View Full Version : random reboot problem - please help!!!

30-03-2006, 04:37 PM
Hi, I'm new to these forums and came here looking for help. I have Windows XP installed in my AMD Athlon 2500+ with 512 MB RAM. Maybe a couple of months ago I had this strange problem where my PC would randomly shut down. I am sure this was random, seeing as how it would happen at anytime regardless of what programs I was running etc. The problem escalated to a point where I could not use my PC for even an hour before it shut off. I asked around and was told it could be overheating, a RAM problem, or perhaps even a hard drive failure. I even tried reformatting but my system would shutdown whilst in the middle of reformatting. So I took my PC to a local shop and told them what was the problem and left it there for a few days. What was interesting is that they called and told me that it was a virus that was causing my problems, and how it was on my secondary HD which I use mainly just for storage (movies etc.) I thought this was odd because I have Norton 2003 installed and no viruses ever came up in its weekly scans. The repairman (who was an honest good guy) removed the virus and recommended that I reformat my computer and that things would be fine. So I reformatted that night and my computer ran like a dream...for perhaps 3 months. Then the problem starting happening all over again. Random shutdowns multiple times a day. I don't know why this is happening, I even upgraded to Norton 2005 since the prior viral issue, and I really don't want this problem to keep occuring. I was thinking about taking it back to the workshop, but I was wondering if anyone could help. If this is like the last time, my problem is a viral issue and a virus that my scans don't even detect. Please help me if anyone has any idea. Thanks in advance.

Speedy Gonzales
30-03-2006, 04:41 PM
Get the file (hijackthis) in my signature below. And post the log here.

Since it installed and worked fine for 3 mths, it may not be due to overheating.

Are you running a firewall??

Is Nortons AV 2005, part of Internet Security (which includes the firewall)??

30-03-2006, 04:48 PM
Logfile of HijackThis v1.99.1
Scan saved at 10:48:49 PM, on 3/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\AIM+\AIM+.exe
C:\Program Files\Desktop Calendar\Desktop Calendar.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
D:\Eli's Stuff\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [IHTWINCINEMAMGR] "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] "C:\Program Files\AIM+\AIM+.exe" -cnetwait.odl
O4 - HKCU\..\Run: [Desktop Calendar] C:\Program Files\Desktop Calendar\Desktop Calendar.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: D-Link AirPlus Utility.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Post-itŪ Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1139374244638
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

30-03-2006, 04:51 PM
I really appreciate the quick response, but you mentioned how it might not be overheating. Please read my original post again, it was a VIRUS that caused my problem before and I am assuming it is another virus causing the problem again.

I do have a firewall, I am not all that familiar with configuring them, but it is the firewall that was implemented by Windows XP after Service Pack 2 enhanced security. Also my Norton Antivirus has a firewall and a worm blocker. Thanks again for the fast reply.

Speedy Gonzales
30-03-2006, 05:03 PM
The log looks fine to me. Boot into safe mode, and run Hijackthis again tick these entries and tick fix checked.

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE - Thats if u want to run the Office programs manually.

Also, I wouldnt run more than 1 firewall. It looks like you're running Norton Internet Security and Norton Personal Firewall. Uninstall one. Having more than 1 firewall, they'll conflict. Also make sure XP SP2's firewall is OFF.

I dont know what these 2 entries belong to. Do you??

I think the 2 entries below, have something to do with this problem / virus.

Tick these 2 entries as well.

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe

30-03-2006, 05:08 PM
I did as you said and ticked the entries and clicked fix checked. I am not too sure about how to disable one of my firewalls but I'll look into it. The PartyPoker things you weren't sure of are an internet Poker program. You mentioned you don't see anything really wrong, any other ideas why my computer would consistently shut down? Thanks again, this forum seems to be a great help.

30-03-2006, 05:17 PM
Is there anything in the event logs - run eventvwr.msc and check the system log for errors.
One way to check that its not a heat problem would be to leave it in the bios setup screen and see if it shuts down.

