Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

computer restarts often


  • This topic is locked This topic is locked
8 replies to this topic

#1 1timcarter

1timcarter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 20 July 2004 - 06:23 PM

I've just about ruled out virus' on this, but just in case, I'ver run spybot, adaware, and hijackthis. I've also run avg and panda online. The computer restarts numerous times, sometimes 10-15 times before it gets completely booted up. Sometimes it runs for hours, and sometimes for minutes before it restarts again. No warnings, just a CLICK and restart. I've also replaced the power supply and checked all pci cards, and memory to be sure it is seated right. Anyway, here's the hijackthis log:

Logfile of HijackThis v1.98.0
Scan saved at 5:40:53 PM, on 7/20/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\WUSB11 WLAN Monitor\WLAN_Cfg.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\QUICKENW\QWDLLS.EXE
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Z newPrograms\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/ymsgr/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/ymsgr/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/ymsgr/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/ymsgr/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_16_0.dll
O2 - BHO: TChkBHO Class - {36676B4B-8F91-47C5-AFF7-C4EA15275FD0} - C:\WINNT\system32\pexkme.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_16_0.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [WLAN_Cfg.exe] C:\Program Files\WUSB11 WLAN Monitor\WLAN_Cfg.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Morpheus\Morpheus.exe /SYSTRAY
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: eCrew Delta Technology V14102 - http://ecrew.delta-air.com/eCrew14102.cab
O16 - DPF: eCrew Delta Technology V14120 - http://ecrew.delta-air.com/eCrew14120.cab
O16 - DPF: eCrew Delta Technology V1486 - http://ecrew.delta-air.com/eCrew1486.cab
O16 - DPF: eCrew Delta Technology V1491 - http://ecrew.delta-air.com/eCrew1491.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://activex.microsoft.com/activex/contr...media/Swdir.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...s/yinst0401.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/...ymmapi_0410.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{61875B7C-4818-407D-BF91-986D387D2EA8}: NameServer = 159.165.194.20,159.165.15.20
O17 - HKLM\System\CS2\Services\Tcpip\..\{61875B7C-4818-407D-BF91-986D387D2EA8}: NameServer = 159.165.194.20,159.165.15.20
O17 - HKLM\System\CS3\Services\Tcpip\..\{61875B7C-4818-407D-BF91-986D387D2EA8}: NameServer = 159.165.194.20,159.165.15.20

I've also been getting a warning about WinMgmt.exe shutting down since I ran spybot and adaware.

Appreciate any help.

Thanks,

Tim

Sorry about the double post, but I can't see how to delete it.

Edited by 1timcarter, 20 July 2004 - 06:27 PM.

Posted Image

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,618 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:24 PM

Posted 20 July 2004 - 07:36 PM

I want you to fix some of those entries. Please do the following:

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/ymsgr/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/ymsgr/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/ymsgr/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/ymsgr/defaul...//www.yahoo.com
O2 - BHO: TChkBHO Class - {36676B4B-8F91-47C5-AFF7-C4EA15275FD0} - C:\WINNT\system32\pexkme.dll

Reboot your computer into Safe Mode and delete the following files:

Then delete these files or directories (Do not be concerned if they do not exist)
C:\WINNT\system32\pexkme.dll

Disable System Restore. You can find instructions on how to enable and reenable system restore here:

Managing Windows Millenium System Restore
or

Windows XP System Restore Guide

Renable system restore with instructions from tutorial above

Reboot your computer to go back to normal mode and post a new log.

#3 1timcarter

1timcarter
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 20 July 2004 - 09:55 PM

I've done everything down to dissable system restore. The computer this is on has win2000 pro as the os. I can't find any instructions for doing that with win2000, plus I only get the thing to boot up about once every 15 tries, and then it hasn't stayed on long enough for me to search around and find out.

If there is a system restore on 2000, I'll keep trying. If not, let me know and I'll do a normal boot and try another log.

Thanks for the help,

Tim
Posted Image

#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,618 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:24 PM

Posted 20 July 2004 - 10:05 PM

My bad..no system restore in 2000. Post a new log please

#5 1timcarter

1timcarter
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 20 July 2004 - 10:33 PM

Here's the new log.

----------------
Logfile of HijackThis v1.98.0
Scan saved at 10:28:59 PM, on 7/20/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\WUSB11 WLAN Monitor\WLAN_Cfg.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\QUICKENW\QWDLLS.EXE
C:\WINNT\system32\wuauclt.exe
C:\Z newPrograms\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_16_0.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_16_0.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [WLAN_Cfg.exe] C:\Program Files\WUSB11 WLAN Monitor\WLAN_Cfg.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Morpheus\Morpheus.exe /SYSTRAY
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: eCrew Delta Technology V14102 - http://ecrew.delta-air.com/eCrew14102.cab
O16 - DPF: eCrew Delta Technology V14120 - http://ecrew.delta-air.com/eCrew14120.cab
O16 - DPF: eCrew Delta Technology V1486 - http://ecrew.delta-air.com/eCrew1486.cab
O16 - DPF: eCrew Delta Technology V1491 - http://ecrew.delta-air.com/eCrew1491.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://activex.microsoft.com/activex/contr...media/Swdir.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...s/yinst0401.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/...ymmapi_0410.dll
------------------

Can you give me a hint? Was there something there that could be causing my problem, or were we just cleaning up some junk? :thumbsup:

Thanks for the help,
Tim
Posted Image

#6 Guest_brunt_*

Guest_brunt_*

  • Guests
  • OFFLINE
  •  

Posted 20 July 2004 - 11:39 PM

Download this program and run it


http://www.majorgeeks.com/download.php?det=214

It could be a heat problem, this will tell you of any problems with your cpu

#7 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,618 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA

Posted 21 July 2004 - 12:53 PM

Ok you are all clean now. This line: O2 - BHO: TChkBHO Class - {36676B4B-8F91-47C5-AFF7-C4EA15275FD0} - C:\WINNT\system32\pexkme.dll

could have been causing the problems.

Now that you are clean, please follow this simple step and use the following programs:

Visit http://www.windowsupdate.com regularly. This will ensure that you have the latest patches for your operating system installed. If there are new updates to install, install all the critical updates, reboot and revisit the site until there are no more critical updates.

I would strongly advise you download and install SpywareBlaster and Spybot (With TeaTimer)

Tutorials and download locations for each programs can be found below. They will help to prevent a lot of future reinfections.

Using SpywareBlaster to protect your web browser

Using Spybot - Search & Destroy to remove Spyware from Your Computer

Glad i was able to help.

#8 1timcarter

1timcarter
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:10:24 PM

Posted 21 July 2004 - 02:37 PM

Thanks for the help. That cleans up the computer, but I still have the restart problem. I'll move over to a hardware forum and see if I can sort it out. Probably buy a new MB.

Thanks again.

Tim
Posted Image

#9 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,618 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:24 PM

Posted 21 July 2004 - 03:04 PM

You may want to follow brunts advice and try the program he suggested.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users