frequent system reboot and bsod

View previous topic View next topic Go down

Solved frequent system reboot and bsod

Post by bongring on Thu 12 Feb 2009, 2:39 pm

it all started when i changed my ram from 512mb to 1gb then put it back again to 512mb, a friend told me it might be registry problem so i also post a high jack this log. thanks :hmm: :hmm:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:17:44 AM, on 2/12/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Net Studio\USB_FW.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\AnalogX\MaxMem\maxmem.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\LimeWireTurbo\LimeWireTurbo.exe
C:\Program Files\Java\jre1.6.0_07\bin\javaw.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\mel\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60341
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.auction.ph/redirect.php?code=excel11
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.auction.ph/redirect.php?code=excel11
R3 - URLSearchHook: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - (no file)
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Sophos Web Content Scanner - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [USB_FW] C:\Program Files\Net Studio\USB_FW.exe
O4 - Startup: MaxMem.lnk = C:\Program Files\AnalogX\MaxMem\maxmem.exe
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O8 - Extra context menu item: + &Download Express: download this file - C:\Program Files\Download Express\Add_Url.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1224206216593
O17 - HKLM\System\CCS\Services\Tcpip\..\{1D5224A3-53EB-430F-907B-6DA28766FB97}: NameServer = 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{8F59410F-C2B0-4497-B676-EC61E4ADCA41}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{1D5224A3-53EB-430F-907B-6DA28766FB97}: NameServer = 192.168.10.1
O17 - HKLM\System\CS4\Services\Tcpip\..\{1D5224A3-53EB-430F-907B-6DA28766FB97}: NameServer = 192.168.10.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 6002 bytes

bongring

Rookie Surfer
Rookie Surfer

Posts : 95
Joined : 2008-10-20
Operating System : windows xp sp3

View user profile

Back to top Go down

Solved Re: frequent system reboot and bsod

Post by Digitalocksmith on Thu 12 Feb 2009, 2:50 pm

Cant see any issues within your log file except a few unnecessary entries which will not be related to the cause of your issues!

Run HJT again and place checks in the boxes next to the following:

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

Close all browsers (including this one) and then select 'fix checked'

Now lets have a look at your issue so i have a couple of questions for you:

(1) What was the reason for you changing back to your old ram modules?

(2) Did the system respond well when you changed to 1g modules?

(3) Can you post the blue screen stop error code please?


Regards



Digitalocksmith

Advanced Surfer
Advanced Surfer

Posts : 626
Joined : 2007-12-23
Operating System : Windows 7 Ultimate x64 beta 1 (build 7048) - Testing Bluewhite64 Linux 12.2

View user profile

Back to top Go down

Solved Re: frequent system reboot and bsod

Post by bongring on Thu 12 Feb 2009, 3:16 pm

Well my pc isn't built for gaming so i had to give the 1gb ram to my cousin, i'm satisfied with my pc running on 512 but i just tested how it will perform on 1gb and yes it runs faster.
i'll try to get bsod screen shot,when it shows up again. thanks.
one more thing, hang ups and bsod comes when i'm downloading songs from limewire.
+

bongring

Rookie Surfer
Rookie Surfer

Posts : 95
Joined : 2008-10-20
Operating System : windows xp sp3

View user profile

Back to top Go down

Solved Re: frequent system reboot and bsod

Post by Digitalocksmith on Thu 12 Feb 2009, 4:08 pm

Have you updated to latest version of Javascript?

Yep, the stop error code is really what i need!



Digitalocksmith

Advanced Surfer
Advanced Surfer

Posts : 626
Joined : 2007-12-23
Operating System : Windows 7 Ultimate x64 beta 1 (build 7048) - Testing Bluewhite64 Linux 12.2

View user profile

Back to top Go down

Solved Re: frequent system reboot and bsod

Post by bongring on Thu 12 Feb 2009, 8:09 pm

just updated my java, just waiting for that blue guy, hehehehe!!!

bongring

Rookie Surfer
Rookie Surfer

Posts : 95
Joined : 2008-10-20
Operating System : windows xp sp3

View user profile

Back to top Go down

Solved Re: frequent system reboot and bsod

Post by bongring on Sat 14 Feb 2009, 4:48 pm


blue thing still not showing up, just updated my java and deleted those entries u said, thanks sir, i'll just post it here the next time it shows up again, thanks sir.+

bongring

Rookie Surfer
Rookie Surfer

Posts : 95
Joined : 2008-10-20
Operating System : windows xp sp3

View user profile

Back to top Go down

Solved Re: frequent system reboot and bsod

Post by bongring on Sun 22 Feb 2009, 3:04 pm

hello again sir, blue guy shows up again. here's the stop code:

Stop : 0x0000008E (0XC0000005,0X80517668,0XF5480B6C,0X00000000)


bongring

Rookie Surfer
Rookie Surfer

Posts : 95
Joined : 2008-10-20
Operating System : windows xp sp3

View user profile

Back to top Go down

Solved Re: frequent system reboot and bsod

Post by Digitalocksmith on Sun 22 Feb 2009, 10:00 pm

Ok....other than the standard causes such as bad RAM, driver issue or failing PSU, I have also heard that Rustock rootkit has been responsible for a lot of the stop error codes 0x0000008E, 0XC0000005 such as yours.

Apparently this thing is pretty much undetectable in normal mode or safe mode but one way of telling is too run your system in safe mode to see if it blue screens again.
Apparently the rootkit want cause your system to crash in safe mode, only in normal mode.

I would also like you to take a look at your minidumps for any evidence of: Rustock rootkit v 1.2
Z:\NewProjects\spambot\new\driver\objfre\i386\driver.pdb

If neither of these are prevalent, we can move on and run some memtests.

Regards



Digitalocksmith

Advanced Surfer
Advanced Surfer

Posts : 626
Joined : 2007-12-23
Operating System : Windows 7 Ultimate x64 beta 1 (build 7048) - Testing Bluewhite64 Linux 12.2

View user profile

Back to top Go down

Solved Re: frequent system reboot and bsod

Post by Belahzur on Mon 23 Feb 2009, 1:45 am

Hello.
Bad news.

I think we may have found the culprit.

@ bongring - When you started your thread, the files I researched on Google told me it was an autorun worm, since then the page ranks have moved up on Google and now it says it's a worm called Sality.

Sality is a file infector, that's probably why you have the problems your experiencing. Your legit files are infected, and because of the damage they have suffered, they cannot function correctly.

Because of this, I ask that you back up any files you do not want to lose, because Sality cannot be fixed and the only way out is formatting.

DO NOT backup any .exe or .scr files, otherwise you will be backing up the infection.
======

This happens and spreads via removable drives/flash drives, have you recently plugged in any flash drives? your own or someone else's? either way, it's infected and needs to be cleaned or binned.



@ Digi

http://miekiemoes.blogspot.com/2008/11/please-disable-autorun-asap.html
http://www.eset.sk/buxus/generate_page.php?page_id=20616


@RealBelahzur - [Prework] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Solved Re: frequent system reboot and bsod

Post by bongring on Mon 23 Feb 2009, 8:58 pm

thanks for your reply sir digitalocksmith, hehehehe!! i dont have an idea where to look for that rustock rootkit, any hint..

ive also found a sality removal tool from avg, i'm running it right now.

bongring

Rookie Surfer
Rookie Surfer

Posts : 95
Joined : 2008-10-20
Operating System : windows xp sp3

View user profile

Back to top Go down

Solved Re: frequent system reboot and bsod

Post by Belahzur on Tue 24 Feb 2009, 3:16 am

Sality cannot be removed, it has infected your legit files. That's why I ask that you format.


@RealBelahzur - [Prework] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Solved Re: frequent system reboot and bsod

Post by bongring on Thu 26 Feb 2009, 12:34 pm

well that really is my plan A!!!

bongring

Rookie Surfer
Rookie Surfer

Posts : 95
Joined : 2008-10-20
Operating System : windows xp sp3

View user profile

Back to top Go down

Solved Re: frequent system reboot and bsod

Post by Sponsored content Today at 7:55 am


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum