Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

XP rebooting at random intervals


  • Please log in to reply
5 replies to this topic

#1 superfuzz

superfuzz

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:02 AM

Posted 15 March 2005 - 07:25 AM

Hello,

I'm having serious problems with my operating system (XP Professional), everytime i boot up the system it will reboot itself at random intervals around 1-5 minutes depending on if i try to run a program or not (if i do it will restart, if not it will by itself in a few minutes). I have tried system restore..the system restores restarts and then tells me that it wasnt able to restore and is returning to normal settings. I have also tried running microsoft spyware and ad-aware in safe mode, i deleted those malicious files but the same problem persists. I have also tried a virus scan, but the system restarts not too long into the scan, also i have tried running it in safe mode but it doesnt work.

Now each time the pc restarts and loads up again Windows tells me it has recovered from a serious error and these messages come up


Error Signiture:
BCCode : 1000008e BCP1 : C0000005 BCP2 : F7BBE459 BCP3 : B2AAAB58
BCP4 : 00000000 OSVer : 5_1_2600 SP : 0_0 Product : 256_1

Techical Information:
C:\WINDOWS\Minidump\Mini031505-08.dmp
C:\DOCUME~1\ROB\LOCALS~1\Temp\WER1.tmp.dir00\s


I had trouble even registering to these forums, the pages wouldnt load in normal mode, either would msn but they do in safe mode. The only thing i can think of which may have caused the problem, is that i went to a website and microsoft spyware and my anti-virus went crazy detecting all kinds of things, i blocked and deleted all of them but since then this problem has been occuring.

I'm all out of ideas and wondering if anyone knows what this is or what i can do..


Here is a Hijack This log in case it might help


Logfile of HijackThis v1.99.1
Scan saved at 11:33:00 PM, on 15/03/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\Trend Micro\Internet Security\pccguide.exe
C:\Program Files\Trend Micro\Internet Security\PCClient.exe
C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe
C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
C:\Program Files\Hijack This\HijackThis.exe

O1 - Hosts: http://213.159.117.133/dkprogs/hosts.txt
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa Lite\Kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Microsoft AntiSpyware helper - {7CA87E5A-6123-4A6C-AC88-18CE3BEB1E39} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {7CA87E5A-6123-4A6C-AC88-18CE3BEB1E39} - (no file) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted IP range: 67.19.178.84
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/common/Member/ClientIn...2/OCI/setup.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by23fd.bay23.hotmail.msn.com/resources/MsnPUpld.cab
O20 - Winlogon Notify: drct16 - C:\WINDOWS\SYSTEM32\drct16.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Trend Micro Personal Firewall (PccPfw) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\tmproxy.exe

Edited by superfuzz_bigmuff, 15 March 2005 - 07:39 AM.


BC AdBot (Login to Remove)

 


m

#2 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:03:02 AM

Posted 15 March 2005 - 08:07 AM

This might be a driver problem. Generally a video adapter problem might cause this under Windows XP. Check the history of your installations.
Have you added a scanner driver that does not support windows xp pro?
Most probably this could be some hardware with a wrong driver problem.

Edited by Enthusiast, 15 March 2005 - 08:09 AM.


#3 superfuzz

superfuzz
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:02 AM

Posted 15 March 2005 - 08:11 AM

I havent installed any new hardware, the only changes i've made to the system at all is the installation of a few new programs (nero and adobe premiere pro), also directx 9.0 was installed with premiere

#4 acklan

acklan

    Bleepin' cat's meow


  • Members
  • 8,529 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Baton Rouge, La.
  • Local time:02:02 AM

Posted 15 March 2005 - 08:32 AM

This could also be a heat (cooling) issue . Check your fans to make sure they are working , also so that lent is not clogging the cooling fins on the processor . Dirty machines lead to failure .






acklan
"2007 & 2008 Windows Shell/User Award"

#5 superfuzz

superfuzz
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:02 AM

Posted 15 March 2005 - 09:55 AM

I dont think its this, because it shutsdown at specific times i've found... such as when i do a virus scan it gets to a certain spot and crashes..

Also when i boot normally it doesnt allow me to access certain webpages such as the login to this site, only in safe mode. Also programs such as msn do not work, it crashes aswell

#6 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,522 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:02 AM

Posted 15 March 2005 - 11:30 AM

You've got a very mean and nasty piece of malware on your system causing this and removal isn't easy. With just a little bit of research it appears to be a new version of Haxdoor/Horseserver.

According to this partial removal that must have happened with MS Antispyware and other security apps, will cause those crashes. And something else you should know from that thread.

Symptoms:
Disables a range of firewalls.
Disables or crashes a range of antivirus products.
Collects confidential information from Windows (i.e. passwords).
Opens certain ports for an intruder to collect files.
Redirects you browser to a range of websites.
Not possible to remove trojan/virus files in failsafe mode.
Reinstalls after partial removal.
Crashes windows and reebots if only the virus/trojan files are removed.


We have an anylasys of the infection in a self-help guide, but I think it is an older variety (not sure as I've not had time to look into it too deeply) and as you will notice it is not a specific removal tutorial.
http://www.bleepingcomputer.com/forums/t/10501/horseservernet-klikfeedcom-backdoorhaxdoord-analysis/

You can try to remove it yourself if you want, but I would advise against it. Your best bet is to make a new HJT log and post it in the proper forum where you will get assistance from our highly trained HJT Team. Posting in this forum is not a good idea. I would move it over there, but you've gotten too many replies here as it is. Click this link, and post your log there please.
http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/

Also post a link to this thread to give the helper some background to your problem.

Alternatively, since you are runinng a completely unpatched version of XP and two P2P programs, and since you will need to change all your passwords that have been stolen anyway, if it was me, I would order the SP2 CD and after it arrives reformat/reinstall Windows XP, then immediately install SP2, install security software and stay away from the dirty P2P apps like Kazaa and Limewire. But it really doesn't matter, running any P2P is high risk for these type infections anyway.

The fate of all mankind, I see

Is in the hands of fools

--King Crimson





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users