Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

comp keeps shutting itself off

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

comp keeps shutting itself off

Unread postby swp110 » December 18th, 2005, 8:37 pm

for some reason my compuer shuts itself off randomly. sometimes it happens when i am using it and sometimes i will just come back and it will be off. it also always shuts off when i try to run a virus scan with avg. i have windows xp with IE and run adaware spybot and avg. they havent come up with anything. ive tried to run avg in safe mode but nothing comes up. here is my log to see if u can figure out what is wrong. thanks for any help.


Logfile of HijackThis v1.99.1
Scan saved at 7:28:40 PM, on 12/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\HPConfig.exe
C:\WINDOWS\system32\RadioSvr.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\S3tray2.exe
C:\Program Files\Hewlett-Packard\HP Display Settings\hpdisply.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\HPONE-~1\OneTouch.EXE
C:\windows\system\hpsysdrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customi ... ch/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customi ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com/notebooks/pavilion/e-center
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customi ... .yahoo.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [HP Display Settings] C:\Program Files\Hewlett-Packard\HP Display Settings\hpdisply.exe /s
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CP4HPOT] C:\PROGRA~1\HPONE-~1\OneTouch.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com/notebooks/pavilion/e-center
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) - http://zone.msn.com/bingame/rock/defaul ... oader1.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/share ... insctl.cab
O16 - DPF: {555500CD-CB54-11D6-8DB9-0000864598B3} (Diagmgr Class) - http://isupport4.hp.com/awebui/jsp/answ ... anager.CAB
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 4084546325
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.c ... mplete.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/share ... cgdmgr.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsup ... mAData.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://utu.popcap.com/games/popcaploader_v5.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsup ... veData.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{28253649-7DAF-4D0B-A097-5D474018F4CF}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{28253649-7DAF-4D0B-A097-5D474018F4CF}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{28253649-7DAF-4D0B-A097-5D474018F4CF}: NameServer = 192.168.1.1
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: HP Configuration Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\System32\HPConfig.exe
O23 - Service: HP RF Device Service (HpRfDev) - Hewlett-Packard - C:\WINDOWS\system32\HpRfDev.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: RadioSvr - Hewlett-Packard - C:\WINDOWS\system32\RadioSvr.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
swp110
Regular Member
 
Posts: 18
Joined: March 10th, 2005, 9:03 am
Advertisement
Register to Remove

Unread postby Kimberly » December 19th, 2005, 11:54 am

Hello swp110,

Nothing special in your Hijackthis log neither that could explain the random reboots. We might have a rootkit installed, because the reboot occurs when you are using AVG, that could be a sign of it. Let's try to find out what's wrong.

Run HijackThis, click on None of the above, just start the program, click on Scan. Put a check in the box on the left side of the following items if still present:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customi ... ch/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customi ... .yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customi ... .yahoo.com
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) - http://zone.msn.com/bingame/rock/defaul ... oader1.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://utu.popcap.com/games/popcaploader_v5.cab

Close ALL windows and browsers except HijackThis and click Fix Checked
______________________________

Please Download Rootkit Revealer
http://www.sysinternals.com/utilities/r ... ealer.html

Create a folder for Rootkit Revealer on the C: drive called C:\Rkr. You can do this by going to My Computer then double click on C: then right click and select New then Folder and name it Rkr. Extract all the files from the zip archive into that folder.

Open the Rkr folder and double-click the icon for RootkitRevealer.exe to launch the program. Save the log into that folder (File > Save)

If you get a warning, let the driver load...it will be a random named one but if you have spyware protections running the info they give (when warned) will tell you it is from sysinternals.

Please post the RootkitRevealer log and a new Hijackthis log please.

Kim
User avatar
Kimberly
MRU Teacher Emeritus
 
Posts: 3505
Joined: June 15th, 2005, 12:57 am

rootkitrevealer log

Unread postby swp110 » December 21st, 2005, 10:55 pm

no clue what any of this means but i hope we have found the problem :)



HKLM\SOFTWARE\Classes\webcal\URL Protocol
7/5/2004 11:44 PM 13 bytes
Data mismatch between Windows API and raw hive data.

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat:KAVICHS
11/16/2004 10:00 PM 36 bytes
Hidden from Windows API.

C:\Documents and Settings\LocalService\ntuser.dat:KAVICHS
11/16/2004 10:00 PM 36 bytes
Hidden from Windows API.

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat:KAVICHS
11/16/2004 10:00 PM 36 bytes
Hidden from Windows API.

C:\Documents and Settings\NetworkService\NTUSER.DAT:KAVICHS
11/16/2004 10:00 PM 36 bytes
Hidden from Windows API.

C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG:KAVICHS
12/21/2005 8:18 PM 36 bytes
Hidden from Windows API.

C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat:KAVICHS
11/16/2004 10:00 PM 36 bytes
Hidden from Windows API.

C:\Documents and Settings\Owner\ntuser.dat:KAVICHS
12/17/2005 12:01 PM 36 bytes
Hidden from Windows API.

C:\WINDOWS\system32\config\DEFAULT:KAVICHS 12/5/2005
9:19 PM 36 bytes
Hidden from Windows API.

C:\WINDOWS\system32\config\SAM:KAVICHS
11/16/2004 10:00 PM 36 bytes
Hidden from Windows API.

C:\WINDOWS\system32\config\SECURITY:KAVICHS
12/17/2005 10:31 AM 36 bytes
Hidden from Windows API.

C:\WINDOWS\system32\config\SOFTWARE:KAVICHS 12/15/2005
11:15 PM 36 bytes
Hidden from Windows API.

C:\WINDOWS\system32\config\SYSTEM:KAVICHS
12/21/2005 8:17 PM 36 bytes
Hidden from Windows API.[/b]
swp110
Regular Member
 
Posts: 18
Joined: March 10th, 2005, 9:03 am

Unread postby Kimberly » December 22nd, 2005, 6:46 am

Your Rootkit Revealer log is clean, so the reboot is not due to the presence of a rootkit. Maybe the reason has been logged in the Event Viewer.

Use one of the following ways to get into the Event Viewer.

1. Start, Rightclick on My Computer and select Manage then Event Viewer.
2. Control Panel -> Adminstrative Tools -> Event Viewer

Click on System in the left pane, look for Event 1001/1003, it should show info about the stop error. Double click to open them up and copy them by pressing the bottom of the three buttons (the one with the copy icon). Then Edit Paste it to a reply. Normally that should help to find the reason of the BSOD.

Let's do a scan and see how far we get with that.

Please download the trial version of Ewido Security Suite 3.5 from here:
http://www.ewido.net/en/download/
  • Install Ewido Security Suite.
  • When installing, under Additional Options uncheck Install background guard and Install scan via context menu.
  • When you run Ewido for the first time, you could get a warning "Database could not be found!". Click Ok.
  • The program will prompt you to update. Click the Ok button.
  • The program will now go to the main screen.
You will need to update Ewido to the latest definition files.
  • On the left-hand side of the main screen click the Update Button.
  • Click on Start.
The update will start and a progress bar will show the updates being installed.
Once finished updating, close Ewido.

If you are having problems with the updater, you can use this link to manually update ewido.
Ewido manual updates. Make sure to close Ewido before installing the update.
______________________________

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
______________________________

Close ALL open Windows / Programs / Folders. Please start Ewido Security Suite, and run a full scan.
  • Click on Scanner
  • Click on Settings
    • Under How to scan all boxes should be checked
    • Under Unwanted Software all boxes should be checked
    • Under What to scan select Scan every file
    • Click on Ok
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
If Ewido finds anything, it will pop up a notification. When it asks if you want to clean the first file, put a checkmark in the lower left corner of the box that says Perform action on all infections, then choose clean and click Ok.

Once the scan has completed, there will be a button located on the bottom of the screen named Save Report.
  • Click Save Report button
  • Save the report to your Desktop
Close Ewido and reboot in Normal Mode.
______________________________

Run HijackThis, click on Open the Misc Tools Section, put a checkmark in List also minor sections and List empty sections. Click on Generate StartupList log, anwser Yes and copy/past the content in your reply.
Click Back and Click on Scan. When the scan is finished, click Save Log and paste the content in your reply.
______________________________

Please post:

- Event viewer items if found.
- Ewido log
- Startup list

Kim
User avatar
Kimberly
MRU Teacher Emeritus
 
Posts: 3505
Joined: June 15th, 2005, 12:57 am

not working

Unread postby swp110 » December 24th, 2005, 4:37 pm

im not sure which event to pick there arent anyt 1001 but about 100 or more 1003 all with warnings and then a bunch of other #'s with errors.
also i keep trying to run ewido in safemode but my comp keeps shutting off when it is 1/2 way thru the scan just like AVG does in regular and safemode.
swp110
Regular Member
 
Posts: 18
Joined: March 10th, 2005, 9:03 am

Unread postby Kimberly » December 25th, 2005, 1:22 pm

Hi swp110,

Post a few of the 1003 events, it might give an idea, plus a few others.