30-03-2006, 05:47 PM
It might run OK in the BIOS setup screen, because the processor wouldn't be stressed.

Under some BIOS's there sometimes a page called something like "PC Health Status" If you're lucky, there'll be two settings
* an audible alert for a CPU Warning Temperature, say 60 to 80 degrees
* automatic shutdown at another, say 70 to 90 degrees.

Some fan-controllers will add this feature to a PC without temperature alerts.

30-03-2006, 05:59 PM
Small steps. If it does shut down while in the bios then we have learned something.

If there are event logs that say its shutting down then we learn something else, perhaps something very important, why its shutting down, if there are no event logs saying it shutdown then we know it crashed and there will be event logs to say that, we learn something else.

Graham L
30-03-2006, 06:30 PM
Is this a "random reboot problem" or a "random halt problem"? There is a difference. ;)

A heat-caused shutdown will be just that, a shutdown and halt, not a reboot.

It is quite possible for similar events to have different causes. Have a look and make sure that all the fans are running. Especially the one on the CPU.

I find it saves time to eliminate simple things before looking for complicated one. I sometimes remember to do it, too. :cool:

31-03-2006, 07:15 AM
Just in case you have not checked this:

Bad Caps on Motherboard (http://www.badcaps.net/forum/)

To reassure yourself, take the side panel off your PC case and have a peer at the state of the large capacitors on your mobo with a good light.

It may not be the reason for the problems you're experiencing, but what you describe are one of the classic symptoms of caps gone bad.

31-03-2006, 03:12 PM
Thanks everyone, but I want to stress that this is NOT an overheating issue. My fans are working fine, and my thermometer reads normal. Also my computer can be turned on immediately after a crash and work for a random period of time spanning minutes to hours. If it was an overheating issue, this would not be possible. I think the problem is a virus of sorts that I have not been able to detect that is affecting my processes. I appreciate all the help so please do keep posting. I hope someone can help me remedy the problem.

Speedy Gonzales
31-03-2006, 03:27 PM
Might be a driver prob. Have u installed Nvidia and ATI drivers recently??

Sometimes, if u install a lot of versions of either of these, a system can reboot.

Graham L
31-03-2006, 03:37 PM
Is this a "random reboot problem" or a "random halt problem"? There is a difference.

If a "virus" was found on a secondary drive which contains mostly movies, that is probably irrelevant. It could have been a false positive. In files that size there are enough random bit patterns to match virus identification strings.

A "thermometer" which reads normal might lie. If it's a computer temperatuire sensor it will lie. ;) Arrange the covers so that you can reach in and touch the CPU heatsink immediately after a "malfunction". (But have the covers on while running). If you can't hold your finger on the heatsink for more than a second, it will be well over 70 degrees C. If you use a wet finger and steam rises, you have 100 degrees C or more.

31-03-2006, 05:16 PM
To Speedy: Hmm well I installed some NVidia and ATI drivers, but only when i reformatted my computer after it was "repaired" for the first time. I havent installed anything else of that nature in awhile but I suppose it could be some kind of driver issue. I just wonder why this random shutting down is getting worse and worse when I havent touched my drivers in a long time.

To GrahamL: Very interesting what you said about the movie files and how things may be mistaken for viruses. However after the technician said he "fixed" the problem, things did work like normal for about a month. I would figure it would keep occuring if he didn't do at least something right? I will look into what you said about possible overheating and to open my chassis and touch my CPU, I understand that my thermometer could be wrong. The only thing that I don't understand is like i mentioned before, I can turn my computer on immediately after it shuts down and it runs. If it was overheating wouldn't it not run immediately after a shutdown? About random reboots and random halts, I don't really know the difference? It doesnt auto-restart if that helps, it just shuts off as if someone pulled the plug on my computer.

Thanks alot for all the help, this is a great forum :-)

31-03-2006, 05:52 PM
I still think its worth having a look at the event logs, they may show nothing but it won't hurt to look.