Ok I know this isn't a tech support forum, but I know a lot of you out there are intelligent people, and the generic PC Help forums haven't replied to me in a week.

Last week I exited a 3D application and clicked Firefox to start it up, then my computer did a hard reset. Ever since, at least once a day my monitor will lose signal and my computer will hang. I've scanned my video memory, my ram, I've done various video card tests, sound card tests, motherboard tests, basically tested every component in my system.

I've examined my motherboard for broken capacitors, reseated my video card and my ram, dusted my pc to hell, did a system restore, and nothing has worked. My power supply is rated 100 watts over what I need for my system and is only a year old. I also monitored my PC temperatures, video card ranges from 59c idle to 71c full load (It's always been this hot and no problems or artifacts), processor from 39c idle to 51c full load, and hard drive just stays in the 30's.

Has anyone ever experienced a problem like this?

What is the status of the disk-activity LED when it locks?

I believe you tried replugging all the data and power cables of your disks, and reset the BIOS...did u?

Could you describe the problem a little more?

download malwarebytes reboot your system in safe mode and run a quick scan. post the log here.

What is the status of the disk-activity LED when it locks?

I believe you tried replugging all the data and power cables of your disk, and reset the BIOS...did u?
No light comes from it, but the computer hangs about 5 seconds after the monitor's signal is lost. For example, I was watching a video on youtube and the monitor signal was lost, but the I still heard audio for about 5 seconds before the system hung, didn't hear any loading.



Could you describe the problem a little more?

First problem occured when exiting a 3D game and then clicking on Firefox, then computer restarted (but I had to shut off the computer to regain monitor signal)

Second problem occured when doing a spyware scan (this leads me to believe there's something happening when the computer is processing lots of data)

Third problem occured when watching youtube video, and at the same time loading up some messaging programs, and Catalyst Control Center to monitor my video card, to see if it was overheating.

Forth time was last night, I had my computer on all day, and was playing a game. I took a break, and a few hours later I went to load the game back up (Processing lots of data, it was on the loading bar screen) then it hung again.

The only evidence I found was an event viewer error that reads.

http://i36.tinypic.com/20us877.png

So clearly something related to my video card messed up (that's why I did the video memory scans and etc, but if it was my video card, why would the spyware scanner make the computer hang again, when I'm doing nothing else?) but this event didn't occur until about the 3rd crash, and I haven't been able to repeat the error.

Here are my temps and voltages after running a 3D application for about an hour (I have no idea about how to know what's normal voltage or not; also, only one fan on my PC reports, but there's the PSU fan obviously, video card fan, case fan, and the processor fan)

http://i35.tinypic.com/ru1e9j.png
[stupid me cropped out the top, it goes current value, min value, max value


So far, my system is stable if i am consistently doing something, like browsing the web or playing and staying inside a 3D game, but if I try to load two things at once, or load a lot of data at once, then it is prone to mess up, but the ram scan came up good, so I don't know what's going on here :(

Does your BIOs have any max temperature settings?

No light comes from it, but the computer hangs about 5 seconds after the monitor's signal is lost. For example, I was watching a video on youtube and the monitor signal was lost, but the I still heard audio for about 5 seconds before the system hung, didn't hear any loading.




First problem occured when exiting a 3D game and then clicking on Firefox, then computer restarted (but I had to shut off the computer to regain monitor signal)

Second problem occured when doing a spyware scan (this leads me to believe there's something happening when the computer is processing lots of data)

Third problem occured when watching youtube video, and at the same time loading up some messaging programs, and Catalyst Control Center to monitor my video card, to see if it was overheating.

Forth time was last night, I had my computer on all day, and was playing a game. I took a break, and a few hours later I went to load the game back up (Processing lots of data, it was on the loading bar screen) then it hung again.

The only evidence I found was an event viewer error that reads.

http://i36.tinypic.com/20us877.png

So clearly something related to my video card messed up (that's why I did the video memory scans and etc, but if it was my video card, why would the spyware scanner make the computer hang again, when I'm doing nothing else?) but this event didn't occur until about the 3rd crash, and I haven't been able to repeat the error.