Let's put Ewido aside for the moment, just post the startup list please.

Kim
User avatar
Kimberly
MRU Teacher Emeritus
 
Posts: 3505
Joined: June 15th, 2005, 12:57 am

Unread postby swp110 » December 25th, 2005, 10:26 pm

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 12/25/2005
Time: 8:03:28 PM
User: N/A
Computer: HEWLETT-GRAP4UX
Description:
The StyleXPService service failed to start due to the following error:
The system cannot find the file specified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 12/25/2005
Time: 12:34:14 PM
User: N/A
Computer: HEWLETT-GRAP4UX
Description:
The StyleXPService service failed to start due to the following error:
The system cannot find the file specified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 12/24/2005
Time: 3:33:27 PM
User: N/A
Computer: HEWLETT-GRAP4UX
Description:
The StyleXPService service failed to start due to the following error:
The system cannot find the file specified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 12/24/2005
Time: 2:58:26 PM
User: N/A
Computer: HEWLETT-GRAP4UX
Description:
The StyleXPService service failed to start due to the following error:
The system cannot find the file specified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10005
Date: 12/24/2005
Time: 2:41:35 PM
User: HEWLETT-GRAP4UX\Owner
Computer: HEWLETT-GRAP4UX
Description:
DCOM got error "This service cannot be started in Safe Mode " attempting to start the service netman with arguments "" in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


Event Type: Warning
Event Source: W32Time
Event Category: None
Event ID: 36
Date: 12/18/2005
Time: 1:15:43 AM
User: N/A
Computer: HEWLETT-GRAP4UX
Description:
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


Event Type: Warning
Event Source: Tcpip
Event Category: None
Event ID: 4226
Date: 12/14/2005
Time: 11:12:30 AM
User: N/A
Computer: HEWLETT-GRAP4UX
Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 01 00 54 00 ......T.
0008: 00 00 00 00 82 10 00 80 ....‚..€
0010: 01 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........


Event Type: Error
Event Source: IPRIP
Event Category: None
Event ID: 29053
Date: 12/9/2005
Time: 10:50:04 PM
User: N/A
Computer: HEWLETT-GRAP4UX
Description:
IPRIP could not join the multicast group 224.0.0.9 on the local interface with IP address 192.168.1.10. The data is the error code.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 47 27 00 00 G'..


Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10005
Date: 12/8/2005
Time: 8:56:23 PM
User: NT AUTHORITY\SYSTEM
Computer: HEWLETT-GRAP4UX
Description:
DCOM got error "This service cannot be started in Safe Mode " attempting to start the service EventSystem with arguments "" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7001
Date: 12/8/2005
Time: 7:59:00 PM
User: N/A
Computer: HEWLETT-GRAP4UX
Description:
The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
A device attached to the system is not functioning.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


Event Type: Error
Event Source: Windows Update Agent
Event Category: Installation
Event ID: 20
Date: 12/5/2005
Time: 10:59:07 PM
User: N/A
Computer: HEWLETT-GRAP4UX
Description:
Installation Failure: Windows failed to install the following update with error 0x800706ba: Windows Malicious Software Removal Tool - November 2005 (KB890830).

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 57 69 6e 33 32 48 52 65 Win32HRe
0008: 73 75 6c 74 3d 30 78 38 sult=0x8
0010: 30 30 37 30 36 62 61 20 00706ba
0018: 55 70 64 61 74 65 49 44 UpdateID
0020: 3d 7b 35 36 41 33 45 43 ={56A3EC
0028: 46 36 2d 44 46 46 43 2d F6-DFFC-
0030: 34 33 45 31 2d 41 31 37 43E1-A17
0038: 41 2d 46 33 37 42 41 32 A-F37BA2
0040: 44 35 32 34 37 34 7d 20 D52474}
0048: 52 65 76 69 73 69 6f 6e Revision
0050: 4e 75 6d 62 65 72 3d 31 Number=1
0058: 30 31 20 00 01 .


Event Type: Warning
Event Source: Dhcp
Event Category: None
Event ID: 1003
Date: 5/30/2005
Time: 1:14:35 AM
User: N/A
Computer: HEWLETT-GRAP4UX
Description:
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 00023F38EC7D. The following error occurred:
The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 79 00 00 00 y...


Event Type: Error
Event Source: Dhcp
Event Category: None
Event ID: 1000
Date: 5/26/2005
Time: 1:24:10 PM
User: N/A
Computer: HEWLETT-GRAP4UX
Description:
Your computer has lost the lease to its IP address 192.168.1.101 on the Network Card with network address 00023F38EC7D.

For more information, see Help and SupporEvent Type: Warning
Event Source: Dhcp
Event Category: None
Event ID: 1003
Date: 5/28/2005
Time: 7:06:36 AM
User: N/A
Computer: HEWLETT-GRAP4UX
Description:
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 00023F38EC7D. The following error occurred:
The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 79 00 00 00 y...


t Center at http://go.microsoft.com/fwlink/events.asp.
swp110
Regular Member
 
Posts: 18
Joined: March 10th, 2005, 9:03 am

Unread postby Kimberly » December 27th, 2005, 11:40 am

Again nothing that may explain the random reboots, you just seem to have a little bit of trouble in obtaining your network (DCHP server & DNS servers)

Let's remove the StyleXP service, since the file is not present anymore. We will check your harddrive for errors too.

Click Start > Run > type in CMD and hit enter.

type the following lines in the window, followed by enter

sc stop "StyleXPService"
sc delete "StyleXPService"

Still in the CMD window, type chkdsk /f and hit enter. If you are using the NTFS system, you'll get a message that the volume is locked. It will ask you to run at next boot, anwser yes and close the CMD window. Reboot your computer and wait untill you see the desktop again. (It will reboot automatically just after the check)

When done, click on My Computer, select Local Disk (C), Right click to bring up the menu and click on Properties and go to Tools tab. Click on Defragment now and click on the Defragment button in the next window. This may take some time. Relax and have a cup of coffee or tea.
______________________________

Random reboots can be a memory problem, so let's check that out first.

Go to http://www.memtest86.com
scroll down the page to the download Download - Pre-Compiled Memtest86 v3.2 installable from Windows and DOS <memt32.zip>
Copy the download into a separate folder and unzip it.
Make sure all four unzipped files are in the same folder.
Double-click install.bat
It will prompt you to name the floppy drive letter a: and will install memtest86 on that floppy.
Label it Memtest86 because you will not be able to "see" any files on it.
The floppy will have only a tiny program in its boot system.
If you reboot the PC with that floppy in the drive, it should boot from the floppy and start Memtest.
Let it run until it completes all its tests thru #4.
If there are any errors listed, you have a defective RAM card.
Terminate the program with the Esc key, and eject the floppy to reboot normally.

If you have only a CD drive, you will have to download the Windows ISO file on the Memtest web page and use CD burner software to make a bootable Memtest CD
______________________________

After the maintenance operations, try to run AVG & Ewido and see if it works now.


Also Run HijackThis, click on Open the Misc Tools Section, put a checkmark in List also minor sections and List empty sections. Click on Generate StartupList log, anwser Yes and copy/past the content in your reply.

1. did memtest found errors ?
2. Disk errors ?
3. Able to run AVG / Ewido ?

Kim
User avatar
Kimberly
MRU Teacher Emeritus
 
Posts: 3505
Joined: June 15th, 2005, 12:57 am

Unread postby NonSuch » January 9th, 2006, 3:41 am

Whilst we appreciate that you may be busy, it has been 14 days or more since we heard from you.

Infections can change and fresh instructions will now need to be given. This topic is now closed, if you still require assistance then please start a new topic in the Malware Removal Forum.

If you wish this topic reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid,
working link to the closed topic is required along with the user name used.
If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27300
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 12 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware