Page 1 of 2 12 LastLast
Results 1 to 10 of 15
  1. #1
    Member strangedream's Avatar
    Join Date
    Oct 2005
    Posts
    19
    Points
    0

    Default computer shuts down by itself

    Hello, here is the deal my computer shuts down by itself. Sometimes this small popup shows up and starts a countdown from 30 seconds until my computer shuts off. It says something like "this shutdown was initiated by DJDX401/MYNAME.

    At other times my computer just crashes and this blue screen shows up and says something like" dumping random access memory, dumping complete...If this happens again please call you system administrator". I am not sure if the two are related.

    The first problem is what I am concerned about the most at the moment, so if you could lend a helping hand that would be cool. Maybe this Hijack log will help.thanks


    Logfile of HijackThis v1.99.1
    Scan saved at 4:33:20 AM, on 12/23/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\hkcmd.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0BIC1.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\Program Files\PeerGuardian2\pg2.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\WinRAR\WinRAR.exe
    C:\DOCUME~1\STEPHE~1\LOCALS~1\Temp\Rar$EX00.843\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0BIC1.EXE /P23 "EPSON Stylus C62 Series" /O6 "USB001" /M "Stylus C62"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
    O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/pro...tor/WebAAS.cab
    O16 - DPF: {BDD2F926-8158-4F62-9E0D-B3B75FD1F07F} (McObjectFactory Class) - http://download.mcafee.com/molbin/sh...,2/mcmysec.cab
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

  2. #2
    Member
    Join Date
    May 2004
    Posts
    26
    Points
    3

    Default

    The spyware forum and HJT help is closed until 3 Jan 06 -

    However, to stop the PC from shutting down. Go to start>Programs>Accessories>Cmd Prompt> enter this command

    shutdown -a
    note the space before the -a

    This should stop the PC from shutting down.

    Run the one line scans, PandaSoft and Housecall again.

    Also strongly suggest that you go to the M$ site and check for updates. It is time for you to install SP2 !

    MM

  3. #3
    Member strangedream's Avatar
    Join Date
    Oct 2005
    Posts
    19
    Points
    0

    Default

    Oops, sorry about that one. thanks for your help considering the time constraints

    cheers

  4. #4
    Member Help2Go Moderator
    Join Date
    May 2003
    Location
    Boston, MA USA
    Posts
    2,994
    Points
    931

    Default

    Go into start menu > control panel > administrative tools > double click "event viewer". Once the event viewer opens click the "system" section. On the right side under source look for "user32" and double click it. There should be some information about what invoked the shutdown routine if you wouldn't mind passing that on. It shouldn't happen unless someone told it to or if you have a virus. Also, are you connected to a network with this computer? Somebody might be having fun with you.

    Partie™

  5. #5
    Member strangedream's Avatar
    Join Date
    Oct 2005
    Posts
    19
    Points
    0

    Default

    Hi yeah Im connected to a Network. When I click on Event viewer>system it says 2,666 events. I dont know if these are dangerous but most of them say:

    Type:Information
    Source:Service Control Manual
    Category:None
    User:N/A, however sometimes it has my name
    ComputerJD8CX41


    thanks

  6. #6
    Member Help2Go Moderator
    Join Date
    May 2003
    Location
    Boston, MA USA
    Posts
    2,994
    Points
    931

    Default

    DO you see any in the list from a source of User32? Take a look around the time you see the message the computer is shutting down.

    Partie™

  7. #7
    Member strangedream's Avatar
    Join Date
    Oct 2005
    Posts
    19
    Points
    0

    Default

    I sure do, what does it mean?

    thanks for helping me out by the way

  8. #8
    Member Help2Go Moderator
    Join Date
    May 2003
    Location
    Boston, MA USA
    Posts
    2,994
    Points
    931

    Default

    When you see the stuff listed, look for items that have a source of User32, when you see it, double click it and then a new information window will popup. Give me that info.

    Partie™

  9. #9
    Member strangedream's Avatar
    Join Date
    Oct 2005
    Posts
    19
    Points
    0

    Default

    User:NT AUTHORITY\SYSTEM
    Computer: DJD8CX41

    The process winlogon.exe has initiated the restart of DJD8CX41 for the following reason: No title for this reason could be found

    Minor reasonxff
    Shutdown type:shutdown

    Comment: for more info see help and support center

  10. #10
    Member Help2Go Moderator
    Join Date
    May 2003
    Location
    Boston, MA USA
    Posts
    2,994
    Points
    931

    Default

    UPdate your Avast antivirus virus definitions by right clicking the blue globe with the A in it next to your computer clock and select "updates" and then "iAvs". Next, schedule a boot time scan. YOu have windows xp service pack 1 and you're possibly infected by the blaster virus. If that doesn't pick anything up, get a free local firewall for your computer like zonealarm so if someone is doing it from the network they aren't allowed to anymore.

    Partie™

Page 1 of 2 12 LastLast