Auto-Shutdown Issues

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Super_Kool

Thread Starter
Joined
Jan 10, 2006
Messages
4
Until Recently, I was able to shut down my comp or log in to my user account without a problem. But as of recently, a command prompt saying "shutdown -t 00 -s -f" pops up, and shuts down all my startup programs, and shuts down my comp.its constantly happens, and now, I have to click it shut fast enough to keep my comp from shutting down. What should I do?
 
Joined
Nov 25, 2005
Messages
437
First off, do NOT start another thread in the Security forum, with or without an HJT log file. Double-posting is a violation of the forum rules; there are several security experts who post advice for problems like yours, so don't worry about being overlooked. Once you post your HJT log HERE, we'll check it, and IF NEED BE, we'll move it to the Security forum. Again, do NOT start another thread in the Security forum; it will only cause confusion as you try to follow advice from different threads, and it will waste the time of the people advising you, because they will duplicate the work being done in the other forum. If you double-post, you will waste the efforts of techs who could be helping solve other problems, and the mods and admins frown on that.

Now that we've covered THAT issue, let's see what we're up against: Go to Start > Run, then type this in EXACTLY as I show it here (you don't need to use ALL CAPS; I used them to make this command easier to read):

NOTEPAD C:\WINDOWS\DRIVERS.BAT

and press the OK button, or press the Enter key.

That will open the "drivers.bat" file so you can read it. Please copy and paste the contents here; I want to see if your particular file is the same as all the others people are complaining about.

Most of the people who get hit with this are downloading files through Kazaa and other "file-sharing" programs. You should check the date on that file; look at it in Windows Explorer. If you don't see the date and timestamp, right-click the file and choose the Properties option, which will tell you the details, then post that information here also.

Then, download and run Hijack This; we have no way of knowing if this is the ONLY nasty thing you've picked up recently...

Follow these instructions to use HJT properly:

I'm pasting instructions for you here from a previous post, which will save me some typing:

First, download the latest version of HJTsetup.exe from this link:

http://www.thespykiller.co.uk/files/HJTsetup.exe

* Save HJTsetup.exe to your desktop.

* CLOSE ALL OPEN PROGRAMS; you can keep your browser open to these instructions, but it would be better if you printed the instructions, or copy-and-pasted them into Notepad, then closed the browser.

* Double-click on the HJTsetup.exe icon on your desktop.

* By default, it will install HJT to C:\Program Files\Hijack This.

* Continue to click Next in the setup dialog boxes until you get to the "Select Additional Tasks" dialog.

* Put a checkmark by "Create a desktop icon", then click the "Next" button.

* Continue to follow the rest of the prompts from there.

* At the final dialog box click on "Finish"; that will start the Hijack This program.

* Click on the "Do a system scan and save a log file" button. HJT will scan your system and then ask you to save the log.

* Click "Save" to save the log file, then the log will open in Notepad.

* Click on "Edit > Select All", then click on "Edit > Copy" to copy the entire contents of the log.

* Come back to this thread and paste the log in your next reply.

* DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless, or even required.

Once you've posted your HJT log, we'll advise you on what to do next.

Keep in mind that the link I've provided will give you the NEWEST version of HJT, so please take a minute to download the file (HJT is small enough to fit on a single floppy disk five or six times).

Odds are good that this will be a fairly simple fix, but we need to see an HJT log for your peace of mind.

Good luck with this; post the contents of the drivers.bat file, along with your HJT log, and we'll know what to do next.
 

Super_Kool

Thread Starter
Joined
Jan 10, 2006
Messages
4
first off, I apologize. I didn't mean to double-post. It won't happen again. Secondly, the Shutdown Command was located in the notepad file. Also, this is the hijack this log.....

ogfile of HijackThis v1.99.1
Scan saved at 9:41:45 PM, on 1/11/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MpfTray.exe
C:\Program Files\winupdates\winupdates.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\VVSN\VVSN.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFAGENT.EXE
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\America Online 9.0e\waol.exe
C:\Program Files\America Online 9.0e\shellmon.exe
C:\WINDOWS\System32\NOTEPAD.exe
C:\Documents and Settings\Kai\My Documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.insightbb.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Insight Broadband
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\MYDOWN~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\MYDOWN~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SAClient] "C:\Program Files\Insight\BBClient\Programs\RegCon.exe"
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [Drivers] C:\Windows\Drivers.bat
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] C:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0e\AOL.EXE" -b
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL/SEARCH.HTML
O8 - Extra context menu item: Download &Flash Movies - C:\Program Files\Flash2X\Flash Hunter\save.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\MYDOWN~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Flash2X Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: &Launch Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.insightbb.com
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://pictures.aolcdn.com/ap/Resources/1.1.0.31/cab/aolpPlugins.10.1.0.0.cab
O16 - DPF: {444B911E-6E55-4A11-B3E9-0D3E21AE0437} - http://www.exfol.com/v/1/i/eins005.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.5.0_01) -
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: fSGoe - {34561BFC-9EFC-B156-DC82-ECB863C110D0} - C:\WINDOWS\System32\afkisvo.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\MCAFEE.COM\PERSON~1\MpfService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
 
Joined
Nov 25, 2005
Messages
437
Well, let's get right down to it:

First off, you didn't post the contents of the DRIVERS.BAT file as I requested; please do that right away, so we can try to figure out where it came from, and hopefully advise you on how to better protect yourself in the future. See my first post for the instructions on how to open it with Notepad, so you can post it here. I realize that you OPENED it with Notepad, but I want you to copy and paste the contents here.

