| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 67512 | 2006-03-30 04:37:00 | random reboot problem - please help!!! | triple5seoul (10099) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 441954 | 2006-03-30 04:37:00 | Hi, I'm new to these forums and came here looking for help. I have Windows XP installed in my AMD Athlon 2500+ with 512 MB RAM. Maybe a couple of months ago I had this strange problem where my PC would randomly shut down. I am sure this was random, seeing as how it would happen at anytime regardless of what programs I was running etc. The problem escalated to a point where I could not use my PC for even an hour before it shut off. I asked around and was told it could be overheating, a RAM problem, or perhaps even a hard drive failure. I even tried reformatting but my system would shutdown whilst in the middle of reformatting. So I took my PC to a local shop and told them what was the problem and left it there for a few days. What was interesting is that they called and told me that it was a virus that was causing my problems, and how it was on my secondary HD which I use mainly just for storage (movies etc.) I thought this was odd because I have Norton 2003 installed and no viruses ever came up in its weekly scans. The repairman (who was an honest good guy) removed the virus and recommended that I reformat my computer and that things would be fine. So I reformatted that night and my computer ran like a dream...for perhaps 3 months. Then the problem starting happening all over again. Random shutdowns multiple times a day. I don't know why this is happening, I even upgraded to Norton 2005 since the prior viral issue, and I really don't want this problem to keep occuring. I was thinking about taking it back to the workshop, but I was wondering if anyone could help. If this is like the last time, my problem is a viral issue and a virus that my scans don't even detect. Please help me if anyone has any idea. Thanks in advance. | triple5seoul (10099) | ||
| 441955 | 2006-03-30 04:41:00 | Get the file (hijackthis) in my signature below. And post the log here. Since it installed and worked fine for 3 mths, it may not be due to overheating. Are you running a firewall?? Is Nortons AV 2005, part of Internet Security (which includes the firewall)?? |
Speedy Gonzales (78) | ||
| 441956 | 2006-03-30 04:48:00 | Logfile of HijackThis v1.99.1 Scan saved at 10:48:49 PM, on 3/29/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Microsoft Hardware\Keyboard\type32.exe C:\Program Files\Microsoft Hardware\Mouse\point32.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\AIM+\AIM+.exe C:\Program Files\Desktop Calendar\Desktop Calendar.exe C:\PROGRA~1\AIM95\aim.exe C:\Program Files\3M\PSNLite\PsnLite.exe C:\PROGRA~1\3M\PSNLite\PSNGive.exe C:\WINDOWS\System32\Ati2evxx.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Messenger\msmsgs.exe D:\Eli's Stuff\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" O4 - HKLM\..\Run: [POINTER] point32.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe" O4 - HKLM\..\Run: [IHTWINCINEMAMGR] "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe" O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AIM] "C:\Program Files\AIM+\AIM+.exe" -cnetwait.odl O4 - HKCU\..\Run: [Desktop Calendar] C:\Program Files\Desktop Calendar\Desktop Calendar.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: D-Link AirPlus Utility.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - upload.facebook.com O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe |
triple5seoul (10099) | ||
| 441957 | 2006-03-30 04:51:00 | I really appreciate the quick response, but you mentioned how it might not be overheating. Please read my original post again, it was a VIRUS that caused my problem before and I am assuming it is another virus causing the problem again. I do have a firewall, I am not all that familiar with configuring them, but it is the firewall that was implemented by Windows XP after Service Pack 2 enhanced security. Also my Norton Antivirus has a firewall and a worm blocker. Thanks again for the fast reply. |
triple5seoul (10099) | ||
| 441958 | 2006-03-30 05:03:00 | The log looks fine to me . Boot into safe mode, and run Hijackthis again tick these entries and tick fix checked . O4 - HKLM\ . . \Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck . exe O4 - HKLM\ . . \Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask . exe" -atboottime O4 - Global Startup: Microsoft Office . lnk = C:\Program Files\Microsoft Office\Office10\OSA . EXE - Thats if u want to run the Office programs manually . Also, I wouldnt run more than 1 firewall . It looks like you're running Norton Internet Security and Norton Personal Firewall . Uninstall one . Having more than 1 firewall, they'll conflict . Also make sure XP SP2's firewall is OFF . I dont know what these 2 entries belong to . Do you?? I think the 2 entries below, have something to do with this problem / virus . Tick these 2 entries as well . O9 - Extra button: PartyPoker . com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp . exe O9 - Extra 'Tools' menuitem: PartyPoker . com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp . exe |
Speedy Gonzales (78) | ||
| 441959 | 2006-03-30 05:08:00 | I did as you said and ticked the entries and clicked fix checked. I am not too sure about how to disable one of my firewalls but I'll look into it. The PartyPoker things you weren't sure of are an internet Poker program. You mentioned you don't see anything really wrong, any other ideas why my computer would consistently shut down? Thanks again, this forum seems to be a great help. | triple5seoul (10099) | ||
| 441960 | 2006-03-30 05:17:00 | Is there anything in the event logs - run eventvwr.msc and check the system log for errors. One way to check that its not a heat problem would be to leave it in the bios setup screen and see if it shuts down. |
gcarmich (10068) | ||
| 441961 | 2006-03-30 05:47:00 | It might run OK in the BIOS setup screen, because the processor wouldn't be stressed . Under some BIOS's there sometimes a page called something like "PC Health Status" If you're lucky, there'll be two settings * an audible alert for a CPU Warning Temperature, say 60 to 80 degrees * automatic shutdown at another, say 70 to 90 degrees . Some fan-controllers will add this feature to a PC without temperature alerts . |
kingdragonfly (309) | ||
| 441962 | 2006-03-30 05:59:00 | Small steps. If it does shut down while in the bios then we have learned something. If there are event logs that say its shutting down then we learn something else, perhaps something very important, why its shutting down, if there are no event logs saying it shutdown then we know it crashed and there will be event logs to say that, we learn something else. |
gcarmich (10068) | ||
| 441963 | 2006-03-30 06:30:00 | Is this a "random reboot problem" or a "random halt problem"? There is a difference. ;) A heat-caused shutdown will be just that, a shutdown and halt, not a reboot. It is quite possible for similar events to have different causes. Have a look and make sure that all the fans are running. Especially the one on the CPU. I find it saves time to eliminate simple things before looking for complicated one. I sometimes remember to do it, too. :cool: |
Graham L (2) | ||
| 1 2 | |||||