.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - E:\SPYWAR~2\tools\iesdpb.dll
O2 - BHO: VCS3IESupport Class - {B9D6B3C2-09AD-464A-8162-8C55114C808A} - E:\Program Files\AV VCS 3.0\Vcs3RT.dll
O2 - BHO: PhishingNet BHO - {DE3A0297-5EFF-4FF2-A48D-ABBC67D4D774} - D:\Program Files\Geek Superhero\GeekSuperheroX.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [gcasServ] "D:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [PrintPack dispatcher] "D:\Program Files\Software602\PrintPack\PrnPack.exe" /server
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "D:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [eTrust PestPatrol Active Protection] none
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [ICQ Lite] D:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [DownloadAccelerator] E:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [WhenUSave] "D:\Program Files\Save\Save.exe"
O4 - HKLM\..\Run: [WhenUSearch] "D:\Program Files\WhenUSearch\Search.exe"
O4 - HKLM\..\Run: [WhenUSearchWHSE] "D:\Program Files\WhenUSearch\whse.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Yahoo! Pager] D:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\New Folder\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SpySweeper] "D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [Internet Download Accelerator] E:\New Folder\IDA\ida.exe -autorun
O4 - HKCU\..\Run: [warez] "E:\New Folder\Warez P2P Client\warez.exe" -h
O4 - HKCU\..\Run: [ClockSync] "D:\Program Files\ClockSync\Sync.exe" /q
O4 - HKCU\..\RunOnce: [ICQ Lite] D:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Startup: naviscope.lnk = E:\New Folder\naviscope.exe
O4 - Global Startup: WordWeb.lnk = D:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: SECRETMAKER.lnk = D:\Program Files\SECRETMAKER\secretmaker.exe
O4 - Global Startup: SpySubtract.lnk = E:\New Folder\SPYSUBTRACT-XP\SpySub.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = D:\Program Files\GetRight\getright.exe
O8 - Extra context menu item: &Download with &DAP - E:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &ICQ Toolbar Search - res://D:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &WordWeb... - res://D:\WINDOWS\System32\wweb32.dll/lookup.html
O8 - Extra context menu item: + &Download Express: download this file - D:\Program Files\Download Express\Add_Url.htm
O8 - Extra context menu item: Download &all with DAP - E:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Download All Links with IDM - E:\New Folder\Internet Download Manager-xp\IEGetAll.htm
O8 - Extra context menu item: Download using LeechGet - file://\\AddUrl.html
O8 - Extra context menu item: Download using LeechGet Wizard - file://\\Wizard.html
O8 - Extra context menu item: Download with &Shareaza - res://E:\New Folder\Shareaza\Plugins\RazaWebHook.dll/3000
O8 - Extra context menu item: Download with GetRight - D:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Download with IDM - E:\New Folder\Internet Download Manager-xp\IEExt.htm
O8 - Extra context menu item: Open with GetRight Browser - D:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Parse with LeechGet - file://\\Parser.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - E:\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Print2PDF - {5B7027AD-AA6D-40df-8F56-9560F277D2A5} - D:\WINDOWS\System32\Print602.dll
O9 - Extra 'Tools' menuitem: Print2PDF - {5B7027AD-AA6D-40df-8F56-9560F277D2A5} - D:\WINDOWS\System32\Print602.dll
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: Bug Swatter Options - {99FEA1A2-7881-11D1-A9E2-00403320FCF2} - D:\Program Files\Geek Superhero\GeekSuperheroX.dll
O9 - Extra button: Popup Slapdown Options - {A1100DDB-B277-4CAA-A640-B299D79FE25E} - D:\Program Files\Geek Superhero\GeekSuperheroX.dll
O9 - Extra button: Print2Mail - {A156A7A7-14A2-4282-B487-8E25AB68D608} - D:\WINDOWS\System32\Print602.dll
O9 - Extra 'Tools' menuitem: Print2Mail - {A156A7A7-14A2-4282-B487-8E25AB68D608} - D:\WINDOWS\System32\Print602.dll
O9 - Extra button: Phishing Net Options - {B1100DDB-B277-4CAA-A640-B299D79FE25E} - D:\Program Files\Geek Superhero\GeekSuperheroX.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: Print2Picture - {F242786D-E1AE-49e7-BD01-E1ABCA405241} - D:\WINDOWS\System32\Print602.dll
O9 - Extra 'Tools' menuitem: Print2Picture - {F242786D-E1AE-49e7-BD01-E1ABCA405241} - D:\WINDOWS\System32\Print602.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\idmmbc.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....738&clcid=0x409
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1107103293375
O23 - Service: Symantec Event Manager - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service - Symantec Corporation - D:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager - Symantec Corporation - D:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: ScriptBlocking Service - Symantec Corporation - D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
i m waiting for your kind reply.
iqbal
#8
Posted 22 March 2005 - 03:06 PM
1. the first time when the problem came a message came telling that some file is missing and you have to restart with windows xp cd in cd rome and then recover the file from recovery console.....i did the same and then the windows started fine...but after that it never gave the message for recovery and straightaway shuts down upon startup(shuts down as soos as the desktop appears).