Here are my temps and voltages after running a 3D application for about an hour (I have no idea about how to know what's normal voltage or not; also, only one fan on my PC reports, but there's the PSU fan obviously, video card fan, case fan, and the processor fan)

http://i35.tinypic.com/ru1e9j.png

So far, my system is stable if i am consistently doing something, like browsing the web or playing and staying inside a 3D game, but if I try to load two things at once, or load a lot of data at once, then it is prone to mess up, but the ram scan came up good, so I don't know what's going on here :(

reboot in safe mode and run AV, I recommend malwarebytes

Does your BIOs have any max temperature settings?

Not when I poked around in it in the past, my computer is about 8 years old, so the BIOS doesn't have the more advanced features, I think. But the temperature is irrelevant, I could play a 3D game for 4 hours, then when I do the most random thing like load up firefox or some other desktop application, which uses minimal computer power, the system hangs.

Not when I poked around in it in the past, my computer is about 8 years old, so the BIOS doesn't have the more advanced features, I think. But the temperature is irrelevant, I could play a 3D game for 4 hours, then when I do the most random thing like load up firefox or some other desktop application, which uses minimal computer power, the system hangs.

Under drive tools click "check now" and let it check the drive completely next time the computer reboots.
Go to my Computer, right click on drive c:\ choose properties/tools
Then reboot.

you might want to post your system specs too btw, but I will repeat again.

there is no sense troubleshooting on a system that has not run a good AV scan.

you really need to start from there.

so step 1.) post your system specs. step 2.) run av, i recommend the FREE version of malwarebytes. 3.) if you can't run a clean scan with all drivers loaded, run it in safe mode. I recommend just running it in safe mode anyways. 4.) step 4 report back once you have a clean scan with the AV log.

Once you establish this baseline, further troubleshooting can be done.

Your graphics drivers maybe causing the problems.

Try using the system in safe mode for a while and see if that locks too.

Best solution I'd recommend-- REINSTALL the OS.

Check the capacitors on your video card. This sounds almost exactly like a problem I had with an Nvidia card a few years ago. It passed every test i threw at it but when I looked at the card it had a blown capacitor.

Check your CPU for bent pins.

nt

here you go bro

http://forums.guru3d.com/showthread.php?t=243831



http://forums.guru3d.com/gfx_RedWhiteBlue/icons/icon1.gif 11-16-2007, 06:14 | posts: 3 | User is Offline
Resolved!!!!!!!!!!!!!!!!!!!!

Issue:
During multiplay , screen goes black, sound loops, after a while system has to be hard reboot.

my system specs:

Operating System: Windows XP Professionalhttp://images.intellitxt.com/ast/adTypes/2.gif (http://forums.guru3d.com/showthread.php?t=243831#) (5.1, Build 2600) Service Pack 2 (2600.xpsp_sp2_gdr.070227-2254) Language: English

(Regional Setting: English)
System Manufacturer: Seanix Technology Inc
BIOS: Version 07.00T
Processor: AMD Athlon(tm) 64 Processor 3200+, MMX, 3DNow, ~2.2GHz
Memory: 1024MB RAM
Page File: 283MB used, 2176MB available
Windows Dir: C:\WINDOWS
DirectX Version: DirectX 9.0c (4.09.0000.0904)
DX Setup Parameters: Not found
DxDiag Version: 5.03.2600.2180 32bit Unicode

Graphic Card:
Card name: Radeon X1650 Series
Manufacturer: ATI Technologies Inc.
Chip type: ATI Radeon Graphicshttp://images.intellitxt.com/ast/adTypes/2.gif (http://forums.guru3d.com/showthread.php?t=243831#) Processor AGP (0x71C1)
DAC type: Internal DAC(400MHz)
Device Key: Enum\PCI\VEN_1002&DEV_71C1&SUBSYS_0850174B&REV_9E
Display Memory: 512.0 MB

Event ID I was getting were as following:

Event Type: Error
Event Source: ati2mtag
Event Category: SDTV
Event ID: 49170
Date: 12/11/2007
Time: 11:48:26 PM
User: N/A
Description:
MODE: GXO Execute BIOS Table Error


