Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

NT Authority shutting down computer


  • Please log in to reply

#1
Jolly Roger

Jolly Roger

    New Member

  • Member
  • Pip
  • 3 posts
Hi all,

This is my first ever post on here, so please excuse me if I don't understand some responses as I have no real technical experience with computers.

Well to start off with, I'll explain my problem. Recently I have ridded my computer of some viruses and spyware. Most were found in quarantine from Norton. (I used AOL's AVS, a free Kaspersky to search)

I'll list a few of the ones that were found not in quarantine: win32.virtumone.bg, win32.dialer.qn, win32.small.ayg, win32.bagle.ca, win32.bagle.ir, win32.bagle.hd, win32.BHO.o, win32.alphabet.c, win32.savenow.bo. All of them where classified as Trojans. These were all detected by Kaspersky (AOL) and fixed.

My problem is now, I have a error screen popping up when I am connected to the internet (time of appearance varies) saying "Services and Controller app has encountered a problem and needs to close" Then later on a box will show saying NT Authority is shutting down the computer.

[img]http://blogs.technet.com/photos/markrussinovich/images/482381/original.aspx[img]

I have searched for this problem and it seems that it is fairly common. It was stated over and over that it was similar to the sasser or blaster virus kinds. However after scanning my computer over and over with all the updated anti-virus programs including Kaspersky, Zone-alarm and Spyware Doctor, I have found nothing. I have downloaded tools from symantec such as the blaster fix tools and many more, but to no avail. I can stop the shutdown of the computer using run and typing "shutdown -a", however this is the least of my problems.

My computer is now painstakingly slow. Actually not slow, just not responding to very simple tasks. It seems to just idle alot, and the CPU doesn't make its normal 'thinking' sound. I can't find anything obviously wrong with my computer, but there is obviously something wrong with it. I have followed pretty much every instruction on the net I could find regarding how to fix this, but none of them seem to work at all.

I can't re-format my computer because I can't back up anything, the computer just doesn't respond to vital steps required to backup and I have to shut it down at the switch.

This is my HijackThis log. I have looked through it already and have not really found anything suspicious, but I'll post it anyway.

Logfile of HijackThis v1.99.1
Scan saved at 4:04:26 PM, on 23/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [aol] "C:\Program Files\AOL\Active Virus Shield\avp.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Microsoft® JavaScript® Console - {FD8F51DD-CDD4-44FA-A380-EED73EA9C20C} - C:\WINDOWS\system32\comdlg32.ocx
O9 - Extra 'Tools' menuitem: JavaScript Console - {FD8F51DD-CDD4-44FA-A380-EED73EA9C20C} - C:\WINDOWS\system32\comdlg32.ocx
O9 - Extra button: Microsoft® JavaScript® Console - {FD8F51DD-CDD4-44FA-A380-EED73EA9C20C} - C:\WINDOWS\system32\comdlg32.ocx (HKCU)
O9 - Extra 'Tools' menuitem: JavaScript Console - {FD8F51DD-CDD4-44FA-A380-EED73EA9C20C} - C:\WINDOWS\system32\comdlg32.ocx (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O14 - IERESET.INF: START_PAGE_URL=http://www.bigpond.com/
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplane...C_2.3.6.108.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase8300.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - http://www.seagate.c.../npseatools.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5DC7460E-CF11-4297-9F8A-7437AA6262EF}: NameServer = 10.0.0.138
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CS1\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CS2\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CS3\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = qld.bigpond.net.au
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Program Files\AOL\Active Virus Shield\avp.exe" -r (file missing)
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

BTW this HJ log is not straight after logon, I have already closed some processes incase they were slowing the computer down.

If anyone could provide any info on this it would be greatly appreciated as this is the only computer I have and contains all my photos and work information. If you need any more details about the anything let me know.

Thanks,
Jacob

Edited by Jolly Roger, 23 July 2007 - 12:41 AM.

  • 0

Advertisements


#2
Jolly Roger

Jolly Roger

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Can anyone help me at all with this?
  • 0

#3
Jolly Roger

Jolly Roger

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Well don't worry guys, I had to fix it so I formated my hard drive and reinstalled windows. I lost all my files though. If this was a virus of some kind, I just want to say, if I ever meet someone who develops these for fun, I will honest to god, wring your [bleep]ing neck...

Edited by Jolly Roger, 29 July 2007 - 07:13 AM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP