1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

System restarts randomly. [HJT Log]

Discussion in 'Malware and Virus Removal Archive' started by D Bala, 2008/08/15.

  1. 2008/08/15
    D Bala

    D Bala Inactive Thread Starter

    Joined:
    2006/10/30
    Messages:
    24
    Likes Received:
    0
    I have XP MCE 2005 installed on my laptop. For some days, the system restarts/hangs automatically any time ranging from boot time to working. I have AVG antivirus and Zone Alarm Firewall installed. I am posting my HJT Log here, please suggest any solutions.. Thanks in advance..!

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:33:39 AM, on 8/16/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.17184)
    Boot mode: Normal

    Running processes:
    F:\WINDOWS\System32\smss.exe
    F:\WINDOWS\system32\winlogon.exe
    F:\WINDOWS\system32\services.exe
    F:\WINDOWS\system32\lsass.exe
    F:\WINDOWS\system32\svchost.exe
    F:\WINDOWS\System32\svchost.exe
    F:\WINDOWS\system32\spoolsv.exe
    F:\WINDOWS\Explorer.EXE
    F:\WINDOWS\RTHDCPL.EXE
    F:\WINDOWS\system32\rundll32.exe
    F:\WINDOWS\AGRSMMSG.exe
    F:\PROGRA~1\AVG\AVG8\avgtray.exe
    F:\WINDOWS\vsnp2uvc.exe
    F:\Program Files\D-Tools\daemon.exe
    F:\Program Files\Folder Guard Pro\FGKey.exe
    F:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\024h Lucky Reminder\LuckyReminder.exe
    D:\My Programs\Little Clock.exe
    F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    F:\Program Files\Bonjour\mDNSResponder.exe
    F:\WINDOWS\system32\nvsvc32.exe
    F:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    F:\WINDOWS\system32\svchost.exe
    F:\PROGRA~1\AVG\AVG8\avgrsx.exe
    F:\PROGRA~1\AVG\AVG8\avgemc.exe
    F:\WINDOWS\system32\wuauclt.exe
    F:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    \?\F:\WINDOWS\system32\WBEM\WMIADAP.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - F:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - F:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - F:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - F:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - F:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [AVG8_TRAY] F:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [snp2uvc] F:\WINDOWS\vsnp2uvc.exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "F:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [ZoneAlarm Client] "F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe "
    O4 - HKLM\..\Run: [FG_Monitor] F:\Program Files\Folder Guard Pro\FGKey.exe /Start
    O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [024h Lucky Reminder] "c:\Program Files\024h Lucky Reminder\LuckyReminder.exe" /m
    O4 - HKUS\S-1-5-18\..\Run: [PcSync] F:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [PcSync] F:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
    O4 - Startup: TransBar.lnk = F:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
    O4 - Global Startup: Little Clock.lnk = D:\My Programs\Little Clock.exe
    O8 - Extra context menu item: &Clean Traces - F:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - F:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: Append Link Target to Existing PDF - res://F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Append to Existing PDF - res://F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Download &all with DAP - F:\Program Files\DAP\dapextie2.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{56AD6E27-CD45-4AA2-BEAC-8FA9F3AAE108}: NameServer = 61.1.96.69,61.1.96.71
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - F:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: sspng - {1E8068DE-05AD-11D4-ACC8-EF447469245E} - F:\Program Files\Internet Researcher\sspng.dll
    O20 - AppInit_DLLs: avgrsstx.dll acaptuser32.dll
    O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - F:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - F:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - F:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: NMIndexingService - Nero AG - F:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: ServiceLayer - Nokia. - F:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - F:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --
    End of file - 7459 bytes
     
    D Bala,
    #1
  2. 2008/08/16
    Steve R Jones

    Steve R Jones SuperGeek Staff

    Joined:
    2001/12/30
    Messages:
    12,315
    Likes Received:
    252
    This would be something worth considering:

    Is your pc randomly rebooting itself? You can go to

    Control Panel->System icon->Advance tab->Startup & Recovery Settings button. UNcheck/disable the "auto reboot" option. Instead of rebooting you'll probably get a Blue Screen of Death (BSOD) which can be searched on for a solution.

    You can go to http://support.microsoft.com/search/?adv=1 to search on for example: STOP 0x00000050
     
    Steve R Jones,
    #2


  3. to hide this advert.

  4. 2008/08/16
    Steve R Jones

    Steve R Jones SuperGeek Staff

    Joined:
    2001/12/30
    Messages:
    12,315
    Likes Received:
    252
    A friend sent me an email when he saw your thread:

     
    Steve R Jones,
    #3
  5. 2008/08/17
    D Bala

    D Bala Inactive Thread Starter

    Joined:
    2006/10/30
    Messages:
    24
    Likes Received:
    0
    Thanks Steve for reply. I got the BSOD with following error:
    STOP c0000021a Windows subsystem system process terminated with a status of 0xc0000005(0x7c911f52 0x006cee4c)
    I searched google for this problem and found that system services "csrss.exe" or "winlogon.exe" might be facing problems and closing abnormally, causing this problem. I tried to generate the debugging information of crash with drwtsn32.exe but there were no dump files in specified folder after 2 subsequent crashes.. the BSOD also didn't appear during these crashes.
    Then I started uninstalling newly installed/updated programs and the problem was resolved after uninstalling Zone Alarm.
    I then searched for any Zone Alarm update. There was one and now my system is working fine with all the programs along with updated Zone Alarm.
    Thanks for your suggestion Steve, but one thing I still did not understand that Why BSOD was not appearing after each crash after turning off the automatic windows restart.... I got it only once..
     
    D Bala,
    #4

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...