Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spontaneous Reboot Problem(s)


  • Please log in to reply
16 replies to this topic

#1 Scientist

Scientist

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 22 November 2006 - 06:08 PM

One caveat; at the moment I don't have access to the computers I'm having trouble with, I'm at my inlaws. I'm looking for things to try when I get back home in a few days. Also, my apologies for this long message, but I'm trying to provide enough info for diagnosis since I'm stumped.

Anyway, a couple of weeks ago we got a computer custom built and shipped to us by a small outfit we've used before. Its got an Intel Core 2 Duo E6600 processor, Intel motherboard, 2Gb of 800 MHz DDR SDRAM, Nvidea 7900 GS graphics card, dual Western Digital SATA hard drives (operating in Raid 1, mirroring, my first experience with that) and Belkin wireless card, running XP Pro. It was to replace our previous system, a ~5 year old Pentium 4, Intel motherboard, 1Gb RAM, ATI 9600 graphics card, connected to a cable modem and Belkin pre-N router along with an HP 722C printer and Epson Perfection 636 SCSI scanner and running XP Home. For the SCSI scanner we were using old Windows 2000 drivers since Epson never put out XP drivers for it.

New computer arrived, we set it up in another room and started transferring files. The wireless card failed to arrive with it, so it wasn't on the internet at this time. Any time we were transferring large files, either from memory stick or CD, it would sometimes spontaneously reboot; the screen would go dark, it would reboot, and everything would look fine, no error messages before or after. It also did this sometimes when the drive was accessed, such as opening up Solitaire. We sent it back, the maker said when he pulled the dual RAID drives and put one in of the same model the problem went away, but when he kept doing diagnosis he decided it was the memory. He replaced the RAM, said the problem was fixed, and sent it back.

We set it up, it seemed to be fine for a couple of days as we installed software and transferred files and browsed the internet via wireless, so it went into place of our old P4 machine. I was hoping we could get by with a better AV solution than Nortons, which has gotten pretty bloated, so we checked at Shields Up and found that our router firewall protection was quite good and didn't install any AV programs at this point. Out went the wireless card, in went the SCSI card, and the computer went into our P4s place of honor. We rolled IE7 back to IE6 as IE7 has problems with Juno, got the SCSI drivers installed, and got a few final drivers/programs in place, when the new computer started rebooting spontaneously again, same as before, though this time sometimes it even seemed to be when the hard drives weren't in use, i.e. just looking at the screen and maybe using a mouse.

New computer back to the other room, back to its original hardware, old one back into its place, and the new computer is having more and more reboot frequency. Its impossible to run an antivirus check online on it, as it always reboots.

Meanwhile, and more ominously, the OLD computer started rebooting as well. It had had some issues over the last few months, which is one reason we were replacing it. In particular, we'd been swapping IDE cables around, and sometimes it couldn't recognize one of the hard drives with certain cables. Then the floppy drive connection also stopped working, we tried 2 different floppy drives, so we were wondering about the IDE motherboard connections. After increasing reboot problems over a day or so, while my wife was running Nortons checks, defrags, etc, finally this computer stopped booting entirely. It gave a message "Failure of boot drive" first, then next try it hung up at the cursor during POST.

So I can come up with these possibilities, though all seem rather remote; if anyone else has things to suggest or try, I'd be happy to hear them.

1. Malware. Some virus got on somehow; we don't go to many web sites, the old computer has Nortons, updated daily, and saw nothing, and Shields Up showed our computers were well protected, but thats no guarantee NOTHING could get on of course. Since all the files were copied between the computers in the process of this, obviously there is good chance for transmission.
2. Coincidence. Maybe the new computer has a problem other than the memory the vendor replaced, which has returned. Meanwhile the possible(?) hardware problems on the old computer could have caused it to develop the same symptoms and fail right around the same time, with all the handling and plugging/unplugging of stuff. I'm suspicious of coincidence, but each explanation is plausible.
3. Recent XP update incompatibility. Both computers have had IE7 rolled back to IE6 (the old one weeks ago), maybe some very recent XP update doesn't like that? Or doesn't like the old Windows 2000 SCSI driver we used for the scanner, even though we've now uninstalled it from both computers?
4. Common hardware. Some kind of funky cable modem/wireless router problem that could have spread to both computers, or a hardware problem with the printer/SCSI card/scanner since both were installed on these computers recently that shorted out something on the motherboards? No problems running them on the old computer for months though.

