Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Xp critical system shut downs


  • Please log in to reply

#1
HAPPYCAMPER

HAPPYCAMPER

    New Member

  • Member
  • Pip
  • 5 posts
The information in your threads has been extreemly helpful in the past thank you for this site.

I have been working on my daughters computer. She has an emachine monster 600.

I replaced the hard drive with a 80G drive and loaded XP home(SP1). Seems to work ok until I try to download anything from the internet. It freezes up then I get a critical system process shut down.

Perhaps if I could update to SP2 this might solve the problem but at the moment I am in a catch 22.

C:\windows\system32\lsass.exe
failed with status code c0000005 or 1073741819

MS status codes for this error cover windows 2000 but not XP. I have not read anything in any of the threads covering this issue. I'm thinking I may have a hardware issue perhaps memory or Bios.

Any Ideas ???
  • 0

Advertisements


#2
darth_ash

darth_ash

    Member 1K

  • Member
  • PipPipPipPip
  • 1,382 posts
Problems with lsass.exe are commanly caused when your infected with Sasser Worm.
Go to the following link to scan for it:
http://www.microsoft...ve/default.mspx
If u get a clean bill, also try these steps. (link).
If in any step, u detect an malware infection go to the Malware Removal Forum.
Otherwise, U may continue this thread.
  • 0

#3
HAPPYCAMPER

HAPPYCAMPER

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Attached File  ewido_Scan_3_report_20050727.txt   1.1KB   75 downloadsAttached File  ewido_Scan_3_report_20050727.txt   1.1KB   75 downloadsAttached File  ewido_Scan_3_report_20050727.txt   1.1KB   75 downloadsWell here I am going thru the process. I know this old computer is not worth the time but the learning experience is priceless. Thank you for bearing with me so far.

I am determined to leave this computer off line until it is clean and reasonably safe therefore I have physically unpluged the cable and am moving programs via cd burner.

Since I am not online yet I can not update the definitions but so far I have cleaned most of the recognized malware files but there are four exceptions. I have scanned with ewido and ad-aware serveral times and keep trying to delete three registry keys and a file in the system32 to no avail.

Using reg edit trying to remove the registry file they are designated as predetermined and cannot be removed. How do I go about removing these keys??

also in windows\system32 ewido says rdrv.sys is infected but of course I cannot remove it because it is in use.

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 12:10:54 PM, 7/27/2005
+ Report-Checksum: F606A936

+ Scan result:

HKLM\SOFTWARE\ISTbar -> Spyware.ISTBar : Error during cleaning
HKLM\SOFTWARE\ISTbar\Historyfiles -> Spyware.ISTBar : Error during cleaning
HKLM\SOFTWARE\ISTbar\Historystring -> Spyware.ISTBar : Error during cleaning
C:\WINDOWS\system32\rdriv.sys -> Trojan.Rootkit.k : Cleaned with backup


::Report End
Logfile of HijackThis v1.99.1
Scan saved at 1:52:47 PM, on 7/27/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Messenger\msmsgs.exe
E:\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...Bridge-c139.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1122319165069
O23 - Service: AOL Instant Messenger (AOL Instant Messenger) - Unknown owner - C:\WINDOWS\rofl.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iTunes MusicService - Unknown owner - C:\WINDOWS\USBBay.exe
O23 - Service: Windows Process Moniter - Unknown owner - C:\WINDOWS\winmon.exe (file missing)

At this point I feeling pritty brave and I'll take anything off. :tazz:

Edited by HAPPYCAMPER, 27 July 2005 - 03:15 PM.

  • 0

#4
darth_ash

darth_ash

    Member 1K

  • Member
  • PipPipPipPip
  • 1,382 posts
As i said in Post#2;
Pls. Go to the Malware Removal Forum and post the logs. Not here.

Edited by darth_ash, 28 July 2005 - 01:34 AM.

  • 0

#5
HAPPYCAMPER

HAPPYCAMPER

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Sorry And Thanks. :tazz:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP