Question

Computer reboots randomly

Asked by: mkiser

I have a computer that usually reboots once a day with Event ID 1003. Below is the info from the event log. This is a Windows XP Pro computer logging into a 2003 domain. Any suggestions?

Event Type:      Error
Event Source:      System Error
Event Category:      (102)
Event ID:      1003
Date:            8/20/2009
Time:            8:30:03 AM
User:            N/A
Computer:      DCTEMP4
Description:
Error code 1000000a, parameter1 00013e48, parameter2 00000002, parameter3 00000001, parameter4 80701a16.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 53 79 73 74 65 6d 20 45   System E
0008: 72 72 6f 72 20 20 45 72   rror  Er
0010: 72 6f 72 20 63 6f 64 65   ror code
0018: 20 31 30 30 30 30 30 30    1000000
0020: 61 20 20 50 61 72 61 6d   a  Param
0028: 65 74 65 72 73 20 30 30   eters 00
0030: 30 31 33 65 34 38 2c 20   013e48,
0038: 30 30 30 30 30 30 30 32   00000002
0040: 2c 20 30 30 30 30 30 30   , 000000
0048: 30 31 2c 20 38 30 37 30   01, 8070
0050: 31 61 31 36               1a16    

This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.

Subscribe now for full access to Experts Exchange and get

Instant Access to this Solution

  • Plus...
  • 30 Day FREE access, no risk, no obligation
  • Collaborate with the world's top tech experts
  • Unlimited access to our exclusive solution database
  • Never be left without tech help again

Subscribe Now

Asked On
2009-08-20 at 07:52:49ID24668390
Tags

Windows XP Pro

,

Event ID 1003

Topics

Windows XP Operating System

,

System Diagnostic Software

Participating Experts
6
Points
500
Comments
36

Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.

  • "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
  • "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
  • "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.

See what Experts Exchange can do for you.

Got a question?

We've got the answer.

Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.

Screenshot of Experts Exchange Knowledgebase

Need individual assistance?

Our experts are ready to help.

If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.

Screenshot of Experts Exchange Knowledgebase

Want to learn from the best?

Read articles from industry experts.

Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.

Screenshot of an Article

Working on a long term project?

Store your work and research.

Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.

Screenshot of Experts Exchange Knowledgebase

Access the answers to your technology questions today.

Subscribe Now

30-day free trial. Register in 60 seconds.

What Makes Experts Exchange Unique?

Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Trusted by the world's most respected brands.

image of each brand's logo

Faithfully serving IT professionals since 1996.

Experts Exchange Logo

Try it out and discover for yourself.

Subscribe Now

30-day free trial. Register in 60 seconds.

Related Solutions

  1. Server rebooting with Error code 000000d1, parame…
    We have SBS2003 Twice in the last few days it has crashed and rebooted with the following System Error Event 1003 Error code 000000d1, parameter1 00000003, parameter2 00000002, parameter3 00000000, parameter4 f76a9917. Any thoughts?
  2. Computer crashed - Error code 00000019, parame…
    Machine crashed when user just finished using Nero. Looked in the error logger and found this information: Source: System Error Category (102) Event ID: 1003 Error code 00000019, parameter1 00000020, parameter2 8952a698, parameter3 8952a6b0, parameter4 0a030001. For more ...
  3. Windows XP reboots randomly
    Hi I have a Windows XP computer that is rebooting randomly. This computer is joined to a SBS 2003 domain Here are the specs: OS Name Microsoft Windows XP Professional Version 5.1.2600 Service Pack 2 Build 2600 OS Manufacturer Microsoft Corporation System Name RW001 System ...
  4. SBS 2003 getting Error code 000000d1, paramet…
    Hi, I got this message this morning Event Type: Error Event Source: System Error Event Category: (102) Event ID: 1003 Date: 8/10/2007 Time: 5:41:41 PM User: N/A Computer: OURPDC Description: Error code 000000d1, parameter1 00021000, parameter2 00000002, parameter3 0000000...
  5. SBS 2003 Reboots randomly at 12 noon!
    Hi I have a Dell Poweredge 2800 server running SBS 2003 Premium. This server has a habit of rebooting right in the middle of the day, this doesn;t happen every day, sometimes it's a week apart other times it's every other day. Obviously being that it happens at 12 noon it's ...
  6. Server rebooting with Error code Error code 000000d…
    We have a server that has just started either locking up hard or rebooting a few times a day. We thought it might be the hard drives (as the RAID keeps going down) - so we replaced the hard drives all together and rebuild the array - but it still keeps going down. The error...