This is pretty important. What file?
2. Few days before the problem occuring , a message use to came upon each startup from Google Desktop Search telling that another programe named Internet Download Manager prevents it from working and i should un-install one of these programes for the system to work properly.
Did you uninstall one?
3. The last thing: I use APACHE modem model: A56SP-HCF i had installed it according to its instruction manual , but during its installation a message had came from windows that it didnt pass the required test and there may occur a prolem in windows immidiately or afterwards..i clicked "continue anyway" according to the installation manual..i suspect that may be the apache modem incompatability have caused the problem.
I doubt it...generally, modems will not cause this problem unless they are in use. The modem is not in use when you first boot up.
#9
Posted 22 March 2005 - 03:10 PM
I assume you are dual booting with something on C:
You have programs loading or trying to from E:
????
#10
Posted 23 March 2005 - 10:15 AM
here are the answers of your quesries:
1. i dont know exactly which file it was. But today i have tried to start winndows xp(which gives problem and which is installed on D. It gave the same the result i.e shutting down soon after the desttop appearance. Then i started the other windows xp (which i have installed on E, and in which i work nowadays), it scanned the hard disk (bcoz of unsafe shutdown of windows at D previously) and found following mistake(i have noted it in hurry because the message came for very short time, so sorry if its wrongly noted):
"the size of docs & settings\administrator\ntuser.date.log is invalid, 8 kb recoverd."
2.You have asked how many systems i have on my pc. well, i have 3, i. windows xp on D ii. windows 98 on C iii. windows xp on E (which i installed after the problem with xp on D)
3. You have also asked whether i un-installed one of the two programes ( google desltop search & internet download manager) which were incompatible with each other. The answer is "No"I always ignored the message from google desktop search which indicated that i have to un-install one of these two programes.
and the last thing , when i installed the new xp on E soon after the problem in xp installed on D, a message came from windows messenger service of wich the screenshot i have captured with irfan view and is attatched herewith( plz see the attatchment).
i m looking forward to you kind help.
iqbal
#11
Posted 25 March 2005 - 04:55 AM
iqbal
#12
Posted 25 March 2005 - 12:31 PM
Well, believe it or not, your most second to most recent post is a very big help---or at least may be a good indicator.
The windows messenger service is a a horribly abused system, and since it is running for you there is a good chance you are infected with the Sassar worm.
Your hijack log also indicates this, but given the odd nature of your system I was unsure what we were looking at.
First, read this:
http://support.micro...om/?kbid=841720
You can get the sasser removal tool from Windowsupdate, or from several other Antivirus companies like Symantec (this is free).
You will need to run it in both windows xp setups. You need to remove the network cable from your machine.
Afterwards, you should update to SP2, or at the very least disable the messenger service by typing
Start > Run services.msc, double click Messenger, stopping it, and setting startup type to disable.
You should also get an Antivirus program and keep it up to date.
After running the sasser removal tool, please rerun hijack and post a new log and we will clean out all that remains.
#13
Posted 26 March 2005 - 10:39 AM
i have scanned my system with sasser removal tool:
1. sasser removal tool from microsoft
2.symantec
3. same tool from bit defender
4...from mcaffee( the tool called "stringer")
5.from kaspersky
all the tools downloaded from the respective sites.
I first ran the tools one by one in my xp which is installed at E, and all of them didnt found any infection. then i thought that may be it can be foud while running the tool in the troublesome windows( which is installed at D). For which i ran the xp at D in safe mode(as it suddenly restarts in normal mode) and ran each of the tols listed above, but they found nothing here too. One other thing, the message had come from the windows messenger service while working in xp at D, does that meant that the windows at E only was infected? i mean was the message meant for only windows on E or for the whole of computer?
and one other idea... should i not try to start the troublesome windows in normal mode while disabling the startup programes one by one in safe mode beforehand ...bcoz i suspect that it is one of the startup programe which creates the problem.
and the last thing, when i followed the message from the messenger service, i.e i was reffered to one of their webpage( www.updatepatch.info ) they had adviced me to download a patch from them (i.e. microsoft) to rectify the problem, and they demanded money for it. and then i didnt go further for their remedy.I hope that you will give me some furhter advices fr pulling me our this h***.
iqbal
#14
Posted 26 March 2005 - 12:02 PM
Log in to d: in safemode.
Right click MY COMPUTER, choose PROPERTIES< choose ADVANCED, choose the SETTINGS button in STARTUP and RECOVERY. Uncheck the RESTART AUTOMATICALLY Button.
REBOOT into D windows, normal.
You will not reboot, but you will get a big, bad Blue Screen of Death. Report back the message
#15
Posted 27 March 2005 - 09:38 AM
I havnt yet done the thing u have advised for. Before doing that, I want to ask some further information from you:
what help will i get from disabling restart, will this trick fix the problem?
will the blue screen of death debug the windows i.e. will it rectify the windows?
and finally when the restart is disabled, and windows continues with the blue screen, what should i do then, should i power off at this point?
iqbal
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users