PA
Mon Mar 31 08:22:05 PDT 2008
YW, Dai. I'd still recommend posting your HijackThis log to an appropriate
forum for review by an expert.
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
AumHa VSOP & Admin
http://aumha.net
DTS-L
http://dts-l.net/
Dai wrote:
> Picking up on what you suggested as a possible cause, I ran 'Spybot Search
> &
> Destroy' and it picked up 5 sispicious items which I deleted. I often
> run
> this program but it is rare that anything has got past my firewall & anti
> virus. Anyway it looks as though you were right on the button as the
> problem has now gone. Thank you for your help.
>
>> Dai wrote:
>>>>> For the past week when shutting down I get the following 'Blue Screen'
>>>>> message.
>>>>>
>>>>> Stop c000021a Fatal error has occurred. Windows logon process.
>>>>> System
>>>>> process terminated unexpectedly with status 0xc0000005 (0x00000000
>>>>> 0x00000000) System has shut down.
>>>>>
>>>>> I have not conciously made any change to my system or settings. The
>>>>> problem does not appear to be having any detremental affect as the PC
>>>>> runs
>>>>> normally at the next boot up until I close down again
>>>>> Any idea what this is all about ?
>>>>
>>>> What anti-virus application or security suite is installed? What
>>>> anti-spyware applications (other than Defender)? What third-party
>>>> firewall
>>>> (if any)?
>>>> ========================
>>>> <QP>
>>>> 0xC000021A: STATUS_SYSTEM_PROCESS_TERMINATED
>>>> This occurs when Windows switches into kernel mode and a user-mode
>>>> subsystem, such as Winlogon or the Client Server Runtime Subsystem
>>>> (CSRSS),
>>>> is compromised. Security can no longer be guaranteed. Because Win XP
>>>> can�t
>>>> run without Winlogon or CSRSS, this is one of the few situations where
>>>> the
>>>> failure of a user-mode service can cause the system to stop responding.
>>>> This
>>>> Stop message also can occur as a result of malware infestation or when
>>>> the
>>>> computer is restarted after a system administrator has modified
>>>> permissions
>>>> so that the SYSTEM account no longer has adequate permissions to access
>>>> system files and folders.
>>>> </QP>
>>>> Source:
http://aumha.org/a/stop.htm
>>>> ========================
>>>> Run a /thorough/ check for hijackware, including posting your
>>>> hijackthis
>>>> log
>>>> to an appropriate forum.
>>>>
>>>> Checking for/Help with Hijackware
>>>>
http://aumha.org/a/parasite.htm
>>>>
http://aumha.org/a/quickfix.htm
>>>>
http://aumha.net/viewtopic.php?t=5878
>>>>
http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
>>>>
http://mvps.org/winhelp2002/unwanted.htm
>>>>
http://inetexplorer.mvps.org/data/prevention.htm
>>>>
http://inetexplorer.mvps.org/tshoot.html
>>>>
http://www.mvps.org/sramesh2k/Malware_Defence.htm
>>>>
http://defendingyourmachine2.blogspot.com/
>>>>
http://www.elephantboycomputers.com/page2.html#Removing_Malware
>>>>
>>>> When all else fails, HijackThis v2.0.2
>>>> (
http://aumha.org/downloads/hijackthis.exe) is the preferred tool to
>>>> use.
>>>> It will help you to both identify and remove any hijackware/spyware
>>>> with
>>>> assistance from an expert. **Post your log to
>>>>
http://forums.spybot.info/forumdisplay.php?f=22,
>>>>
http://castlecops.com/forum67.html,
>>>>
http://forums.subratam.org/index.php?showforum=7,
>>>>
http://aumha.net/viewforum.php?f=30, or other appropriate forums for
>>>> review
>>>> by an expert in such matters, not here.**
>>>>
>>>> If the procedures look too complex - and there is no shame in admitting
>>>> this
>>>> isn't your cup of tea - take the machine to a local, reputable and
>>>> independent (i.e., not BigBoxStoreUSA) computer repair shop.
>>>
>>> I use Outpost firewall and Esset NOD32 antivirus. I am afraid that
>>> most
>>> of what you say is above my head but thank you very much for taking the
>>> trouble to respond. I have made no concious changes to access
>>> permissions or logon procedures. I am the sole user and do not use any
>>> log in passwords. My online security programs have always given a high
>>> degree of protection against virus etc. Are you suggesting that I
>>> click
>>> on one of the links you give to check that there is no virus present ?
>>> I
>>> am puzzled why this problem has suddenly started as I cannot think of
>>> any
>>> changes that I have made.
>>
>> [Tip: If you're going to bottom-post your replies, make sure you're
>> signature is at the end of your post, please.]
>>
>> Despite the presence of NOD32 (assuming your subscription if current) and
>> Outpost firewall, the STOP error could be caused by hijackware. It would
>> be best to at least rule OUT this possiblity, Dai.
>> --
>> ~Robear Dyer (PA Bear)
>> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
>> AumHa VSOP & Admin
http://aumha.net
>> DTS-L
http://dts-l.net/