Free Tech Articles

  1. WARNING: 5 Reasons why you should NEVER fix a computer for free.
    It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
  2. SCCM OSD Basic troubleshooting
    SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
  3. Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
    This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
  4. Create a Win7 Gadget
    This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
  5. Outlook continually prompting for username and password
    There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
  6. Backup Exchange 2010 Information Store using Windows Backup
    There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...

Cloud Class Webinars

  1. Avoiding Bugs in Microsoft Access
    Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
  2. Top 10 Best New Features in Visio 2010
    Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
  3. IT Consultant Business Secrets Revealed
    Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
  4. Disaster Recovery and Business Continuity
    Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
  5. Organize Your Visio Diagrams with Containers and Lists
    Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
  6. How to Us Objects, Properties, Events and Methods in Microsoft Access
    Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...

Join the Community

Give a Little. Get a Lot.

Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.

Join the Community

Answers

 

by: Steelers4lifePosted on 2009-08-20 at 07:56:37ID: 25143303

Is it possible the machine is over heating ? Coupld be the CPU over heating ? I would run hardware diagnostics and make sure it is not a hadware issue.

 

by: LisijPosted on 2009-08-20 at 08:01:54ID: 25143369

is it possible it's running hot?
if temp is OK, fan's are working, and case is clean inside, test RAM
download memtest86, run it on the pc

has there been any changes to the computer. next on the list of the suspects are bad/corrupted drivers, or BIOS - did you update the BIOS by any chance?

 

by: tdukie13Posted on 2009-08-20 at 08:08:56ID: 25143469

What has changed since this error has started to occur?

 

by: captain_brainiacPosted on 2009-08-20 at 08:12:06ID: 25143514

My experience has been that random reboots are normally caused by hardware problems and usually due to overloading a weak power supply.  However, when that happens, you normally don't get an event written to the event logs because the computer does a "hard" reboot before it gets an opportunity to write anything to the logs.

With that being the case, I would actually take a look at the software side first.  According to the following link, you "might" be dealing with some type of malware:

http://support.microsoft.com/kb/894278

I would first take a look at your task manager and make sure you recognize the processes that are running and that there's not anything funky in there.  I would also recommend downloading/running superantispyware.  I've found that this app will catch a lot of things that even a good AV apps won't.

That might not be the solution, but maybe it'll rule the malware possibility out for now.

Also, does it reboot at exactly the same time every day?  Does it every reboot twice in one day?

 

by: noxchoPosted on 2009-08-20 at 08:17:31ID: 25143600

It could be possible that machine BSODes from time to time. Change the system recovery parameters and uncheck Reboot option in System start and recovery panel. It should create minidumps where the possible cause of the problem is tracked.

 

by: JonveePosted on 2009-08-20 at 08:24:30ID: 25143706

You could also see if there's a dump of the state of your system at the time it crashed.
The dumps are normally located in c:\windows\minidump\    
or  %systemroot%\minidump\

If there is, can you paste the latest dump(s) in the "Attach Code Snippet" box and i'll take a look.  You'll need to rename single minidump files first with a .txt extension, (do not rename the contents of the file).  Alternatively zip them before attaching, and rename the .zip to .txt for the attaching (the upload).

You may need to disable auto restart:
Right click My Computer > Properties > Advanced > Startup and Recovery Settings and uncheck Automatically Restart.

Another possibility is motherboard failure ... capacitor failure being the main cause of mobo failure.  See the capacitor plague:
http://en.wikipedia.org/wiki/Capacitor_plague

Then, if still unresolved, try a new preferably larger capacity power supply.

 

by: JonveePosted on 2009-08-20 at 08:29:38ID: 25143783

@ noxcho,
my minidump request is similar to yours .. sorry, didn't refresh ...

 

by: mkiserPosted on 2009-08-20 at 08:32:31ID: 25143820

I don't think it is heat related because it usually only does it once a day and is usually in the morning.
I have not done any driver or BIOS updates since originally putting the machine together.
Memtest86 was the first thing I tried. I ran it through multiple passes one night with no errors.
I will check the processes for culprits.
Where would I change the system recovery parameters?

 

by: Steelers4lifePosted on 2009-08-20 at 08:34:40ID: 25143843

Right click my computer to properties then advanced tab . YOu wil lsee startup and Recovery click settings and you will see the options there.

 

by: noxchoPosted on 2009-08-20 at 08:38:48ID: 25143889

Right click My Computer > Properties > Advanced > Startup and Recovery Settings and remove check from Automatically Restart box.
Look here: http://www.pchell.com/support/minidumps.shtml

 

by: mkiserPosted on 2009-08-20 at 08:58:52ID: 25144127

Today's minidmp is attached.
I have disable the reboot option.
I will check additional checks while the user is at lunch.

 

by: noxchoPosted on 2009-08-20 at 09:11:02ID: 25144254

Probably caused by : Ntfs.sys ( Ntfs+849 )
Looks like file system problem.

 

by: noxchoPosted on 2009-08-20 at 09:13:56ID: 25144284

 

by: noxchoPosted on 2009-08-20 at 09:20:24ID: 25144351

BTW is this Intel or AMD based machine?

 

by: noxchoPosted on 2009-08-20 at 09:22:46ID: 25144374

Ok, further search narrowed the possible cause of the problem to:
1)McAfee
2)Bad RAM (run stress check)
3)VideoCard drivers
4)AMD and SP3 on XP problem: http://www.techsupportforum.com/microsoft-support/windows-xp-support/345841-blue-screen-ntfs-sys.html

 

by: JonveePosted on 2009-08-20 at 09:58:25ID: 25144753

From your minidump it could well be a driver problem.  You could see if the Verifier.exe command shows which drivers are not verified >
How to Use Driver Verifier to Troubleshoot Windows Drivers:
http://support.microsoft.com/kb/244617/en-us

 

by: mkiserPosted on 2009-08-20 at 11:27:24ID: 25145643

What am I looking for in verifier.exe.

 

by: JonveePosted on 2009-08-20 at 12:47:59ID: 25146330

Before launching Driver Verifier please read the article below, in particular the comments in paragraph 3 noting which ''settings' to avoid.

Using the Microsoft Driver Verification Tool:
http://www.codeproject.com/KB/debug/Verifier.aspx

Basically you set it to verify all drivers, then you reboot.    
You'll possibly get a BSOD at this point, & hopefully the dump file analysis will point to the driver that is the problem(assuming of course that a driver is the real cause!).

Start > Run > then type verifier.exe  (no quotes).

Info:  Verifier.exe is located in the %WinDir%\System32 folder.

 

by: JonveePosted on 2009-08-20 at 13:07:18ID: 25146565

The Driver Verifier operation is described quite clearly here>

"Troubleshooting drivers with XP's hidden Driver Verifier Manager":
http://articles.techrepublic.com.com/5100-10878_11-5714091.html

 

by: JonveePosted on 2009-08-20 at 15:33:40ID: 25147754

Took another look at the problem and found these instructions for the Drive Verifier.  Please note that although they're written for Vista & Windows 7, they're suitable for XP.
   
For XP you simply do this>
START > Run > cmd >     then type VERIFIER

Then follow the verifier instructions:
http://www.techsupportforum.com/2110308-post4.html

If you get a dump file from c:\windows\minidump, zip it up & post it here of course.

 

by: mkiserPosted on 2009-08-20 at 15:36:09ID: 25147768

I ran the driver verifier with all drivers selected and the system rebooted with no BSOD.
I don't have and McAfee products installed. This PC used to have McAfee site advisor on it but it was uninstalled months ago.
The processor is an Intel dual core 3.2 GHz.
The video card is a nvidia GeForce4 MX 4000 with driver version 6.14.10.6693.

 

by: mkiserPosted on 2009-08-20 at 15:55:34ID: 25147858

I ran a check disk with both options selected. Nothing was logged in the event viewer. This is a Western Digital hard drive. It seems like a hard drive problem would show up more often than this problem is. Are there any good hard drive tools that can be run from Windows? If not I will run mfg tools locally in the morning.

 

by: captain_brainiacPosted on 2009-08-20 at 16:01:55ID: 25147881

I hate to be potentially dragging you off course, but have you tried running superantispyware yet?  The only reason I recommend this is because it's easy and just takes a couple of minutes to run.  I would consider this "low hanging fruit" and do it just to eliminate it as a possible cause.  In the same vein, how did the processes in task manager look?

 

by: mkiserPosted on 2009-08-20 at 17:57:33ID: 25148334

I ran the quick scan and found the usual cookies. I rebooted then ran a full scan and came up clean.
I didn't find anything obvious in the process list.

 

by: JonveePosted on 2009-08-20 at 23:42:30ID: 25149534

When McAfee was removed months ago, conceivably it was not completely uninstalled.
You could try running this Uninstaller >
http://www.wikihow.com/Uninstall-McAfee-Security-Center

Another idea is to run Process Explorer v11.33
http://technet.microsoft.com/en-gb/sysinternals/bb896653.aspx

See if there's any offending file. If it is a svchost.exe, then Select the Services Tab.
You can see what services are in that svchost.exe.  
Then Select the Threads tab, and see what .exe or .dll is using the CPU.  You can select it by double clicking it.  

On the infection theme it's also worth downloading then updating Malwarebytes' Anti-Malware:
http://www.malwarebytes.org/mbam.php
When updated, reboot into Safe Mode by selecting F8 at bootup & run a scan.

If still no good i suggest you install and run Trend HijackThis 2.02:
http://majorgeeks.com/Trend_Micro_HijackThis_d5554.html

Create a folder where you would like the HijackThis file to reside and run it from there, not from the Desktop or a temporary folder.
Run the scan & save the logfile.  Then click the "Attach Code Snippet" box, paste the logfile into the "Code Snippet" page and then we can get it analysed.  

 

by: JonveePosted on 2009-08-20 at 23:52:40ID: 25149579

If you haven't had the opportunity of visually checking the mobo there's still the possibility of capacitor failure, particularly the capacitors adjacent to the CPU.
While you are there you could inspect the CPU/heatsink assembly (thermal paste?)

Also worth considering borrowing(?) a new preferably larger capacity power supply, if issue remains unresolved.

 

by: mkiserPosted on 2009-08-21 at 05:23:07ID: 25151011

I checked the mobo and found no defective caps.
I also pulled the heat sink and cleaned it then replaced it with fresh thermal paste.
HiJack This report attached below.
I did also run the process explorer but I'm not sure what I'm looking for. The help file that extracted with the program is not functional.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:18:01 AM, on 8/21/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Kaseya\Agent\AgentMon.exe
C:\Program Files\Kaseya\Agent\KasAVSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaseya\Agent\KaUsrTsk.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator.RENTECH\My Documents\HiJack This\HiJackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Kaseya Agent Service Helper] "C:\Program Files\Kaseya\Agent\KaUsrTsk.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1197394473150
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1197394451713
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD 2002\InstFred.ocx
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://demos.webex.com/client/v_mywebex-t20/webex/ieatgpc.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD LT 2002\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = RENTECH.ORG
O17 - HKLM\Software\..\Telephony: DomainName = RENTECH.ORG
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C840CEC-C6D8-4959-8B5A-1CD4B788ADE7}: NameServer = 192.168.0.95,192.168.0.99
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = RENTECH.ORG
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Kaseya Agent (KaseyaAgent) - Kaseya - C:\Program Files\Kaseya\Agent\AgentMon.exe
O23 - Service: Kaseya Security Service (KaseyaAVService) - Unknown owner - C:\Program Files\Kaseya\Agent\KasAVSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
 
--
End of file - 8266 bytes
                                              
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:
50:
51:
52:
53:
54:
55:
56:
57:
58:
59:
60:
61:
62:
63:
64:
65:
66:
67:
68:
69:
70:
71:
72:
73:
74:
75:
76:
77:
78:
79:
80:
81:
82:
83:
84:
85:
86:
87:
88:
89:
90:
91:
92:
93:
94:

Select allOpen in new window

 

by: JonveePosted on 2009-08-21 at 06:34:12ID: 25151604

Ok, thanks ..  
This guide might be useful ... scroll to the Video references>>http://forum.sysinternals.com/forum_posts.asp?TID=10998&PID=63617

Or details, with pics >
http://ask-leo.com/how_do_i_find_out_what_program_is_using_all_my_cpu.html

Checking your HJT logfile ...

 

by: JonveePosted on 2009-08-21 at 06:45:13ID: 25151716

Your HijackThis log looks very clean!  
If you recognise these, no problem.    Otherwise you can 'fix' them with HJT >>

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = RENTECH.ORG
O17 - HKLM\Software\..\Telephony: DomainName = RENTECH.ORG
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = RENTECH.ORG

This doesn't guarantee you have no infection, HijackThis is simply a guide as to what we can use next.  But at this point i see no reason to run the powerful ComboFix, although you may like to try  the safe & popular Malwarebytes.

 

by: LisijPosted on 2009-08-21 at 08:18:42ID: 25152715

is it just me, or do you have 2 antiviruses installed? Kasperski and AVG?

 

by: mkiserPosted on 2009-08-21 at 08:29:48ID: 25152821

Just AVG. I do have a security software called Kaseya that provides a central management of  antivirus, updates, audits, remote access through VNC, etc.

 

by: JonveePosted on 2009-08-23 at 07:40:52ID: 25162793

Is the machine still rebooting after applying the fresh thermal paste?
If yes, another suggestion is to try Autoruns.  It's a system Startup utility with which you can view and change all the processes that windows normally load at bootup >
Autoruns for Windows v9.53:
http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx

Right-click on icon then select "run as administrator".
Let it scan (status is shown on lower-left of screen).
Select "Everything" tab.
See if you can spot any rogue entries.  
If there are, delete them or disable them by un-checking the appropriate box.

Then there's that earlier suggestion of a new, preferably larger PSU ...

 

by: mkiserPosted on 2009-08-24 at 04:38:37ID: 25167309

I ran the Malware bytes this morning and found a couple items. At this point I will just have to wait and see if it reboots. It happened most days but not everyday so I'll have to be free of the reboots until at least Wednesday before I say it is fixed. I will keep you posted.

 

by: JonveePosted on 2009-08-24 at 07:52:27ID: 25168898

Ok, thats fine.  If it does do a random reboot, you may like to post the minidump here again & we'll take another look.

 

by: mkiserPosted on 2009-08-27 at 08:12:43ID: 25199153

After 4 days of no problems I'd say its fixed but have no idea which fix actually fixed it so I'll spread the point around. Thanks for all the help.

 

by: JonveePosted on 2009-08-27 at 09:30:43ID: 25200074

You're very welcome, thank you.

20120131-EE-VQP-002

3 Ways to Join

30-Day Free Trial

The Experts

98% positive feedback on 31,087 answers since March 2000. angeliii is a Microsoft Most Valuable Professional for his work with MS SQL Server & Develoment.

He has also proven his knowledge of Visual Basic Programming, PHP Scripting and Oracle Databases.

The Experts

97% positive feedback on 10,752 answers since July 2000. lrmoore has more than 18 years experience in the networking industry.

The six-time Mircosoft MVPs specialties include firewalls, virtual private networking, and network management.

Testimonials

"...and excellent source for support... Kind of like having your very own IT dept." Electriciansnet

Testimonials

"I was apprehensive at signing up at first. However... it has already made my life as an IT administrator much easier." JaCrews

Testimonials

"WOW! You guys have great, active, and knowledgeable people on here." moore50

Business Clients

Business Clients

In the Press

"If you’ve got a question... Experts Exchange can supply an answer.”

In the Press

"...an invaluable aid for both IT professionals and those who require tech support."

In the Press

"where IT professionals provide quick answers on just about any topic"

Business Account Plans

Loading Advertisement...