Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Inactive Malware Help Topics

User Tag List

Unexpected Reboots[moved from xp]

This is a discussion on Unexpected Reboots[moved from xp] within the Inactive Malware Help Topics forums, part of the Tech Support Forum category. If I try to run SFC, or reinstall XP pro or run trends online virus scanner lately my comp just


 
 
Thread Tools Search this Thread
Old 03-18-2007, 04:30 PM   #1
Guest
 
Join Date: Mar 2007
Posts: 9
OS:



If I try to run SFC, or reinstall XP pro or run trends online virus scanner lately my comp just reboots on me. I am suspecting some form of virus....any thouhgts?

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 4:19:49 PM, on 3/18/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\WFXSVC.EXE
C:\Documents and Settings\Krista\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://ca.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://ca.rd.yahoo.com/customize/ie/...arch.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://ca.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\SYSTEM\Userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: https://staplescanada.webprint.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - https://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - https://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - https://v5.windowsupdate.microsoft.co...?1114631715186
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - https://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {F2A84794-EE6D-447B-8C21-3BA1DC77C5B4} (SDKInstall Class) - https://activex.microsoft.com/activex...te/sdkinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B052FC3F-3475-467F-A390-07608BC23ED6}: Domain = escape.ca
O17 - HKLM\System\CCS\Services\Tcpip\..\{B052FC3F-3475-467F-A390-07608BC23ED6}: NameServer = 142.161.130.155,142.161.2.155
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\System32\WFXSVC.EXE
whizzkid3 is offline  
Sponsored Links
Advertisement
 
Old 03-20-2007, 05:38 PM   #2
TSF Team Emeritus
Microsoft Visiting Expert
 
Join Date: Jun 2006
Location: Woodland Hills, CA
Posts: 3,258
OS: Windows 98se/2000/XP/Vista/7/8 Pro/10 Pro/10 "Insider" / Linux(various)



Hi whizzkid3

I'll let the malware-experts in the Security forums give you their feedback on the log, they have more experience in HJT logs (they'll give their feedback in your thread over there). I don't see anything at first glance.

Once you get a clean-bill of health from our Security experts:

Try changing a setting: right-click "My Computer", select "Properties", then "Advanced", and in the "Startup & Recovery" section - click on "Settings", then in the "System Failure" section - remove the checkmark from the box "Automatically Restart". If a fatal STOP error is occurring, this will let you see it. Copy it down & post it here.

Also check in your Event logs for errors that coincide with the restarts. Go to the Event Viewer to view the logs - it's in the "Administrative Tools" in the Control Panel (in "Performance and Maintenance" if you have Control Panel set to the category view). To view the details of an Event - right-click it and select "Properties".

Best of luck
. . . Gary

... I noticed that you have had many malware scanners active recently -- have any infections been found recently? If not, what symptoms have led to your wish to reinstall?
OldGrayGary is offline  
Old 03-21-2007, 02:02 PM   #3
Guest
 
Join Date: Mar 2007
Posts: 9
OS:



I had already done the thing where I uncheck the restart box but I still dont get a blue screen or an error. It just reboots.

I have done all the malware scanning and reinstall because of this very problem.
whizzkid3 is offline  
Sponsored Links
Advertisement
 
Old 03-21-2007, 05:42 PM   #4
Guest
 
Join Date: May 2006
Posts: 2,838
OS:



Totally harvest the collective skills of the HJT Team (most overloaded team on planet)....but I don't like the 4 BHOs. Not at all.

But wait until they do differential diagnosis.
Ariesjill is offline  
Old 03-21-2007, 07:40 PM   #5
Guest
 
Join Date: Mar 2007
Posts: 31
OS:



my first piece of advice would be to get rid of the beta software. that could be messing with you in creating unstable code, forcing your computer to reboot. i know my CS3 verizon messed with my wireless card.
migitmd is offline  
Old 03-21-2007, 10:02 PM   #6
Guest
 
Join Date: Mar 2007
Posts: 9
OS:



could you be more specific about the beta software please?
whizzkid3 is offline  
Old 03-21-2007, 10:25 PM   #7
Guest
 
Join Date: May 2006
Posts: 2,838
OS:



hi, Again,

Am assuming wizz may be referring 2 possible Beta version of Vista?
But not sure. (Wrong, C edit)

But I totally think U should follow the HJT Forum rules and post theah ASAP.

Not all BHOs R Satan (Only I think so and so kill them, nobody else should).....but U have one in particular with major murky.Just Googled and Came upon this interesting goodie:

https://groups.google.com/group/micro...c459279783389f


May or may NOT B relevant 2 yr problem.....don't even know if it's browser-related or not....but true sages comprise the HJT team....and there will be wait time.....so wut downside of posting ASAP and getting in queue?

Jill

Edit: No, he means your trend Micro HJT BETA, not Vista. Can't imagine this would cause conflict....but first, why don't U have SP2????? R U fully patched re MS updates? Truly, were I U I would post on HJT right off.
Ariesjill is offline  
Old 03-22-2007, 06:03 AM   #8
TSF Team Emeritus
Microsoft Support
 
Geekgirl's Avatar
 
Join Date: Jan 2005
Location: Pennsylvania
Posts: 15,478
OS: XP Home SP3 x3 /XP Pro SP3/Vista Ultimate SP2/Win7 Pro 64-BIT



Quote:
If I try to run SFC, or reinstall XP pro or run trends online virus scanner lately my comp just reboots on me. I am suspecting some form of virus....any thouhgts?
Is this the only time it reboots? Can you successfully start the system in Safe Mode?

Have you checked the Event Viewer as suggested by OldGrayGary?
__________________
Geekgirl is offline  
Old 03-22-2007, 10:21 AM   #9
Guest
 
Join Date: Mar 2007
Posts: 31
OS:



Quote:
Originally Posted by whizzkid3 View Post
could you be more specific about the beta software please?
Beta software is unstable software, meaning its full of bugs and glitches and can be messed up very easily. My first bit of advice is to get rid of the beta software, eliminating the possibility of unstable software, which could very well be forcing your computer to have these un expected reboots. find a stable version of final software.
migitmd is offline  
Old 03-22-2007, 02:03 PM   #10
Guest
 
Join Date: Mar 2007
Posts: 9
OS:



I looked at the event manager. There seems to be some entries about RASMAN "Remote Access Connection Manager failed to start because it could not create buffers. Restart the computer. Access is denied." and Service control manager "The Remote Access Connection Manager service terminated with the following error:
The request is not supported. "

thoughts?
whizzkid3 is offline  
Old 03-23-2007, 12:35 AM   #11
TSF Team Emeritus
Microsoft Visiting Expert
 
Join Date: Jun 2006
Location: Woodland Hills, CA
Posts: 3,258
OS: Windows 98se/2000/XP/Vista/7/8 Pro/10 Pro/10 "Insider" / Linux(various)



Hi again

Looks like your reinstall didn't go well --- The EventViewer error regarding the problematic service is mentioned as one of the things that can go wrong during an XP reinstall --- https://support.microsoft.com/kb/329441 --- [Reinstalling XP is a bit more tricky that Win9x reinstalls -- did you use the same disk the PC was first installed with?]

As Jill had mentioned, since you are back to SP1 status, you've got some updating ground to cover. If you can get SP2 installed OK, it should fix the RASMAN problem.

Try downloading the corporate version of XP's Service Pack 2 and installing it -- and then visit Windows Update to get the rest of the Critical Updates since Service Pack 2 was released (about 50 or 60 by now). At least once up-to-date with patches, we can rule out those as a source of the trouble. Here's the link to the full SP2 download --- https://www.microsoft.com/downloads/d...displaylang=en

Of course, while running a Service Pack install, don't run anything else at the same time --- and unplug from networks, printers, scanners, multifunction devices, PDAs, cameras, etc -- until the Service Pack has fully installed.

Best of luck
. . . Gary


P.S. .... As Geekgirl had asked - is it only when running SFC, attempting a HouseCall scan, or attempting to reinstall that it reboots? Did the reboot problem show up abruptly after you tried an XP reinstall? ... Or? .... Also curious if the system seems stable in Safe Mode.
OldGrayGary is offline  
Old 03-23-2007, 08:58 AM   #12
Guest
 
Join Date: Mar 2007
Posts: 9
OS:



I will try the updates as you suggest, however I think that is going to be a problem. The comp seems to reboot when I try any sort of OS related things like defrag or SFC or repair console, etc etc. No it is not stable in safe mode either. I will do the updates after I hear back from the people in the hijack this log forum.
thanks again
whizzkid3 is offline  
Old 03-23-2007, 02:58 PM   #13
Guest
 
Join Date: Mar 2007
Posts: 9
OS:



I just tried to install service pack 2 the way you suggested and it went for awhile then came up with an error message "access Denied", then took it all again.

I went to look in the automatic updates section but it says Automatic Update service is not available.

Did I do it wrong?
whizzkid3 is offline  
Old 03-24-2007, 02:31 AM   #14
TSF Team Emeritus
Microsoft Visiting Expert
 
Join Date: Jun 2006
Location: Woodland Hills, CA
Posts: 3,258
OS: Windows 98se/2000/XP/Vista/7/8 Pro/10 Pro/10 "Insider" / Linux(various)



Hi again

Check to make sure your Windows Services are setup OK. Here's a guide --- https://www.theeldergeek.com/services_guide.htm --- Go through your services, one by one, and check your settings against the recommended values. Especially check on the "Background Intelligent Transfer Service" - this must be set to either Automatic or Manual for Windows Update to work.

If you've used msconfig to restrict startups, make sure that any processes that are being prevented from starting aren't causing problems by their absence.

When you first reinstalled, what sort of disk did you use? Recovery disk or retail installation CD? Were the disks shipped with the system at purchase? Or?

Also -- since you received the "Access is Denied" error during the install - I'm a little surprised that SP2 then went on and installed anyway? Or perhaps it didn't install completely? [When you right-click My Computer & look at "Properties", does it mention Windows XP SP2 as the operating system? If not, you might have to try that manual Registry edit that MS provides in that article ( --- https://support.microsoft.com/kb/329441 ---) - and then try to install SP2 from that downloaded file again (by the way, disable any "download managers" while downloading system files or updates)].

Best of luck
. . . Gary
OldGrayGary is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Unexpected Reboots
I am running XP pro and lately have been getting some unexpected reboots. Here is my HJT log....any suggestions? Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 4:19:49 PM, on 3/18/2007 Platform: Windows XP SP1 (WinNT 5.01.2600) Boot mode: Normal Running processes:...
whizzkid3 Inactive Malware Help Topics 1 03-21-2007 10:01 AM
half life 2 unexpected error
Ok i have half life 2 and now every once in a while an unexpected error occurs. I don't know what causes it, just at random times while im playing it happens. although the first half of the game works perfectley with barely any errors, as soon as I get to the sandtrap level errors start to...
mecoatwar PC Gaming Support 14 12-31-2006 04:58 AM
unexpected errors
do any of you know how to troubleshoot a unexpected error dont send] these types of errors.
mecoatwar Windows XP Support 2 12-28-2006 03:44 AM
Losing internet connection on network
We our having problems with our internet connection quitting out on us every hour or so. It seems that the more computers and Xboxes we have on the more often we lose our connection. We only lose the connection for a second but thatís long enough so that we get kicked out of games and of MSN. ...
ChokingClown Networking Support 3 08-26-2005 06:48 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 04:15 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts