Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hidden process causing reboot fail.


  • Please log in to reply
15 replies to this topic

#1 MAL1

MAL1

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:14 AM

Posted 03 November 2013 - 02:42 PM

Hello everybody. I have been messing with this problem all week. There appears to be no real way to key word it so as to find others with this problem - and - thus, a solution.

A standard Windows shut down or reboot via the GUI will fail because a three character program/process will need forced closed. The name for this program is always different (eg: b28, 35c, f78, c08, a14, and so on).
This is not normal behavior. I have ran AVG, MS Security Essentials, Malwarebytes Anti-malware and Anti Root Kit Beta and Kaspersky TDSS Killer to no avail.

The program is hidden and I can not find it in the process list of task mgr, computer management or search by name for the file with hidden file search on.

The only time the computer rebooted without forcing this process down was when I rebooted Kaspersky TDSS Killer to find loaded modules but it took a while. It also took three tries to get Kaspersky to load this way, but when it did, it found nothing.

I prefer to get to the bottom of things as opposed to using system restore - else I never learn new and important information. This is the first time I have been unable to fix a windows problem since Windows 3.11.

I am sure I am not the only person with this problem. Has anybody here heard of something like this?

BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 56,426 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:02:14 AM

Posted 03 November 2013 - 02:59 PM

Please download MiniToolBox  , save it to your desktop and run it.

 

Checkmark the following checkboxes:

  List last 10 Event Viewer log

  List Installed Programs

  List Users, Partitions and Memory size.

 

Click Go and paste the content into your next post.

 

Also...please Publish a Snapshot using Speccy - http://www.bleepingcomputer.com/forums/topic323892.html/page__p__1797792#entry1797792 , taking care to post the link of the snapshot in your next post.

 

Louis



#3 MAL1

MAL1
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:14 AM

Posted 03 November 2013 - 04:26 PM

Here is the first info. And thank you for the assistance!

MiniToolBox by Farbar Version: 13-07-2013
Ran by mml (administrator) on 03-11-2013 at 15:23:46
Running from "C:\Documents and Settings\mml\Desktop\stuff"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/03/2013 09:51:18 AM) (Source: Application Hang) (User: )
Description: Hanging application {8FC7992A-4F41-42B4-974E-38977CF7D9F0}.exe, version 3.0.0.16, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (11/03/2013 08:44:06 AM) (Source: Application Hang) (User: )
Description: Hanging application tdsskiller[1].exe, version 3.0.0.16, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (11/01/2013 09:23:27 AM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (11/01/2013 09:23:26 AM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (11/01/2013 09:23:25 AM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (11/01/2013 09:23:25 AM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (11/01/2013 09:23:19 AM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (10/31/2013 09:01:31 AM) (Source: Application Hang) (User: )
Description: Hanging application spywareblaster.exe, version 5.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (10/31/2013 09:01:30 AM) (Source: Application Hang) (User: )
Description: Hanging application spywareblaster.exe, version 5.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (10/31/2013 09:01:29 AM) (Source: Application Hang) (User: )
Description: Hanging application spywareblaster.exe, version 5.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (11/03/2013 02:13:43 PM) (Source: Service Control Manager) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
%%1053

Error: (11/03/2013 02:13:43 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.

Error: (11/03/2013 10:50:33 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
iaStor

Error: (11/03/2013 10:50:18 AM) (Source: Service Control Manager) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
%%1053

Error: (11/03/2013 10:50:18 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.

Error: (11/03/2013 10:05:02 AM) (Source: Service Control Manager) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
%%1053

Error: (11/03/2013 10:05:02 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.

Error: (11/03/2013 09:28:11 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
iaStor

Error: (11/03/2013 09:28:00 AM) (Source: Service Control Manager) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
%%1053

Error: (11/03/2013 09:28:00 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.