Next, I don't see any service packs listed in the HJT log; you really NEED to install SP2 in order to protect your system. Some people had problems with it when it was first released, but those issues have been largely overcome. SP2 improves the security of the OS, so please download and install it if you have broadband. It is almost 275MB in size, so NOT something you want to download over a dialup connection.

As long as you still have Insight Broadband, you shouldn't have any real problems downloading SP2... but dial-up is another matter completely. Of course, do NOT try to download SP2 until your system is given a clean bill of health, which is going to take a while...

Also, I hate to tell you this, but your system IS infected with a lot of nasty junk, including the about:blank homepage hijacker, the W32.Alcra.B worm, the W32/SDBOT worm, and other items I don't even recognize, and that ISN'T a good thing.

I've asked to have this moved to the Security forum, because you have so many problems to correct, and my time is severely limited right now. I'd HOPED this was ONLY a problem with DRIVERS.BAT, but as it turns out, you have some serious problems to correct.

Good luck; the TSG experts will be advising you on how to clean and protect your system, so follow their instructions, and they'll help you get everything working properly again. You have a fair amount of work ahead of you, but by the time this is over, your system will be CLEAN and MUCH better protected than it is now. You have SOME security apps installed, but not enough of them if you're going to use Windows and Internet Explorer.

Lastly, you REALLY should download and use Firefox; it is a REAL browser, not an open door for nasty ActiveX controls like Internet Explorer. Firefox is IMMUNE to attacks from ActiveX controls, unlike IE and the browsers based on IE. Unfortunately, even the AOL browser is IE under the skin, so it is just as worthless as IE itself.
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
let's start by moviung this to security

98 is the wrong forum for XP matters
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
let's start with

* Download the Trial/Demo version of Ewido Security Suite here


EWIDO DOWNLOAD

* Install ewido.
* During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
* Launch ewido
* It will prompt you to update click the OK button and it will go to the main screen
* On the left side of the main screen click update
* Click on Start and let it update.
* DO NOT run a scan yet. You will do that later in safe mode.


* Click here for info on how to boot to safe mode if you don't already know
how.


How to boot to safe mode

http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406


* Now copy these instructions to notepad and save them to your desktop. You
will need them to refer to in safe mode.


* Restart your computer into safe mode now. Perform the following steps in
safe mode:


* Now run Ewido:

* Click on scanner
* Click the Start Scan button to start the scan.
* During the scan it will prompt you to clean files, click OK
* When the scan is finished, look at the bottom of the screen and click the Save report button.
* Save the report to your desktop

Post back with a fresh HJT log and the ewido scan log

and is there any reason why you are running XP with NO updates or service packs, which leaves you wide open to all these attacks
 
Joined
Jul 26, 2002
Messages
46,349
Why do you not have any Service Packs from Windows Update installed on this computer?
 
Joined
Nov 25, 2005
Messages
437
OK, thanks; I've seen a few of those .BAT files with hidden messages included, usually indicating where the file had originated, but 95+% of them are identical to yours.

Find that DRIVERS.BAT file in the Windows folder, and DELETE it. Do NOT simply send it to the Recycle Bin; hold down the SHIFT key while you delete the file, and Windows will ask you if you're sure you want to delete DRIVERS.BAT. Holding down the SHIFT key will REALLY delete it, not simply send it to the Recycle Bin, and that isn't a file you want to EVER recover.

Also, the people who are trying to help you clean your system have asked you some questions, and you should post the answers. You've requested help here, and if you don't reply, it will seem as if you're IGNORING them, which isn't good. The people helping you really are certified security experts; they've taken time to assist you, and you shouldn't ignore them if you truly expect them to help you. They assist DOZENS of people each day, and they simply don't have time to waste if you won't cooperate.

So, answer the questions you've been asked, follow the instructions the experts provide, and you'll soon have your system working the way it should. The software they tell you to install will protect your system better than what you're using now, and you'll learn a lot during this process.

Good luck with this; you need expert help, and the TSG Security experts are just about the best you'll find anywhere.
 

Super_Kool

Thread Starter
Joined
Jan 10, 2006
Messages
4
to answer honestly, this was my sceondary comp. I bought it for an LAN setup in my office, but since my original comp, with all my copies of McAfee P.F. and Norton 2006, was stolen, everyone uses this one, and this problem started when I brought it to my home
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top