Thanks for input anyone.

BC AdBot (Login to Remove)

 


#2 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:07:34 PM

Posted 23 November 2006 - 07:32 AM

1) Try some good online (free) scans to ensure that all systems are clean. Frankly I don't have much faith in the Norton products these days - having seen too many systems with it recently that have viruses on them (this isn't necessarily the program's fault - it could be due to other reasons).

Here's the scan that I recommend: http://safety.live.com Choose the "Full Service Scan"

2) Check the Event Viewer for error messages occurring around the time of the shutdown (Here's a HowTo: http://www.bleepingcomputer.com/forums/t/40108/how-to-use-event-viewer/ ). Error messages will give us a clue about what's happening - the absence of error messages will tell us that the problem is occurring where Windows can't recognize it (so it's likely a low-level hardware error - either bad hardware or bad drivers). Since viruses can also cause this, it's essential that we rule them out with the online scan first, before proceeding with the troubleshooting.
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#3 Scientist

Scientist
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 24 November 2006 - 06:19 PM

Thanks Usasma; if I can get through an AV scan without a reboot, I'll try that first on the new computer, if it reboots I'll check the log as you suggest.

Any thoughts on the older P4 computer thats now hanging at the cursor early in the boot? All I can come up with is put a new hard drive in, format and install XP, then look at the previous C drive to see what I can recover.

If its having reboot problems even with a new drive, then I suppose I have to consider the motherboard shot. Unless there are hardware tests I can run (IDE I/O tests maybe?) I can run without it booting successfully.

#4 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:07:34 PM

Posted 25 November 2006 - 08:36 AM

Maybe you can set your AV scanner to only scan limited portions of you hard drive. That way you can get a scan done, then move on to another section? (probably won't work with the Live Scanner - although it's pretty flexible).

I've got some eye problems - so the longer posts aren't real easy for me to read (hence my avatar). I completely missed the older P4 problem - sorry!

I'd suggest downloading some tools from the hard drive manuafacturer's website to test the status of the drives from a boot disk.

But, I think that it's too much of a coincidence that once you started transferring files that the new system developed problems similar to the old one. I suspect that it's most likely an undetected virus that's causing this behavior - although it could also be hardware driver issues.

Any luck finding anything with the Event Viewer? You can also look in Device Manager for any problems with the devices (go to Start...Run...and type in "devmgmt.msc" (without the quotes) and press Enter). Let us know any errors that you find in either area.

Edited by usasma, 25 November 2006 - 08:38 AM.

My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#5 Scientist

Scientist
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 25 November 2006 - 01:35 PM

I've got some eye problems - so the longer posts aren't real easy for me to read (hence my avatar). I completely missed the older P4 problem - sorry!

But, I think that it's too much of a coincidence that once you started transferring files that the new system developed problems similar to the old one. I suspect that it's most likely an undetected virus that's causing this behavior - although it could also be hardware driver issues.

Any luck finding anything with the Event Viewer? You can also look in Device Manager for any problems with the devices (go to Start...Run...and type in "devmgmt.msc" (without the quotes) and press Enter). Let us know any errors that you find in either area.


Yeah, I know my post was very long; sorry about that, but I couldn't think of much to cut out that wouldn't remove info that might be useful. I'm sure a lot of folks didn't read it because it was so long.

I'm also suspicious of the coincidence, and if it weren't for the fact that both computers ALSO had recent hardware problems I'd be sure it was software as well. With that recent history, I'm on the fence.

I won't be able to actually run any diagnostics till I get home to the two computers Sunday afternoon. At that point I may not have web access though, depending on if they get going, so I'm trying to collect ideas in advance.

Similarly, if the motherboard on the P4 does turn out to be fried, can anyone suggest a reliable new motherboard/chipset that has two IDE ports, an AGP slot and uses PC133 SDRAM memory, so we can reuse our other components? I may not be able to shop after I get home.

#6 TheTerrorist_75

TheTerrorist_75

  • Members
  • 645 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Fulton, NY &gt; Snow country.
  • Local time:07:34 PM

Posted 25 November 2006 - 02:21 PM

For one just having a firewall will not protect you. You need an anti-virus program with Windows.

Second for the rebooting;

1. Right-click My Computer, and then click Properties.

2. Click the Advanced tab.

3. Under Startup and Recovery, click Settings to open the Startup and Recovery dialog box.

4. Clear the Automatically restart check box, and click OK the necessary number of times.

5. Restart your computer for the settings to take effect.

Third, as soon as you can get it to stop rebooting I would follow the directions in the following link and post a HijackThis log to determine if your system is infected, which it most probably is.

HijackThis Logs and Analysis

For an advanced online scanner use: http://www.virustotal.com/en/indexf.html
I am a transplant survivor.

Get Your Donor Card

#7 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:06:34 PM

Posted 25 November 2006 - 02:40 PM

Have you looked in the device manager to see if there are any yellow or red warning icons displayed?

Make sure the Ram is installed properly and firmly seated. I am assuming you have four sticks of 512mb? Are they identical - matched? They must be if they are to work properly. Try removing one stick from each channel and seeing if that affects the problem. If not, switch, or even better -
If you can, run one of the Ram tests (again with 512mb in each channel) and then switching the Ram if no errors are found. Run for at least several hours - overnight is even better:

RAM tests

http://www.simmtester.com/page/products/doc/download.asp
http://oca.microsoft.com/en/windiag.asp (can be used with a cd)
http://www.memtest.org/
http://www.memtest86.com/

How is your page file set up?

#8 Scientist

Scientist
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 25 November 2006 - 05:02 PM

Have you looked in the device manager to see if there are any yellow or red warning icons displayed?

Make sure the Ram is installed properly and firmly seated. I am assuming you have four sticks of 512mb? Are they identical - matched? They must be if they are to work properly. Try removing one stick from each channel and seeing if that affects the problem. If not, switch, or even better -

How is your page file set up?


Device manager on the new computer wasn't showing any problems (I can't check again here, visiting the inlaws). Memory was two sticks of 1 GB each, brand new, same brand/type, put in to replace the first memory which the person who built the computer decided were faulty the first time we mailed the computer back. I may try removing 1 stick at a time to see if it makes any difference, same with the two RAID drives, I'll trywith one at a time on those to see if anything changes. Then I'll try the memtest sites you recommended, since that will take awhile.

I'm not sure how the page file is (or should be) set up, how do I look at that?

In response to Windows Terrorist, the old computer (now apparently dead) had Nortons antivirus, updated every few days. I was hoping to put something less system hogging on the new computer, but didn't get that far before it started rebooting. It did have Foxie antivirus, put on by the company that built the new computer, which I don't know much about but hoped would hold me till I got AntiVir or AVG on there.

Hmm, some searching I just did on Foxie tells me the firewall part of it may have NSIS malware; no reports of it causing reboots though, just popups, or of it migrating to another computer from copied documents, and it may just be the antivirus part of it I've got. Still, I'll have to look specifically for that when I get back.
If so, I'll have words with the company that built the new computer. :thumbsup:

#9 Scientist

Scientist
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 26 November 2006 - 07:13 PM

Home at last, to update the situation now that I have access to the computer.

Computer still reboots with either hard drive by itself, so its not the Raid Mirroring or drive synchronization, darn it.


Got through one AntiVir scan on one of the mirrored drives, nothing found other than a few files it couldn't open that looked like system files, other attempts on either drive have caused reboots, same with trying the SafetyLive site

I checked for the Foxie worm files (based on other forum posts) and didn't find them on my computer, so maybe this version doesn't have it? I'd hope not, since it came from the computer builder.

Hijackthis log is below; I'll also post the Event Viewer log in a separate post, since they are each long. Hijackthis from the web caused a reboot, but I was able to run the downloaded version.

Logfile of HijackThis v1.99.1
Scan saved at 6:57:17 PM, on 11/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Foxie Suite\StartFoxie.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\DOCUME~1\Greg\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: FoxieToolbar Class - {432CAE3B-690F-4C3B-BD97-070EBDA210D5} - C:\Program Files\Foxie Suite\foxietoolbaru.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: FoxieSecurityModule Class - {C65185B1-D52B-44A9-861F-8201B50D1F37} - C:\Program Files\Foxie Suite\foxiecoreu.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Foxie - {09C02180-3B46-4CD8-83FF-34DAF442BDEF} - C:\Program Files\Foxie Suite\foxiecoreu.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [StartFoxie] C:\Program Files\Foxie Suite\StartFoxie.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Desktop Search - {306BBB66-D9E4-4481-833E-C1D5FCA06774} - C:\Program Files\Foxie Suite\Resources\HTML\Desktop.htm
O9 - Extra 'Tools' menuitem: Desktop Search - {306BBB66-D9E4-4481-833E-C1D5FCA06774} - C:\Program Files\Foxie Suite\Resources\HTML\Desktop.htm
O9 - Extra button: Privacy Cleaner - {546E08AA-809F-4F1A-BE1A-6B122EBFCD5A} - C:\Program Files\Foxie Suite\Cleaner.exe
O9 - Extra 'Tools' menuitem: Privacy Cleaner - {546E08AA-809F-4F1A-BE1A-6B122EBFCD5A} - C:\Program Files\Foxie Suite\Cleaner.exe
O9 - Extra button: Swift Sweeper - {61039B22-563D-4922-B844-B076C318A66A} - C:\Program Files\Foxie Suite\Sweeper.exe
O9 - Extra 'Tools' menuitem: Swift Sweeper - {61039B22-563D-4922-B844-B076C318A66A} - C:\Program Files\Foxie Suite\Sweeper.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: The Infinity Button - {E4143585-2688-4EBC-B264-27C774F600D5} - C:\Program Files\Foxie Suite\Resources\HTML\Infinity.htm
O9 - Extra 'Tools' menuitem: The Infinity Button - {E4143585-2688-4EBC-B264-27C774F600D5} - C:\Program Files\Foxie Suite\Resources\HTML\Infinity.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/d...lscbase8460.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1160770254828
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1161011521609
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

#10 Scientist

Scientist
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 26 November 2006 - 07:17 PM

Nothing red or yellow in Device Manager.

Below is a section of the Event Viewer log from a bootup, through a reboot caused by trying to run AntiVir, through another reboot from same, so it should be fairly straightforward to interpret (not that I can do it). I saw nothing in the Security or Explorer tabs, just System and Applications tabs, listed separately.

I'll try mucking with the memory while I wait for input from you folks.

System tab
Type Date Time Source Category Event User Computer
Information 11/26/2006 5:37:45 PM Service Control Manager None 7036 N/A BORG
Information 11/26/2006 5:37:39 PM Service Control Manager None 7036 N/A BORG
Information 11/26/2006 5:37:39 PM Service Control Manager None 7036 N/A BORG
Information 11/26/2006 5:37:39 PM Service Control Manager None 7035 SYSTEM BORG
Information 11/26/2006 5:37:39 PM Service Control Manager None 7036 N/A BORG
Information 11/26/2006 5:37:39 PM Service Control Manager None 7036 N/A BORG
Information 11/26/2006 5:37:39 PM Service Control Manager None 7036 N/A BORG
Information 11/26/2006 5:37:39 PM Service Control Manager None 7036 N/A BORG
Information 11/26/2006 5:37:39 PM Service Control Manager None 7035 SYSTEM BORG
Information 11/26/2006 5:37:39 PM Service Control Manager None 7035 SYSTEM BORG
Information 11/26/2006 5:37:39 PM Service Control Manager None 7035 Greg BORG
Information 11/26/2006 5:37:39 PM Service Control Manager None 7036 N/A BORG
Information 11/26/2006 5:37:39 PM Service Control Manager None 7035 SYSTEM BORG
Information 11/26/2006 5:37:39 PM Service Control Manager None 7036 N/A BORG
Information 11/26/2006 5:37:39 PM Service Control Manager None 7035 SYSTEM BORG
Information 11/26/2006 5:37:39 PM Service Control Manager None 7036 N/A BORG
Information 11/26/2006 5:37:37 PM avgntflt None 17 N/A BORG
Information 11/26/2006 5:37:20 PM Tcpip None 4201 N/A BORG
Information 11/26/2006 5:37:15 PM Tcpip None 4202 N/A BORG
Information 11/26/2006 5:37:04 PM HECI None 2 N/A BORG
Warning 11/26/2006 5:37:15 PM Dhcp None 1003 N/A BORG
Information 11/26/2006 5:37:12 PM eventlog None 6005 N/A BORG
Information 11/26/2006 5:37:12 PM eventlog None 6009 N/A BORG
Information 11/26/2006 5:35:13 PM Service Control Manager None 7036 N/A BORG
Information 11/26/2006 5:35:07 PM Service Control Manager None 7036 N/A BORG
Information 11/26/2006 5:35:07 PM Service Control Manager None 7036 N/A BORG
Information 11/26/2006 5:35:07 PM Service Control Manager None 7035 SYSTEM BORG
Information 11/26/2006 5:35:07 PM Service Control Manager None 7036 N/A BORG
Information 11/26/2006 5:35:07 PM Service Control Manager None 7036 N/A BORG
Information 11/26/2006 5:35:07 PM Service Control Manager None 7035 SYSTEM BORG
Information 11/26/2006 5:35:07 PM Service Control Manager None 7036 N/A BORG
Information 11/26/2006 5:35:07 PM Service Control Manager None 7035 SYSTEM BORG
Information 11/26/2006 5:35:07 PM Service Control Manager None 7035 SYSTEM BORG
Information 11/26/2006 5:35:06 PM Service Control Manager None 7036 N/A BORG
Information 11/26/2006 5:35:06 PM Service Control Manager None 7035 Greg BORG
Information 11/26/2006 5:35:06 PM Service Control Manager None 7036 N/A BORG
Information 11/26/2006 5:35:06 PM Service Control Manager None 7036 N/A BORG
Information 11/26/2006 5:35:06 PM Service Control Manager None 7035 SYSTEM BORG
Information 11/26/2006 5:35:06 PM Service Control Manager None 7036 N/A BORG
Information 11/26/2006 5:35:05 PM avgntflt None 17 N/A BORG
Information 11/26/2006 5:34:48 PM Tcpip None 4201 N/A BORG
Information 11/26/2006 5:34:48 PM Tcpip None 4202 N/A BORG
Information 11/26/2006 5:34:36 PM HECI None 2 N/A BORG
Warning 11/26/2006 5:34:48 PM Dhcp None 1003 N/A BORG
Information 11/26/2006 5:34:44 PM eventlog None 6005 N/A BORG
Information 11/26/2006 5:34:44 PM eventlog None 6009 N/A BORG
Error 11/26/2006 5:16:09 PM Windows Update Agent Software Sync 16 N/A BORG
Information 11/26/2006 5:15:05 PM Service Control Manager None 7036 N/A BORG
Information 11/26/2006 5:14:59 PM Service Control Manager None 7036 N/A BORG
Information 11/26/2006 5:14:59 PM Service Control Manager None 7036 N/A BORG
Information 11/26/2006 5:14:59 PM Service Control Manager None 7035 SYSTEM BORG
Information 11/26/2006 5:14:58 PM Service Control Manager None 7036 N/A BORG
Information 11/26/2006 5:14:58 PM Service Control Manager None 7036 N/A BORG
Information 11/26/2006 5:14:58 PM Service Control Manager None 7035 SYSTEM BORG
Information 11/26/2006 5:14:58 PM Service Control Manager None 7036 N/A BORG
Information 11/26/2006 5:14:58 PM Service Control Manager None 7035 SYSTEM BORG
Information 11/26/2006 5:14:58 PM Service Control Manager None 7035 SYSTEM BORG
Information 11/26/2006 5:14:58 PM Service Control Manager None 7036 N/A BORG
Information 11/26/2006 5:14:57 PM avgntflt None 17 N/A BORG
Information 11/26/2006 5:14:40 PM Tcpip None 4201 N/A BORG
Information 11/26/2006 5:14:40 PM Tcpip None 4202 N/A BORG
Information 11/26/2006 5:14:28 PM HECI None 2 N/A BORG
Information 11/26/2006 5:14:58 PM Service Control Manager None 7035 Greg BORG
Information 11/26/2006 5:14:58 PM Service Control Manager None 7036 N/A BORG
Information 11/26/2006 5:14:58 PM Service Control Manager None 7036 N/A BORG
Information 11/26/2006 5:14:58 PM Service Control Manager None 7035 SYSTEM BORG
Information 11/26/2006 5:14:58 PM Service Control Manager None 7036 N/A BORG
Warning 11/26/2006 5:14:40 PM Dhcp None 1003 N/A BORG
Information 11/26/2006 5:14:36 PM eventlog None 6005 N/A BORG
Information 11/26/2006 5:14:36 PM eventlog None 6009 N/A BORG


Applications tab
Type Date Time Source Category Event User Computer
Information 11/26/2006 5:37:38 PM H+BEDV AntiVir AntiVir 4096 SYSTEM BORG
Information 11/26/2006 5:37:37 PM SecurityCenter None 1800 N/A BORG
Warning 11/26/2006 5:37:29 PM IAANTmon None 4 N/A BORG
Information 11/26/2006 5:35:06 PM H+BEDV AntiVir AntiVir 4096 SYSTEM BORG
Information 11/26/2006 5:35:05 PM SecurityCenter None 1800 N/A BORG
Warning 11/26/2006 5:34:57 PM IAANTmon None 4 N/A BORG
Information 11/26/2006 5:14:58 PM H+BEDV AntiVir AntiVir 4096 SYSTEM BORG
Information 11/26/2006 5:14:57 PM SecurityCenter None 1800 N/A BORG
Warning 11/26/2006 5:14:49 PM IAANTmon None 4 N/A BORG

#11 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:07:34 PM

Posted 26 November 2006 - 07:25 PM

The only thing of concern in the Event Viewer logs is the Windows Update error - and I doubt that it's your problem. This means it's below the threshold that Windows recognizes.

The 2 most common possibilities are malware and hardware problems. The HJT log is the way to go. BUT, I'd suggest posting it here for the experts to review: http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#12 Scientist

Scientist
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 26 November 2006 - 10:10 PM

The only thing of concern in the Event Viewer logs is the Windows Update error - and I doubt that it's your problem. This means it's below the threshold that Windows recognizes.


I think that error is actually AntiVir complaining that its not being allowed to update, it seems to correspond to a popup that it makes when the wireless is down (computer is currently back in the dining room) and it can't get to the internet.

I'll try posting the Hijack log where you suggested, thanks.

In other updates, I've turned off the automatic reboot as TheTerrorist_75 suggested. Then I tried running on 1 memory stick at a time (1 GB each, matched new 800 MHz DDR2 memory), and the reboots keep happening with each one. Tried Memtest86, three passes gave no errors (I'll try to leave it running overnight as suggested). So I'm guessing its not a RAM problem.

#13 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:07:34 PM

Posted 27 November 2006 - 08:52 AM

Well, if I'm right (that it's either hardware or malware) then we can throw hardware at it all day long until we find the problem (or run out of money :thumbsup:

It's probably not a RAM error (problems severe enough to reboot would "most likely" show on the first pass or so). With my son's system (the last bad RAM that I tested) he got 17 errors on the first pass - and his system would reboot every 5 minutes or so.

I'd suggest waiting on the results of the HJT log file analysis before proceeding any further.
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#14 Scientist

Scientist
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 27 November 2006 - 11:02 AM

Yeah, I've now tried each RAID hard drive, each memory stick and each DVD drive individually and the reboots still happen, so theres no more hardware I can swap around thats compatible with this system unless I buy more to test.

Also ran memtest86 all night, 19 passes, no errors found.

One new piece of data is that the reboots DON'T seem to happen in Safe Mode (ran 3 passes of AntiVir, which almost always triggers it). Making me suspect driver problems.

Unless the Hijack log folks have something to suggest, I may try a format/fresh install on one of the two RAID drives tonight when I get home, and see if the reboots start happening when I get a particular driver on there. That will give me a pretty clean test of software issues.

#15 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:07:34 PM

Posted 28 November 2006 - 08:17 AM

I'd agree. Since AntiVir works OK in Safe Mode - it's likely to be either an inept virus writer or a driver problem. If it's an inept virus writed, AntiVir would most likely have found it. So that leaves us with software problem.

If you're going to change the system from how it was when you submitted the HJT log - please let the HJT Team know. If this is malware related it can cause the malware to mutate (respawn in a different location with a different name, attack method, properties, etc) - and that will make the HJT Teams job much more difficult.

There's several approaches that I've used to troubleshoot this. The easiest way to start is to use Safe Mode with Networking support. If this doesn't cause problems, then we can presume your network drivers are OK.

Then, enable boot logging and log a normal boot, then log a Safe Mode with Networking Support boot and compare the 2 (I just import them into Excel - side by side). FYI - there are some significant differences in the sequence of loading on my system, so watch for that.

This'll point out the drivers that do not load in Safe Mode. A Google should reveal the hardware associated with them.

Then, if you've withdrawn your HJT log, you can pick and choose which to uninstall, then install a freshly downloaded copy of the latest update..
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users