0

Whenever I start my comp I gets this meesage (even if not connected to the internet):

This system is shutting down. Please save all work in progress and log off. Any unsaved changes will be lost. This shutdown was initiated by NT AUTHORITY\SYSTEM
---------------------
Time before shutdow :60
---------------------
Message
The system process
'C:\WINNT\system32\services.exe'
terminated unexpectedly with status code 128.
The system will now shut down and restart.

Here's my hijackthis log to see if anyone can help me fix my problem..

Logfile of HijackThis v1.97.7
Scan saved at 2:32:23 PM, on 3/25/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
C:\WINNT\system32\3Com_DMI\3CDMINIC.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\system32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv50.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\vmnetdhcp.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\INTERN~2\MEDIAKEY.EXE
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINNT\system32\LVCOMSX.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\PROGRA~1\INTERN~2\KBOSDCtl.EXE
C:\WINNT\system32\ctfmon.exe
C:\PROGRA~1\INTERN~2\KCodeMsg.EXE
C:\Program Files\America Online 9.0a\aoltray.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\PrintKey2000\Printkey2000.exe
C:\Program Files\GCN\GCN.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\WINNT\system32\taskmgr.exe
C:\Program Files\Setups\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
F2 - REG:system.ini: UserInit=C:\WINNT\regedit /s C:\pav.reg,C:\WINNT\system32\pavdr.exe,C:\WINNT\system32\userinit.exe,
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [CapFax] C:\Program Files\Classic PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [MediaKey] C:\PROGRA~1\INTERN~2\MEDIAKEY.EXE
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.exe -off
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\aim95\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [PRJMUSKEYLOG] C:\Program Files\Setups\Old SHit\VB\PSC.com\Key Logger\MUSCKEY\PRJMUSKEYLOG.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [HomeKeyLogger] C:\Program Files\HomeKeyLogger\KeyLogger.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Lock-Out] C:\Program Files\Setups\VB\Lock-DownLockOut.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [NvMixerTray] C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINNT\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [CamWizard] C:\Program Files\Common Files\Logitech\QCDRV\BIN\CamWizrd.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [BVRPLiveUpdate] "C:\Program Files\LiveUpdate\Engine\Setup.exe" -s /PATCH,/REBOOT,/SRCUPDATEC:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRPSO~1\MOBILE~1\LIVEUP~1\LISTOF~1.DAT
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\aim95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Anders Kjersem: TransBar] C:\Program Files\TransBar\TransBar.exe /NoConfig
O4 - HKCU\..\Run: [Steam] "c:\progra~1\valve\steam\steam.exe" -silent
O4 - Startup: Shortcut to KeyLogger.exe.lnk = C:\Program Files\HomeKeyLogger\KeyLogger.exe
O4 - Startup: Start GCN.lnk = C:\Program Files\GCN\GCN.exe
O4 - Global Startup: 3Com Connection Assistant.lnk = C:\Program Files\3com\Connection Assistant\bin\matcli.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NaturalColorLoad.lnk = C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
O4 - Global Startup: ShortKeys 2.lnk = C:\PROGRA~1\SHORTK~1\shortkey.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar (HKLM)
O9 - Extra 'Tools' menuitem: AOL Toolbar (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_38.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O15 - Trusted Zone: support.gcn.cx
O15 - Trusted Zone: http://support.gcn.cx
O15 - Trusted Zone: http://www.gcnforums.com
O15 - Trusted Zone: http://da.prohs.com
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://supportsoft.adelphia.net/sdccommon/download/tgctlins.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {65E7DB1D-0101-4100-BD66-C5C78C917F93} (WTDMMPVersion Class) - http://install.wildtangent.com/bgn/partners/aolim/install.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37985.2030092593
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab


Please help me.. its much appreciated..

3
Contributors
3
Replies
4
Views
12 Years
Discussion Span
Last Post by DMR
0

Welcome to DaniWeb! :) I split your post into it's own thread; we ask that you not tag onto other threads, even if the problems are similar.