Event Type: Warning
Event Source: ati2mtag
Event Category: CRT
Event ID: 45063
Date: 12/11/2007
Time: 6:42:10 PM
User: N/A
Description:
CRT failed to execute AtomBios
Event Type: Error
Event Source: ati2mtag
Event Category: None
Event ID: 108
Date: 14/11/2007
Time: 5:43:43 PM
User: N/A
Description:
The driver ati2dvag for the display device \Device\Video0 got stuck in an infinite loop. This usually indicates a problem with the device

itself or with the device driver programming the hardware (http://forums.guru3d.com/showthread.php?t=243831#) incorrectly. Please check with your hardware device vendor for any driver

updates.



Solution:

things tried



set your desktop res to 800*600, 32bit colour (Helped-very important)
disabling services ( did not help)
uninstalling XP transformatino pack (did nothelp)
stopped unnecessary services
uninstalled all HP applications
updated Drivers
Uninstalled Catalyst control center
Installed ATITrayTools(did not help)
Disabled ATITrayTools(did not help)
uninstalled ATITrayTools(did not help)
updated punkBuster (did not help)
Played in non PB Servers (did not help at all)
Updated RealTek Sound Card ( did not help)
Uninstalled Daemon tools
renamed mssmpi.asi to .bak
replaced mssmpi.asi with COD2 mssmpi (helped)
Went into monitor refresh rate and it was set to 85, changed it to 60(COD4 has 60 setup as default)
Went into sound properties and Under Audio tab, clicked on advanced , click on Performance tab and set the hadrware acceleration to

2 notch from the left(Basic acceleration)
Installed Latest Catalyst 7.10 from Sapphire website

Finally what worked for me is to go into Catalyst Center and click on Advanced setting
Then click on SmartGart
Then where it says "FlashWrite" click off
and on the top the Set AGP speed ,change it to 4x (mine was set to
Click on Apply
Click on Ok

Thats what did the trick , I am sure that solution will resolve for lots of people who have ATI cards. Now for nividia search for

"flashwrite off on nividia card" and I am sure that will work


good luck

First of all back up any important files you have.

My laptop one day started resetting continuously and it turned out that the hard drive failed / completely broke.

OK here's the malware bytes log, did a scan that took 1 1/2 hours (I picked full scan)


Malwarebytes' Anti-Malware 1.41
Database version: 2877
Windows 5.1.2600 Service Pack 2 (Safe Mode)

9/30/2009 2:06:06 PM
mbam-log-2009-09-30 (14-06-06).txt

Scan type: Full Scan (C:\|)
Objects scanned: 280405
Time elapsed: 1 hour(s), 34 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransp orterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransp orterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00b01cc (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Not selected for removal.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Owner\My Documents\RJ\patches and programs\gmaker.exe (Adware.EShoper) -> Not selected for removal.
C:\WINDOWS\system32\drivers\vsfocepkhbevnl.sys (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vsfocebwyklypx.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Favorites\Mp3 Download Links.url (Rogue.Link) -> Not selected for removal.


What happened after this was weird. My computer rebooted(I clicked ok to reset. The program said I had to reset my computer to delete some files, is that bad while in safe mode?), and my monitor hung on the manufacturer splash screen (in my case, HP) The screen that says F1 for setup etc, as if I wanted to go into bios. It just stood in that screen, but my computer booted up, heard the windows welcoming sound play and whatever. I shut my computer off and turned it back on and monitor was fixed. Apparently some trojans were found, don't know if they were in my system for a while or if it's false flags or what, but I deleted the fishy files it found.

Restarted my PC a few more times, is fine now. Just wondering if that problem was from the videocard or was virus related since it happened RIGHT after removing the viruses. I'll update later tonight if my computer restarts/hangs again, thanks for the help guys!

OK here's the malware bytes log, did a scan that took 1 1/2 hours (I picked full scan)



What happened after this was weird. My computer rebooted(I clicked ok to reset. The program said I had to reset my computer to delete some files, is that bad while in safe mode?), and my monitor hung on the manufacturer splash screen (in my case, HP) The screen that says F1 for setup etc, as if I wanted to go into bios. It just stood in that screen, but my computer booted up, heard the windows welcoming sound play and whatever. I shut my computer off and turned it back on and monitor was fixed. Apparently some trojans were found, don't know if they were in my system for a while or if it's false flags or what, but I deleted the fishy files it found.

This was not a false positive, and if you torrent, thats probably where you picked it up.

This is a common infection that has been making the rounds lately. Vundo the trojan which probably downloaded and installed the TDSS rootkit.

I have heard reports that the TDSS rootkits is making the malwarebytes log report that the files have been quarantined and deleted, when it is still there.

You are going to want to take further action to make sure this virus is completely removed.

I'd suggest running Hijack This in safemode as well. Just to verify the false delete in Malwarebytes.

You are going to end up needing to run RootRepeal to K.O. this virus.

So next step, Download Hijack This and run in safe mode. Post the log.

Edit: As far as your concern about whether its the vid card causing problems or the virus. At this point I don't think its your vid card. From what I have read about this vid card, the error that you seen in the log is caused by the card over heating. I checked on the post earlier I made with the hardware workaround for this specific vid card. The lowered the AGP aperture to 4x which lowers the voltage. This doesn't really solve the vid card from overheating. But you only have this error once from what I can see. Total coincidence.

The 4 things times you mentioned this happening are consistent with virus activity. Opening a browser, running av, watching a video (in a browser), 4th time, well not so much but you were playing the game for 6 hours so doubt the vid card was bad. That 4th time, did you happen to have any other apps open (like browser) when it hung up?

I had the same problem when some nasty malware mimicked my Nvidia drivers.

This was not a false positive, and if you torrent, thats probably where you picked it up.

This is a common infection that has been making the rounds lately. Vundo the trojan which probably downloaded and installed the TDSS rootkit.

I have heard reports that the TDSS rootkits is making the malwarebytes log report that the files have been quarantined and deleted, when it is still there.

You are going to want to take further action to make sure this virus is completely removed.

I'd suggest running Hijack This in safemode as well. Just to verify the false delete in Malwarebytes.

You are going to end up needing to run RootRepeal to K.O. this virus.

So next step, Download Hijack This and run in safe mode. Post the log.

I don't torrent at all, where could I have gotten it???
I'll check for it further, thanks.

Oh, quick question about RootRepeal, will it identify the virus by name? I don't want to delete something critical to my computer by accident, if it finds something should I delete it or consult first? Thanks.


The 4 things times you mentioned this happening are consistent with virus activity. Opening a browser, running av, watching a video (in a browser), 4th time, well not so much but you were playing the game for 6 hours so doubt the vid card was bad. That 4th time, did you happen to have any other apps open (like browser) when it hung up?

No, but I just finished browsing and what not.

I don't torrent at all, where could I have gotten it???
I'll check for it further, thanks.

Oh, quick question about RootRepeal, will it identify the virus by name? I don't want to delete something critical to my computer by accident, if it finds something should I delete it or consult first? Thanks.

other ways vundo spreads is through malware like popups etc.. thru web pages. Sometimes you could accidentally click on a stupid popup that is design to make it seem legit. really easy to do. I mentioned torrents, cause that is where this type of trojan is concentrated and where it is seen spreading the most recently. But it is certainly not limited to just that. Here are the specs on the virus.

http://www.spynomore.com/articles/vundo-trojan-specifics-and-removal.php By the way, I don't recommend this software at all. The claims that they are the only company that can remove this virus are full of shit. They just have a good description that came up first on the goog.

I wouldn't recommend rootrepeal until AFTER a Hijack This log is generated and posted, just to verify Malwarebytes scan and remove. But because you did have the rootkit and the rootkit is known to mess with the malwarebytes log, you will definitely want to run Hijack This.

So yeah, if you do get around to running RootRepeal, you are only going to target the bad files and RootRepeal will ident those for you. Just post here once you run Hijack This.

....


No, but I just finished browsing and what not.

Yeah, I mean once you get the virus cleaned up, if you still have problems overheating, I posted a software work around specific to your card earlier.

But really the ultimate solution for your card over heating is to get another fan inside your box pointing at that card.

kill the virus first tho. see if that cleans it up.

Yeah, I mean once you get the virus cleaned up, if you still have problems overheating, I posted a software work around specific to your card earlier.

But really the ultimate solution for your card over heating is to get another fan inside your box pointing at that card.

kill the virus first tho. see if that cleans it up.

My hijack this version is from 2005, I searched to for the newest one, but it takes me to a trendmicro site? I don't remember them making hijack this, or am I wrong? sorry stupid question probably.

I had the same problem when some nasty malware mimicked my Nvidia drivers.

yep, see where his virus is/was hanging out?

C:\WINDOWS\system32\drivers\vsfocepkhbevnl.sys

.sys is a driver extension.

This allows the virus to execute commands that normally the OS wouldn't allow. Fortunately for him, he was able to detect this virus, probably because he is running older hardware and the virus hacker didn't feel like making his virus backwards compatible.

My hijack this version is from 2005, I searched to for the newest one, but it takes me to a trendmicro site? I don't remember them making hijack this, or am I wrong? sorry stupid question probably.


yeah trend micro acquired the rights, this is why a lot of techs and troubleshooting firms switched over to malwarebytes. here is a link
http://go.trendmicro.com/free-tools/hijackthis/HijackThisInstaller.exe

Booted in safe mode and did a hijack this

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:20:32 PM, on 9/30/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us9.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
O1 - Hosts: 207.210.93.28 game01.us.segaonline.jp
O1 - Hosts: 207.210.93.28 patch01.us.segaonline.jp
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [snp2std] C:\Program Files\Common Files\Clique Communications\HUE HD Webcam\vsnp2std.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O15 - Trusted Zone: http://audition.nexon.net
O15 - Trusted Zone: http://forums.nintendo.com
O15 - Trusted Zone: http://*.redbana.com
O16 - DPF: High Stakes Poker by pogo - http://game1.pogo.com/applet-8.0.3.20/drawpoker/drawpoker-en_US.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1205554527890
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1205554507250
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6498 bytes

I noticed the malware bytes reboot script is in there? Is that supposed to be there or has it become a stagnant script?
Also I downloaded version 2.0.2, I don't know what that hijack this installer file you linked was, what I downloaded runs without installing.


Also as far as my video card is concerned, right out of the package it would run 53C on idle, now it runs 59C (During the same season, it's not full blown winter yet so ambient temperature makes it go up about 2C) I don't know if it's caked with dust inside or what, it has a weird fan that is on springs or something, and I'm afraid to take it apart. My Radeon 9600xt was easy to disassemble, but that fan eventually died, thus the Radeon x1650 512 AGP, think my next card will just be from NVIDIA lol.

nt

If you are having problems removing something in safe mode you can always revert to UBCD (Ultimate Boot CD). Create a slipstream bootup (on a flash drive or burn a cd) with your service pack and do virus scanning completely independent of your OS.
don't some linux os work from a cd too like Ubuntu or whatever (I'm not a linux user I don't know much about these things)


also thanks so much for the help guys, I knew I could depend on you all

nt

alright, I don't see any problems there. the script is still there because it didn't execute successfully the first time it ran. You will need a clean reboot and it will be gone.

I am not convinced that the problem is 100% resolved, but I don't have access to all the tools I would need to resolve this 100% satisfaction.

I would highly recommend checking out this forum, and maybe creating an account.
http://www.techsupportforum.com/ (http://www.techsupportforum.com/)

Anyways, the next thing you are going to want to do is run DDS and GMER

these are the instructions.



Before scanning, ensure all other running programs are closed. Do not use your computer for anything else during the scan (http://www.techsupportforum.com/#).

Also, ensure there aren't any scheduled antivirus scans running while the dds scan is being performed.

*Note - Some antivirus programs falsely detect dds.scr as a threat.

====
DDS:
====
http://img.photobucket.com/albums/v666/sUBs/dds_.gif
Download DDS and save (http://www.techsupportforum.com/#) it to your desktop from here (http://download.bleepingcomputer.com/sUBs/dds.scr) or here (http://www.forospyware.com/sUBs/dds).
Disable any script blocker, and then double click dds.scr to run the tool.

When done, DDS will open two (2) logs

DDS.txt
Attach.txt


Save both reports to your desktop (http://www.techsupportforum.com/#).



=====
GMER:
=====
http://img.photobucket.com/albums/v666/sUBs/gmer_zip.gif
Download GMER Rootkit Scanner from here (http://www.gmer.net/gmer.zip) or here (http://majorgeeks.com/downloadget.php?id=5198&file=15&evp=3f18075291813a665b2a25536a70b307).

Extract the contents of the zipped file to desktop.
Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan..


http://i266.photobucket.com/albums/ii277/sUBs_/th_Gmer_initScan.gif (http://i266.photobucket.com/albums/ii277/sUBs_/Gmer_initScan.gif)
Click the image to enlarge it
In the right panel, you will see several boxes that have been checked. Uncheck the following ...

Sections
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)


Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop


**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

alright, I don't see any problems there. the script is still there because it didn't execute successfully the first time it ran. You will need a clean reboot and it will be gone.

I am not convinced that the problem is 100% resolved, but I don't have access to all the tools I would need to resolve this 100% satisfaction.

I would highly recommend checking out this forum, and maybe creating an account.
http://www.techsupportforum.com/ (http://www.techsupportforum.com/)

Anyways, the next thing you are going to want to do is run DDS and GMER

these are the instructions.

Currently I'm doing a full online scan from pandasecurity, don't know how long this will take lol.

I assume using those 2 programs I need to do it in safemode?

Currently I'm doing a full online scan from pandasecurity, don't know how long this will take lol.

I assume using those 2 programs I need to do it in safemode?

yes I would, but just to give you a heads up, I don't have the log scanners to analyze those logs.

That's why I was saying make an account on that forum. That way its not someone "eyeballing" whatever comes up. If I had the pro tools, I'd do it for you, but I don't have the pro tools.

I will eyeball it but not guarantee whatever is wrong will be fixed. I pretty much trust malware bytes has done the job, but since I did see that particular virus is giving false removals, The extra scans are prudent.

If Panda comes up clean, I would say 95% for sure you are good to go. It still wouldn't hurt to run one more quick scan in normal mode tho.

yes I would, but just to give you a heads up, I don't have the log scanners to analyze those logs.

That's why I was saying make an account on that forum. That way its not someone "eyeballing" whatever comes up. If I had the pro tools, I'd do it for you, but I don't have the pro tools.

I will eyeball it but not guarantee whatever is wrong will be fixed. I pretty much trust malware bytes has done the job, but since I did see that particular virus is giving false removals, The extra scans are prudent.

If Panda comes up clean, I would say 95% for sure you are good to go. It still wouldn't hurt to run one more quick scan in normal mode tho.

oh ok, well after panda I will just do one more scan with malwarebytes, and if nothing comes up just carry on. I have had no problems yet, and it usually would occur while multi-tasking under heavy load, and I've been browsing and iming, even opened up some larger programs to test it out, and nothing.

Thanks for all your help I appreciate it very much :)

oh ok, well after panda I will just do one more scan with malwarebytes, and if nothing comes up just carry on. I have had no problems yet, and it usually would occur while multi-tasking under heavy load, and I've been browsing and iming, even opened up some larger programs to test it out, and nothing.

Thanks for all your help I appreciate it very much :)

cool, no prob. do the 2nd malwarebytes scan on a clean reboot, and just do the quick scan in normal boot. keep an eye on those temps too, cause I am thinking you just need to install another fan inside the box.

cool, no prob. do the 2nd malwarebytes scan on a clean reboot, and just do the quick scan in normal boot. keep an eye on those temps too, cause I am thinking you just need to install another fan inside the box.

what should I do about my video card, aren't the temps of the other components in my computer fine? I know there's one problem, my new power supply has LOTS of wires, I have to bundle and tie them together, they take a lot of space, so that minimizes air flow. If I open the side of my case, my video card drops down almost 10C, crazy! If I buy a extra fan, how would I position it over my video card? I heard there are pci slot fans that I can put right next to my video card that sucks the air, do these work well?

Also, LOL. MY old Radeon9600xt is cooler with its broken fan than the Radeon x1650 with it's fan spinning. I find it hard getting a decent AGP card nowadays, a lot of them are the 3rd party ones which I don't trust much, I usually buy them first party because I feel those are the most stable, I could be wrong though. Also choose intel processors over AMD, because I never had a intel processor burn out, but my friends have had AMD ones that completely fried.

what should I do about my video card, aren't the temps of the other components in my computer fine? I know there's one problem, my new power supply has LOTS of wires, I have to bundle and tie them together, they take a lot of space, so that minimizes air flow. If I open the side of my case, my video card drops down almost 10C, crazy! If I buy a extra fan, how would I position it over my video card? I heard there are pci slot fans that I can put right next to my video card that sucks the air, do these work well?

Also, LOL. MY old Radeon9600xt is cooler with its broken fan than the Radeon x1650 with it's fan spinning. I find it hard getting a decent AGP card nowadays, a lot of them are the 3rd party ones which I don't trust much, I usually buy them first party because I feel those are the most stable, I could be wrong though. Also choose intel processors over AMD, because I never had a intel processor burn out, but my friends have had AMD ones that completely fried.


Not sure of the specs of your board, but I imagine the card chip is going to take most of the heat during high graphics processing. The key that you mentioned is airflow. I wouldn't bother with a pci fan. Your case probably has a cut out etched for additional fan. I would go with a case fan that will get you that airflow and -10C + temps.

You will need to do some research on your case form factor, but if all else fails, there is nothing wrong with cutting your own hole and mounting a quality fan yourself.

2 dollar case fan. http://www.newegg.com/Product/Product.aspx?Item=N82E16835150007
notice the specs on this and compare it with other products. You might pay more for more airflow CFM (cubit feet per minute) at lower rpm and lower db. Just notice the ratio the more airflow the better obviously, but you probably don't want it to be noisy as hell or suck up too much power etc etc. Also the size is standard.

I'd put this one in a high end system. Nice reviews nice customer service. Great price. Might be a trick to install cause it is larger than a standard case is going to take. Probably have to make your own cut out and vent.
http://www.newegg.com/Product/Product.aspx?Item=N82E16811998121

Panda scan came clean, but there was this

04799724 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\WINDOWS\pss\ChkDisk.dllStartup

it was there before, from what I recall a .dllStartup is just a backup, is it safe to delete this? I never inquired. It comes up as latent.

Woww ok. I tried to clean reboot and the monitor hung on the splash screen AGAIN. Deleting the entry for the malwarebytes on hijackthis fixed the problem, I wonder what causes this.

Woww ok. I tried to clean reboot and the monitor hung on the splash screen AGAIN. Deleting the entry for the malwarebytes on hijackthis fixed the problem, I wonder what causes this.

it hung cause the rootkit is not getting uninstalled. dude, create and account at the forum I was telling you about.

post that first malwarebytes log, and ask someone to walk you thru rootkit removal.

you will end up running all those tools, but probably rootrepeal or combofix will take it out.

I just want you to go there cause I know they have log file analysis tools just in case we are missing something else in the reg.

trust me, they will get it done for you. Just let me know when you post up and put the link here. I'll follow the thread with you.

okay I posted it here
http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/418613-rootkit-tdss.html

okay I posted it here
http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/418613-rootkit-tdss.html

oh go ahead and grab dds and gmer and run it then post it up on that link. You can run those in normal mode, I think you'll be fine with that. I will send an alert to one of the guys on the forum.

yeah just make sure to follow the instructions at the do this first top sticky in that forum.

your processor is overheating

your processor is overheating

that causes a computer to shutdown, not restart.

that causes a computer to shutdown, not restart.

I think it was the virus, I haven't had the problem all day. I did a 4 hour scan, if my processor was overheating I think my PC would have crashed by then. I checked the temp of my processor as well, I benchmarked playing a 3D game for an hour and the hottest my cpu got was 51C

lol my post on the tech support forum got bumped down to hell