unplaned restart!!

[sp1zy]

Hi... i have a question about a forced automaded restarts that i used to have
with my old pc and now i got it happening again with my new p4 pc :

well i get a small window pumping up telling me that the generic host made an error and that the system will shot down after a count down then the system restart am sorry i dont remeber the exact message but here is some system and security logs at 22/12/2:37 :

system logs:
_the terminal service failed to start due to the following error the pipe has been ended
_ the process winlogon.exe has initiated the restart of os for the following reson no title for thiss reason could be found minor reason oxff
shutdown type reboot
comment windows must now restart because dcom server process launcher service terminated unexpectedly
_The dcom server process luncher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60 seconds:
reboot the macine.

i did a command promot order :
sc query dcom
sc enumqueryservicesstatus: openservice failed 1060
the specified service dose not exist as installed server

application logs:
faulting application svchost.exe v 5.1 fulkting module rpcrt.dll version 5.1 fult address oxooo55009

-the application c:\windows\system32\svchost.exe generated an application error the error accurred on 12/22/14:37 the exception generated was c0000005 at address 77ec5009(rpcrt4!rpcmgmtsertauthorizationfn)
no user action required

olso i noticed that generic host c:\windows\system32\svchost.exe
on my firwall (zone alarm have no permition to access internet on the server
tabby defult zone alarm settings .
well i just copyed and past that data i dont realy understand what is going on
and not realy intrested in tech analyzation what i need to know is is there somthing i should do? like in fire wall or somthing? is that a normal thing to happen? thats all thank you.

[doctorgonzo]

Have you scanned your system for viruses? If you haven't, go to http://housecall.trendmicro.com/ and do so.

[EzyStvy]

A tool is available to remove Blaster worm and Nachi worm infections from computers that are running Windows 2000 or Windows XP
http://support.microsoft.com/kb/833330/en-us

[sp1zy]

its a virus?? i didnt know that... i have avg guard and windows anty spi ware
and zone alarm and previx all installed no indication of that virus was found..
is my hardware ok??? can i just format and re install windows?
would that fix it??

[doctorgonzo]

It could be a virus, which is why I suggested the online scan from Trend Micro. If you have scanned and not found anything, then it probably isn't a virus. It could be a lot of things. Why don't you post your complete system specs, especially the motherboard brand and model, power supply brand and model, memory, etc.

[sp1zy]

Quote:

Originally Posted by EzyStvy A tool is available to remove Blaster worm and Nachi worm infections from computers that are running Windows 2000 or Windows XP http://support.microsoft.com/kb/833330/en-us

This tool is no longer available. It has been replaced by the Microsoft Windows Malicious Software Removal Tool. For additional information about the Malicious Software Removal Tool, click the following article number to view the article in the Microsoft Knowledge Base:

[sp1zy]

i am trying to scan the house call but it say i need to update my java which i am currently downloading i have 56kps modem so its slow ill keep posting with the updates. i have scaned with avg and nothing found

my system:

p4 3ghzE priscot with hyper threading
gigabyte pentuim 4 titan GA-8I848E-L mother board
512 mb of ddr ram
geforce 5200 fx vga

power supply integrated in a matrix case
connected to an infosec 500xp ups range

[doctorgonzo]

What is the make and model of your power supply?

[sp1zy]

power supply: pc touch pow c 350 350w

but i dont see haw the power is related the restart was controled by the system and i didnt have a power cut. haw about the fire wall i noticed its bloacking the geniric host cvchost.exe internet server access
i did a command promot order :
sc query dcom
sc enumqueryservicesstatus: openservice failed 1060
the specified service dose not exist as installed server
is that related?

i just scanned with the microsoft malicious software removal tool and nachi scan was not infected

[doctorgonzo]

A bad power supply could very easily be causing restarts. I've never heard of that brand, which usually isn't a good sign.

It may be time to run and post a Hijack This log.

[sp1zy]

yes but power supply restart would force the system to restard sudenly
my restart came after a shot down warrning from the system telling me the system will close down after 1 min for the prevouis reasons . witch means my system had all the power it needs at that point and it was a s/w failure...


sorry i didnt get what u said... u want me to post what?? hijack log??
i dont un derstand

[doctorgonzo]

Quote:

Originally Posted by sp1zy yes but power supply restart would force the system to restard sudenly

Not necessarily. Bad power supply -> bad quality power to the motherboard, processors, and memory -> memory corruption -> Windows errors and restarts. Bad power supplies can screw up your computer in many subtle ways.

Hijack This is a program that will tell you what is running on your computer; it is used to find and fix spyware issues.

[sp1zy]

ok i will download and make the tests you recomended it will take some time
coz am on modem.... what if the resolts are ok as i expect...

do you think anything is rong with the hardware??? if not do you recomend a format and reinstall winxp to replace the generic exe file with a frech one??

[doctorgonzo]

Hijack This isn't really a test, it will give you a list of what is running on your system. You can then post the list here and we can tell you if something doesn't look right.

[sp1zy]

Logfile of HijackThis v1.99.1
Scan saved at 09:51:06 م, on 22/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\UPSurfer Pro\UPServ.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\UPSurfer Pro\UPS.EXE
C:\Program Files\GetRight\getright.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\Mozilla Firefox\firefox.exe
F:\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
O1 - Hosts: 72.17.137.93 irc.westwood.com
O1 - Hosts: 72.17.137.93 servserv.westwood.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{480F0ABD-B68F-4736-B2AF-46EB467F4F9C}: NameServer = 213.131.65.20 213.131.66.246
O17 - HKLM\System\CS1\Services\Tcpip\..\{480F0ABD-B68F-4736-B2AF-46EB467F4F9C}: NameServer = 213.131.65.20 213.131.66.246
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: UPSmart - Unknown owner - C:\Program Files\UPSurfer Pro\UPServ.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

[doctorgonzo]

Don't really see anything out of the ordinary there, aside from GetRight, which looks to be some kind of download accelerator utility and is probably unnecessary.

You can try doing a repair install of Windows, which won't harm your data.

[sp1zy]

am sorry but i do not understand this analyze i will need ure help on this thank you

[doctorgonzo]

A repair install will repair the Windows installation. Put the Windows CD in the drive, reboot, then select install. It will find the current Windows installation, and when it asks tell it to repair that installation.

[sp1zy]

i dont have any importent data on the pc.. i will format c:\ to clean up all and reinstall on frech platform
as for get right its a famous download maneger and i need to use it coz
am on dial up connection ... do u see any harm coming from it??

thank you for ure time

[sp1zy]

i cant do the trend micro house call coz it say i need 2:5 hours to complete it
on a dial up con......

ill format and run a clean insall .... my p4 processor can install winxp profetional
in 6 min .......lol amazing