Get FixBlast.exe from here:
http://securityresponse.symantec.com/avcenter/FixBlast.exe

Save the file to your Desktop

Close all the running programs before running it

Also try scanning with Stinger:
http://vil.nai.com/vil/stinger/

Save the file to your Desktop

If necessary, click the Add or Browse button to add additional drives/directories to scan. By default the C: drive will be scanned

Click the Scan Now button to begin scanning the specified drives/directories

By default, Stinger will repair all infected files found

Update your Panda antivirus and run a full system scan

Remove Newdotnet, using either Add/Remove Programs, or by getting the uninstall tool from here:
http://www.newdotnet.com/#remove

Download LSPfix from here:
http://castlecops.com/zxphoenix22/LSPFix.zip

On the opening screen, click the "I know what I'm doing" checkbox

Check any instances of "newdotnet6_38.dll" (and nothing else), and move them to the "Remove" pane

Click Finish.

This is optional, but I'd like to suggest another program for you to try, I've found it to find things most others can't. It's called CounterSpy and you can get it from here:

http://www.download.com/3000-8022_4-10337358.html

It has a 15-day free trial which will be plenty of time to get your system cleaned up, or you can purchase it for $20 (US). After you download it, install it; when asked for a registration number, just click next.

Before scanning the first time, make the following adjustments to the settings:

CounterSpy Settings

At the very top, click on File, and then Check for updates
When it’s finished updating, click the ‘Close’ button

Under ‘Spyware Scan’ on the left, click on ‘Run a spyware scan’
In the left pane, click on ‘Scan Options’
Mark ‘Full system scan’
Check all boxes under ‘Full system scan,’ including ‘Save these options’
In the right pane, near the bottom, click ‘Manage Schedule’
On the left side, select your preferred schedule options
On the right side, under ‘Scheduled Scan Options,’ check:
‘Always run a deep scan’
‘Automatically remove spyware cookies’
Click the ‘Update Schedule’ button

At the top, click on ‘System Tools’
Double-click on ‘History Cleaner’
Check the following options (if they are not grayed-out):
‘Internet Explorer History’
‘Internet Explorer Cookies’
‘Kazaa’
‘Temporary Internet Files’
Review the list for any other ‘History’ items you wish to clean
At the bottom, click ‘Remember checked’
Click on the ‘Clean History’ button
Click the ‘Yes’ button, and then the ‘OK’ button

Click ‘Back’ at the top
Double-click ‘My PC Checkup’
Click the ‘Start’ button
In the first part of the list, uncheck everything up to any ActiveX entries; the entries you uncheck can be checked later, individually, to ensure they won’t interfere with your browsing habits (for maximum protection, however, you may leave them all checked)
Leave all ActiveX entries checked
In the second part of the list ‘(Items already changed below…),’ leave all entries checked
Click the ‘Continue’ button
Click the ‘OK’ button

At the top, click ‘Spyware Scan’
On the right side, click the ‘Scan Now’ button
This will take awhile depending on the size of your drive(s), number of files, CPU, etc. (40 minutes on my computer)
When the scan is complete, use the drop-down arrow next to each entry and select ‘Remove’ (if you see any entries that you think you may wish to keep, ‘Ignore’ them for now and post them for recommendations)
Select ‘Create restore point’ if you want CounterSpy to create a Windows XP System Restore point
At the bottom, click ‘Take Action’
Click the ‘Close’ button and exit the program

Reboot

Get the latest version of hijackthis from here:
http://www.spywareinfo.com/~merijn/

Close any open browser windows, scan with the new HJT, post a new log, and let us know if the problem persists.

0

Things changed.. Progs didnt find anything at all and I cant install the counter spy cause it wont install in safemode...... so things changed: now when I start the computre... it just restarts when ever... no warning.. sometimes everything will load before restart... most of the time it wont... it just restarts shortly after the desktop shows..

0

Does the computer restart itself even when booted into Safe Mode?

By the way- you're running a pretty ancient version (1.97.7) of HijackThis. You should get the latest version (1.99.1) from the link in my sig below and use that instead.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.