Microsoft Office Sessions:
=========================
Error: (11/03/2013 09:51:18 AM) (Source: Application Hang)(User: )
Description: {8FC7992A-4F41-42B4-974E-38977CF7D9F0}.exe3.0.0.16hungapp0.0.0.000000000

Error: (11/03/2013 08:44:06 AM) (Source: Application Hang)(User: )
Description: tdsskiller[1].exe3.0.0.16hungapp0.0.0.000000000

Error: (11/01/2013 09:23:27 AM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (11/01/2013 09:23:26 AM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (11/01/2013 09:23:25 AM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (11/01/2013 09:23:25 AM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (11/01/2013 09:23:19 AM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (10/31/2013 09:01:31 AM) (Source: Application Hang)(User: )
Description: spywareblaster.exe5.0.0.0hungapp0.0.0.000000000

Error: (10/31/2013 09:01:30 AM) (Source: Application Hang)(User: )
Description: spywareblaster.exe5.0.0.0hungapp0.0.0.000000000

Error: (10/31/2013 09:01:29 AM) (Source: Application Hang)(User: )
Description: spywareblaster.exe5.0.0.0hungapp0.0.0.000000000


=========================== Installed Programs ============================

Adobe Flash Player 10 Plugin (Version: 10.3.181.26)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Reader 7.0.8 (Version: 7.0.8)
Adobe Shockwave Player (Version: 11)
Apple Application Support (Version: 1.4.1)
Apple Mobile Device Support (Version: 3.3.1.3)
Apple Software Update (Version: 2.1.3.127)
AVG 2012 (Version: 12.0.3222)
AVG 2012 (Version: 12.1.2242)
AVG 2012 (Version: 2012.1.2242)
Bonjour (Version: 2.0.4.0)
Browser Address Error Redirector (Version: 1.00.0000)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Dell Driver Reset Tool (Version: 1.02.0000)
Dell Network Assistant (Version: 3.0.0.0)
Dell Support Center (Version: 1.0.07192)
DellSupport (Version: 6.0.3075)
D-Link Wireless N USB Adapter DWA-130 (Version: 1.0b31)
High Definition Audio Driver Package - KB835221 (Version: 20040219.000000)
Intel® PRO Network Connections 12.1.12.0 (Version: )
iTunes (Version: 10.1.2.17)
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
LaserJet 1020 series
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Office 2000 SR-1 Professional (Version: 9.00.3821)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.3.0219.0)
Microsoft Security Essentials (Version: 4.3.219.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6.0 Parser (KB933579) (Version: 6.10.1200.0)
NVIDIA Control Panel 296.10 (Version: 296.10)
NVIDIA Drivers
NVIDIA Graphics Driver 296.10 (Version: 296.10)
NVIDIA Install Application (Version: 2.1002.62.312)
NVIDIA nView 136.18 (Version: 136.18)
NVIDIA nView Desktop Manager (Version: 6.14.10.13550)
NVIDIA PhysX (Version: 9.12.0213)
NVIDIA PhysX System Software 9.12.0213 (Version: 9.12.0213)
NVIDIA Update 1.7.11 (Version: 1.7.11)
NVIDIA Update Components (Version: 1.7.11)
PowerDVD (Version: 7.0)
QualxServ Service Agreement (Version: 1.11.0000)
QuickTime (Version: 7.69.80.9)
RCA Digital Voice Manager 5.0.3.1
Realtek High Definition Audio Driver
Skype™ 5.10 (Version: 5.10.116)
Sonic Activation Module (Version: 1.0)
SpywareBlaster 5.0 (Version: 5.0.0)
System Requirements Lab
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2447568) (Version: 1)
Update for Windows Internet Explorer 8 (KB971930) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB976749) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB2863058) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VC 9.0 Runtime (Version: 1.0.0)
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live installer (Version: 12.0.1471.1025)
Windows Live Messenger (Version: 8.5.1302.1018)
Windows Live Sign-in Assistant (Version: 5.000.818.6)
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3 (Version: 20080414.031525)
ZoneAlarm Firewall (Version: 11.0.768.000)
ZoneAlarm Free Firewall (Version: 11.0.768.000)
ZoneAlarm LTD Toolbar
ZoneAlarm Security (Version: 11.0.768.000)
ZoneAlarm Security Toolbar (Version: 1.8.22.0)

========================= Memory info: ===================================

Percentage of memory in use: 51%
Total physical RAM: 1534.1 MB
Available physical RAM: 747.27 MB
Total Pagefile: 2919.87 MB
Available Pagefile: 2163.02 MB
Total Virtual: 2047.88 MB
Available Virtual: 1971.06 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:74.44 GB) (Free:38.78 GB) NTFS

========================= Users: ========================================

User accounts for \\V400

Administrator Guest HelpAssistant
mml SUPPORT_388945a0 UpdatusUser


**** End of log ****

#4 MAL1

MAL1
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:14 AM

Posted 03 November 2013 - 05:00 PM

Here is the snapshot: http://speccy.piriform.com/results/JVQeE5P40Ca3A78k1VvFZll

and thanks again.



#5 hamluis

hamluis

    Moderator


  • Moderator
  • 56,426 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:02:14 AM

Posted 03 November 2013 - 06:21 PM

First thing I see...you have two AV programs installed.  Please uninstall everything (AV and toolbar) related to AVG and leave Microsoft Security Essentials as your AV.

 

Then run the chkdsk /r command on the Windows partition.

 

I see that you already uninstalled Spybot so those errors mean nothing.

 

Louis



#6 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:08:14 AM

Posted 03 November 2013 - 07:09 PM

I would also recommend that you remove Zone Alarm, as that also can cause issues so essentially you have 3 virus scanners installed.

#7 MAL1

MAL1
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:14 AM

Posted 03 November 2013 - 10:57 PM

OK. AVG is out. Chkdsk /r is running now. Does the firewall in windows now stop outbound traffic like the free Zone alarm? I do like to keep tabs on what phoning home.



#8 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:08:14 AM

Posted 03 November 2013 - 11:02 PM

Do you use a router along with your broadband connection?

#9 MAL1

MAL1
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:14 AM

Posted 03 November 2013 - 11:21 PM

Yes. A Netgear.  Chkdsk is complete - the volume is clean.



#10 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:08:14 AM

Posted 03 November 2013 - 11:23 PM

I would use your router as a firewall it is far better then any software router can do.

#11 MAL1

MAL1
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:14 AM

Posted 04 November 2013 - 09:27 AM

OK, I turned off Zone Alarm and outbound traffic was not stopped by any software/hardware on my computer or network.
I run Leak Test from Gibson Research Corporation to verify this. However, my router is great at not responding to outside probes.

But...The hidden program is still running. Could it be a leftover from running AVG & MS Security at the same time?

#12 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:08:14 AM

Posted 04 November 2013 - 09:29 AM

What is the hidden program, can you download Process Explorer and take a screenshot of the first screen with the "hidden" application shown?

#13 MAL1

MAL1
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:14 AM

Posted 04 November 2013 - 01:29 PM

OK. Process Explorer was informative, but the program, called this time "bd4" did not show up in the list. However, the little target icon that you place over windows that are on the screen was helpful.

 

When I tried to reboot the computer, a window with the program name in the title bar would show up. the dialog box would have an animated blue bar indicating that it was shutting down and two buttons at the bottom: "end now" & "cancel". If I did not click "end now", the program would never close.

 

When I put the target icon on that window, it indicated that the process associated with the window was "Client Server Runtime Process".

 

Yea, so I didn't has the ability to get a screen shot - so I downloaded Gadwin PrintScreen. The program was zipped & I had no program on this computer to unzip it, so I downloaded 7zip. After the 7zip install, I forced a reboot.

 

As the system came back up, Zone Alarm asked if iTunes Helper could connect to the internet - I clicked "allow".

 

The hidden program problem that I was about to capture with the print screen function - along with the Process Explorer window - didn't happen. I tried twice to reboot and the computer just rebooted - no fuss.

 

Maybe iTunes Helper's inability to do its job was the hangup?



#14 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:08:14 AM

Posted 04 November 2013 - 05:37 PM

Probably, and I would highly recommend that you discontinue using Zone Alarm, and use your router as a firewall. Zone Alarm has been notorious for causing issues since the early 2000's and a lot of people have ditched it.

#15 MAL1

MAL1
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:14 AM

Posted 06 November 2013 - 09:09 PM

OK, problem still solved. Looks like an oversight on Zone Alarm (my fault as I am fixing my son's computer) but really - does iTunes' programs have to be that assertive? Is that behavior modifiable?

 

As far as Zone Alarm- I really need the computers to give me info on outbound traffic. I've been using ZA for nearly a decade - it was a bigger headache early on - especially in a network setting. I would switch to an easier one but I don't know of any. (sorry - off topic)






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users