frequent system reboot and bsod

View previous topic View next topic Go down

Solved frequent system reboot and bsod

Post by bongring on 12th February 2009, 3:39 am

it all started when i changed my ram from 512mb to 1gb then put it back again to 512mb, a friend told me it might be registry problem so i also post a high jack this log. thanks :hmm: :hmm:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:17:44 AM, on 2/12/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Net Studio\USB_FW.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\AnalogX\MaxMem\maxmem.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\LimeWireTurbo\LimeWireTurbo.exe
C:\Program Files\Java\jre1.6.0_07\bin\javaw.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\mel\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60341
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.auction.ph/redirect.php?code=excel11
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.auction.ph/redirect.php?code=excel11
R3 - URLSearchHook: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - (no file)
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Sophos Web Content Scanner - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [USB_FW] C:\Program Files\Net Studio\USB_FW.exe
O4 - Startup: MaxMem.lnk = C:\Program Files\AnalogX\MaxMem\maxmem.exe
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O8 - Extra context menu item: + &Download Express: download this file - C:\Program Files\Download Express\Add_Url.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1224206216593
O17 - HKLM\System\CCS\Services\Tcpip\..\{1D5224A3-53EB-430F-907B-6DA28766FB97}: NameServer = 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{8F59410F-C2B0-4497-B676-EC61E4ADCA41}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{1D5224A3-53EB-430F-907B-6DA28766FB97}: NameServer = 192.168.10.1
O17 - HKLM\System\CS4\Services\Tcpip\..\{1D5224A3-53EB-430F-907B-6DA28766FB97}: NameServer = 192.168.10.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 6002 bytes

bongring
Intermediate
Intermediate

Posts Posts : 95
Joined Joined : 2008-10-20
Gender Gender : Male
OS OS : windows xp sp3
Points Points : 29800
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: frequent system reboot and bsod

Post by Digitalocksmith on 12th February 2009, 3:50 am

Cant see any issues within your log file except a few unnecessary entries which will not be related to the cause of your issues!

Run HJT again and place checks in the boxes next to the following:

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

Close all browsers (including this one) and then select 'fix checked'

Now lets have a look at your issue so i have a couple of questions for you:

(1) What was the reason for you changing back to your old ram modules?

(2) Did the system respond well when you changed to 1g modules?

(3) Can you post the blue screen stop error code please?


Regards



Digitalocksmith
Leader
Leader

Posts Posts : 625
Joined Joined : 2007-12-22
Gender Gender : Male
OS OS : Windows 7 Ultimate x64 beta 1 (build 7048) - Testing Bluewhite64 Linux 12.2
Points Points : 48931
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: frequent system reboot and bsod

Post by bongring on 12th February 2009, 4:16 am

Well my pc isn't built for gaming so i had to give the 1gb ram to my cousin, i'm satisfied with my pc running on 512 but i just tested how it will perform on 1gb and yes it runs faster.
i'll try to get bsod screen shot,when it shows up again. thanks.
one more thing, hang ups and bsod comes when i'm downloading songs from limewire.
+ Right On!

bongring
Intermediate
Intermediate

Posts Posts : 95
Joined Joined : 2008-10-20
Gender Gender : Male
OS OS : windows xp sp3
Points Points : 29800
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: frequent system reboot and bsod

Post by Digitalocksmith on 12th February 2009, 5:08 am

Have you updated to latest version of Javascript?

Yep, the stop error code is really what i need!



Digitalocksmith
Leader
Leader

Posts Posts : 625
Joined Joined : 2007-12-22
Gender Gender : Male
OS OS : Windows 7 Ultimate x64 beta 1 (build 7048) - Testing Bluewhite64 Linux 12.2
Points Points : 48931
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: frequent system reboot and bsod

Post by bongring on 12th February 2009, 9:09 am

just updated my java, just waiting for that blue guy, hehehehe!!! Cheesy Grin (sparkly Cheesy Grin (sparkly

bongring
Intermediate
Intermediate

Posts Posts : 95
Joined Joined : 2008-10-20
Gender Gender : Male
OS OS : windows xp sp3
Points Points : 29800
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: frequent system reboot and bsod

Post by bongring on 14th February 2009, 5:48 am

Honored
blue thing still not showing up, just updated my java and deleted those entries u said, thanks sir, i'll just post it here the next time it shows up again, thanks sir.+
Honored Honored

bongring
Intermediate
Intermediate

Posts Posts : 95
Joined Joined : 2008-10-20
Gender Gender : Male
OS OS : windows xp sp3
Points Points : 29800
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: frequent system reboot and bsod

Post by bongring on 22nd February 2009, 4:04 am

hello again sir, blue guy shows up again. here's the stop code:

Stop : 0x0000008E (0XC0000005,0X80517668,0XF5480B6C,0X00000000)

Sad tearing

bongring
Intermediate
Intermediate

Posts Posts : 95
Joined Joined : 2008-10-20
Gender Gender : Male
OS OS : windows xp sp3
Points Points : 29800
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: frequent system reboot and bsod

Post by Digitalocksmith on 22nd February 2009, 11:00 am

Ok....other than the standard causes such as bad RAM, driver issue or failing PSU, I have also heard that Rustock rootkit has been responsible for a lot of the stop error codes 0x0000008E, 0XC0000005 such as yours.

Apparently this thing is pretty much undetectable in normal mode or safe mode but one way of telling is too run your system in safe mode to see if it blue screens again.
Apparently the rootkit want cause your system to crash in safe mode, only in normal mode.

I would also like you to take a look at your minidumps for any evidence of: Rustock rootkit v 1.2
Z:\NewProjects\spambot\new\driver\objfre\i386\driver.pdb

If neither of these are prevalent, we can move on and run some memtests.

Regards



Digitalocksmith
Leader
Leader

Posts Posts : 625
Joined Joined : 2007-12-22
Gender Gender : Male
OS OS : Windows 7 Ultimate x64 beta 1 (build 7048) - Testing Bluewhite64 Linux 12.2
Points Points : 48931
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: frequent system reboot and bsod

Post by Belahzur on 22nd February 2009, 2:45 pm

Hello.
Bad news.

I think we may have found the culprit.

@ bongring - When you started your thread, the files I researched on Google told me it was an autorun worm, since then the page ranks have moved up on Google and now it says it's a worm called Sality.

Sality is a file infector, that's probably why you have the problems your experiencing. Your legit files are infected, and because of the damage they have suffered, they cannot function correctly.

Because of this, I ask that you back up any files you do not want to lose, because Sality cannot be fixed and the only way out is formatting.

DO NOT backup any .exe or .scr files, otherwise you will be backing up the infection.
======

This happens and spreads via removable drives/flash drives, have you recently plugged in any flash drives? your own or someone else's? either way, it's infected and needs to be cleaned or binned.



@ Digi

http://miekiemoes.blogspot.com/2008/11/please-disable-autorun-asap.html
http://www.eset.sk/buxus/generate_page.php?page_id=20616


@RealBelahzur - [Prework] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: frequent system reboot and bsod

Post by bongring on 23rd February 2009, 9:58 am

thanks for your reply sir digitalocksmith, hehehehe!! i dont have an idea where to look for that rustock rootkit, any hint.. Cheesy Grin (sparkly Cheesy Grin (sparkly

ive also found a sality removal tool from avg, i'm running it right now.

bongring
Intermediate
Intermediate

Posts Posts : 95
Joined Joined : 2008-10-20
Gender Gender : Male
OS OS : windows xp sp3
Points Points : 29800
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: frequent system reboot and bsod

Post by Belahzur on 23rd February 2009, 4:16 pm

Sality cannot be removed, it has infected your legit files. That's why I ask that you format.


@RealBelahzur - [Prework] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: frequent system reboot and bsod

Post by bongring on 26th February 2009, 1:34 am

well that really is my plan A!!! Awesome (sparkly) Awesome (sparkly) Right On! Right On!

bongring
Intermediate
Intermediate

Posts Posts : 95
Joined Joined : 2008-10-20
Gender Gender : Male
OS OS : windows xp sp3
Points Points : 29800
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum