Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

The Virus People asked me to come here


  • Please log in to reply
19 replies to this topic

#1 Sedadren

Sedadren

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:01:25 PM

Posted 25 August 2012 - 06:25 AM

So I am over in the virus thread and they have asked me to do a number of things. Unfortunately during half of them, my computer will randomly reboot itself. If I go into safe mode, it reboots after only a couple minutes, and when I ran a couple virus scans for them it would reboot before the scan was done, so that isn't getting done for them to fix it.

I know my system has XP on it, and past that I am sort of computer illiterate. I know this computer was put together by a friend of mine awhile back, but I couldn't tell you much past that. It runs MMORPG's, but not always well, and I crash a lot, but they still do run. I have had a problem with overheating since day 1, but if I can keep it under 90c I can keep it from crashing due to temp problems.

Not sure what else to say.

Thank you for your time.

BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 55,865 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:02:25 PM

Posted 25 August 2012 - 05:04 PM

Hi :).

See if you can do the following: Publish a Snapshot using Speccy - http://www.bleepingcomputer.com/forums/topic323892.html/page__p__1797792#entry1797792

Thanks :).

Louis

#3 Sedadren

Sedadren
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:01:25 PM

Posted 26 August 2012 - 01:21 AM

http://speccy.piriform.com/results/dwtQ3dAsg8Mjlxa5D1h2ihG

Done!

#4 hamluis

hamluis

    Moderator


  • Moderator
  • 55,865 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:02:25 PM

Posted 26 August 2012 - 02:08 PM

FWIW: I don't see any critical updates installed that are more recent than May 2012. Just curious as to why that might be.

I don't see anything in the Speccy that worries me.

Please download MiniToolBox , save it to your desktop and run it.

Checkmark the following checkboxes:
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size.

Click Go and paste the content into your next post.

Louis

#5 Sedadren

Sedadren
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:01:25 PM

Posted 26 August 2012 - 02:37 PM

In may was the last time I got help from Bleepingcomputer. I don't really know much about computers and what I should update and should not update. There are a few of us that use this computer, and I only really use it to play MMORPG's. The computer at one time did update things almost every day. It actually would turn off my game at critical points, and since I only was online and running my computer when I was playing, it got really annoying dying every day when the computer decided to freeze my game to update and then reboot itself. In addition, getting a ton of notices about updating made me worry about what ones were real and what ones are a virus or something trying to get me to download something else. In general I try and keep as little running at a time as I can. I am told that my computer should not run the games I play, so by limiting what is running in the background I also get a much better performance.

Now that makes since to me, but then again I know I have a black computer and that is the extent of my knowledge about computers.

Here is the log

MiniToolBox by Farbar Version: 23-07-2012
Ran by Kiren (administrator) on 26-08-2012 at 14:29:48
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/26/2012 01:16:50 AM) (Source: ESENT) (User: )
Description: svchost (1188) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (08/23/2012 04:21:11 PM) (Source: Application Error) (User: )
Description: Faulting application chrome.exe, version 16.0.912.75, faulting module gcswf32.dll, version 11.1.102.55, fault address 0x00405e89.
Processing media-specific event for [chrome.exe!ws!]

Error: (08/23/2012 04:19:31 PM) (Source: Application Error) (User: )
Description: Faulting application chrome.exe, version 16.0.912.75, faulting module unknown, version 0.0.0.0, fault address 0x7c10fe21.
Processing media-specific event for [chrome.exe!ws!]

Error: (08/21/2012 05:41:56 PM) (Source: Application Error) (User: )
Description: Faulting application yahoomessenger.exe, version 11.5.0.192, faulting module mshtml.dll, version 8.0.6001.19222, fault address 0x000a0f17.
Processing media-specific event for [yahoomessenger.exe!ws!]

Error: (08/17/2012 04:53:56 PM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 14.0.1.4577, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/15/2012 09:04:31 PM) (Source: Application Error) (User: )
Description: Faulting application chrome.exe, version 16.0.912.75, faulting module unknown, version 0.0.0.0, fault address 0x7c10fe21.
Processing media-specific event for [chrome.exe!ws!]

Error: (08/14/2012 03:51:31 PM) (Source: Application Error) (User: )
Description: Faulting application chrome.exe, version 16.0.912.75, faulting module gcswf32.dll, version 11.1.102.55, fault address 0x000f79d0.
Processing media-specific event for [chrome.exe!ws!]

Error: (08/13/2012 02:27:15 AM) (Source: Application Hang) (User: )
Description: Hanging application oym5jq8l.exe, version 1.0.15.15641, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/12/2012 05:59:31 PM) (Source: Application Hang) (User: )
Description: Hanging application chrome.exe, version 16.0.912.75, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/12/2012 05:58:01 PM) (Source: Application Error) (User: )
Description: Faulting application chrome.exe, version 16.0.912.75, faulting module gcswf32.dll, version 11.1.102.55, fault address 0x000afab2.
Processing media-specific event for [chrome.exe!ws!]


System errors:
=============
Error: (08/26/2012 02:17:08 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
sptd

Error: (08/26/2012 04:19:43 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
sptd

Error: (08/26/2012 01:16:36 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
sptd

Error: (08/26/2012 01:10:17 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
sptd

Error: (08/25/2012 06:11:58 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
sptd

Error: (08/25/2012 02:01:37 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
sptd

Error: (08/25/2012 06:40:50 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
sptd

Error: (08/24/2012 08:07:55 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
sptd

Error: (08/24/2012 01:06:23 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
sptd

Error: (08/24/2012 02:30:35 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
sptd


Microsoft Office Sessions:
=========================
Error: (08/26/2012 01:16:50 AM) (Source: ESENT)(User: )
Description: svchost1188C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (08/23/2012 04:21:11 PM) (Source: Application Error)(User: )
Description: chrome.exe16.0.912.75gcswf32.dll11.1.102.5500405e89

Error: (08/23/2012 04:19:31 PM) (Source: Application Error)(User: )
Description: chrome.exe16.0.912.75unknown0.0.0.07c10fe21

Error: (08/21/2012 05:41:56 PM) (Source: Application Error)(User: )
Description: yahoomessenger.exe11.5.0.192mshtml.dll8.0.6001.19222000a0f17

Error: (08/17/2012 04:53:56 PM) (Source: Application Hang)(User: )
Description: firefox.exe14.0.1.4577hungapp0.0.0.000000000

Error: (08/15/2012 09:04:31 PM) (Source: Application Error)(User: )
Description: chrome.exe16.0.912.75unknown0.0.0.07c10fe21

Error: (08/14/2012 03:51:31 PM) (Source: Application Error)(User: )
Description: chrome.exe16.0.912.75gcswf32.dll11.1.102.55000f79d0

Error: (08/13/2012 02:27:15 AM) (Source: Application Hang)(User: )
Description: oym5jq8l.exe1.0.15.15641hungapp0.0.0.000000000

Error: (08/12/2012 05:59:31 PM) (Source: Application Hang)(User: )
Description: chrome.exe16.0.912.75hungapp0.0.0.000000000

Error: (08/12/2012 05:58:01 PM) (Source: Application Error)(User: )
Description: chrome.exe16.0.912.75gcswf32.dll11.1.102.55000afab2


=========================== Installed Programs ============================

Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Adobe AIR (Version: 2.7.0.19480)
Adobe Bridge 1.0 (Version: 001.000.000)
Adobe Common File Installer (Version: 1.00.0000)
Adobe Digital Editions
Adobe Download Manager (Version: 1.6.2.63)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.271)
Adobe Flash Player 11 Plugin (Version: 11.4.402.265)
Adobe Help Center 1.0 (Version: 001.000.000)
Adobe Photoshop CS2 (Version: 9.0)
Adobe Reader X (10.1.4) (Version: 10.1.4)
Adobe Shockwave Player 11.5 (Version: 11.5.8.612)
Adobe Stock Photos 1.0 (Version: 001.000.000)
AGEIA PhysX v7.11.13 (Version: 7.11.13)
Aion
AMD Processor Driver (Version: 1.3.2.0053)
Apple Application Support (Version: 1.4.1)
Apple Mobile Device Support (Version: 3.3.1.3)
Apple Software Update (Version: 2.1.2.120)
ATI - Software Uninstall Utility (Version: 6.14.10.1022)
ATI Catalyst Control Center (Version: 2.009.0730.0057)
ATT-HSI
AudibleManager (Version: 1309592.1378168.1310188.2089871648)
Avira AntiVir Personal - Free Antivirus
Battle of the Immortals
Bonjour (Version: 2.0.4.0)
Browser Configuration Utility (Version: 1.0.4.9)
Build-A-Lot (remove only)
Build-A-Lot 2 (remove only)
Build In Time (remove only)
CCleaner (Version: 3.18)
Charter Browser Updater
CivCity Rome 1.1 (Version: 1.1)
Coffee Tycoon
DebugMode Wax 2.0
Diagnostic Utility (Version: 1.00.0000)
DivX Setup (Version: 2.6.1.3)
Dungeon Siege
Escape from Paradise 2
ESET Online Scanner v3
Fable - The Lost Chapters (Version: 1.00.0000)
Farm Frenzy 2 (remove only)
Farm Frenzy 3 (remove only)
FATE - The Traitor Soul (Version: 2.2.0.82)
FinalTorrent 2010
Fix-it-up II: World Tour (remove only)
Galactic Civilizations II - Dread Lords
Google Chrome (Version: 16.0.912.75)
Guild Wars 2
Hidden Mysteries Vampire Secrets (Version: 1.0)
HP Deskjet 1050 J410 series Basic Device Software (Version: 22.50.231.0)
ieSpell (Version: 2.6.4 (build 573))
Impulse
Impulse (Version: 1.0)
InstaCodecs (Version: 1.0)
InterActual Player
iTunes (Version: 10.1.2.17)
Java 7 Update 6 (Version: 7.0.60)
Java Auto Updater (Version: 2.1.9.0)
JavaFX 2.1.0 (Version: 2.1.0)
Jewel Quest (remove only)
Jewel Quest 2 (remove only)
Majesty
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Age of Empires Gold
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft DirectX SDK (August 2007) (Version: 9.20.1057)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Monopoly
Mozilla Firefox 14.0.1 (x86 en-US) (Version: 14.0.1)
Mozilla Maintenance Service (Version: 14.0.1)
MSXML 6.0 Parser (KB933579) (Version: 6.10.1200.0)
NCsoft Launcher (Version: 1.5.19002)
Netmarble Launcher (Version: 1.0.0.3)
Netmarble NPAPI Plugin Updater Installer
OpenAL
OpenOffice.org 3.2 (Version: 3.2.9502)
Overwolf (Version: 0.33.198)
Pando Media Booster (Version: 2.6.0.7)
PhotoScape
Project: Paradise
QuickTime (Version: 7.69.80.9)
Ranch Rush (remove only)
REALTEK GbE & FE Ethernet PCI-E NIC Driver (Version: 1.20.0000)
Realtek High Definition Audio Driver (Version: 5.10.0.5780)
Revo Uninstaller 1.93 (Version: 1.93)
Roleplaying City Map Generator (Version: 4.5.0.0)
Runes of Magic (Version: 4.0.8.2506)
Sid Meier's Civilization 4 Complete (Version: 1.74)
Sid Meier's Civilization III Gold 1.0 (Version: 1.0)
Sid Meier's Civilization IV Colonization (Version: 1.00)
Spybot - Search & Destroy (Version: 1.6.2)
Stronghold Kingdoms
TeamSpeak 3 Client
Trillian
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2362765) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB982664) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
Ventrilo Client (Version: 3.0.8)
VLC media player 1.1.4 (Version: 1.1.4)
WebFldrs XP (Version: 9.50.6513)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Imaging Component (Version: 3.0.0.0)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR archiver
WinZip (Version: 9.0 SR-1 (6224))
Xfire (remove only)
Yahoo! Messenger

========================= Memory info: ===================================

Percentage of memory in use: 22%
Total physical RAM: 3326.42 MB
Available physical RAM: 2584.86 MB
Total Pagefile: 5210.52 MB
Available Pagefile: 4588.84 MB
Total Virtual: 2047.88 MB
Available Virtual: 1976.91 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:465.75 GB) (Free:262.53 GB) NTFS

========================= Users: ========================================

User accounts for \\KI

Administrator ASPNET Guest
HelpAssistant Kiren SUPPORT_388945a0


**** End of log ****


Thank you for your time and help. I appreciate it a great deal.

#6 jhayz

jhayz

  • BC Advisor
  • 6,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:25 AM

Posted 26 August 2012 - 09:37 PM

Does it restarts with certain operations even in safemode? You might need to turned off auto-restart for the BS error to come up the next time it reboots.

Tekken
 


#7 Sedadren

Sedadren
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:01:25 PM

Posted 27 August 2012 - 02:28 AM

When I go into safemode, it does not seem to matter what I do, it simply reboots. I can go into safe mode with networking and pull up the internet and it will reboot. I can go into safe mode without networking and try and do a system restore and it reboots. I can try and run a virus fix program and it reboots. I am sure I still have the FBI/Moneypack virus on here because it has to be removed in safemode and I can't keep it up long enough to remove the virus. instead I do have to do a system restore, but it takes hours upon hours. Eventually it will restore, but not before more reboots than I can count.

#8 Artrooks

Artrooks

  • Members
  • 1,463 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:03:25 PM

Posted 27 August 2012 - 08:51 AM

I am sure I still have the FBI/Moneypack virus on here because it has to be removed in safemode and I can't keep it up long enough to remove the virus.


I know that this isn't the malware forum but have you tried Option 3 - Use a Bootable Antivirus CD as described here.

Since these Boot CDs operate outside of the Windows OS, if the computer reboots while scanning, then this may further implicate a hardware problem.

Regards,
Brooks



 


#9 Sedadren

Sedadren
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:01:25 PM

Posted 27 August 2012 - 02:10 PM

I don't have a cd like that.

#10 Artrooks

Artrooks

  • Members
  • 1,463 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:03:25 PM

Posted 27 August 2012 - 03:15 PM

Sedadren,

On second thought, forget the Bootable CD. Not a good idea.

Looking at hardware causes:
(1) Do you feel comfortable removing the A/C power cord from the tower, sliding the side off, and examining the motherboard.
Bulging, leaking, or ruptured capacitors can cause the computer to randomly restart. Have a read here. Enlarge the pictures to the right. While inside, if dusty, give it a good cleaning with compressed air.

(2) A bad power supply can also cause rebooting. Your Speccy Snapshot showed that the motherboard voltages were well within tolerance so there were no obvious signs of a power supply problem there. The easiest way to test for a bad power supply is to swap in a known good one and run for a while to see if the symptoms stop. Easier said than done in most situations.

(3) From the Speccy Snaphot of your hard drive's SMART data:

Hard Drives
WDC WD5000AAKB-00YSA0

Manufacturer: Western Digital
05 Reallocated Sectors Count: 156 (156) Data 000000015D <== 349 (converted from hex)

What does this mean?. The hard drive is aging. For each re-allocated sector on the drive, there is a 512 kb area that couldn't easily be read and had to be perminently remapped. I don't think that this has anything to do with the spontaneous reboots, but I would recommend that you have a good data back-up plan in effect.

Regards,
Brooks



 


#11 hamluis

hamluis

    Moderator


  • Moderator
  • 55,865 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:02:25 PM

Posted 27 August 2012 - 03:23 PM

Many of your EV errors relate to Internet access, different browsers.

You also have a very strange error: Error: (08/13/2012 02:27:15 AM) (Source: Application Hang) (User: )
Description: Hanging application oym5jq8l.exe, version 1.0.15.15641, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
]

Unknown application per Google, looks to me like a malware flag...untraceable .exe files are not good.

FWIW: http://www.neuber.com/taskmanager/process/sptd.sys.html . When valid file, sptd.sys relates to Daemon Tools, which I don't see as installed on your system. I think I'd do a search of the system to see what is what.

Louis

Edited by hamluis, 27 August 2012 - 03:28 PM.


#12 Sedadren

Sedadren
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:01:25 PM

Posted 28 August 2012 - 02:57 PM

Consider me computer illiterate. I don't know what an EV error is, No clue what FWIW stands for, and the link confused me as to what I was supposed to search for and how to search for it.

Daemon Tools. . .I am not sure what this program is, but I have a faint memory of having the program at one time. The name sounds really familiar, but even looking up the description I didn't really figure out what it did.

#13 hamluis

hamluis

    Moderator


  • Moderator
  • 55,865 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:02:25 PM

Posted 28 August 2012 - 06:59 PM

You can do a search of all files on your Windows partition...and see if sptd.sys exists. It's a known troublemaker file, belonging to Daemon Tools and it is reflected in some of your Event Viewer errors. It can also be a known malware file.

For What It's Worth...is what FWIW is commonly used to express.

Louis

#14 jhayz

jhayz

  • BC Advisor
  • 6,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:25 AM

Posted 28 August 2012 - 08:27 PM

when I ran a couple virus scans for them it would reboot before the scan was done

Can you uninstall spybot and Avira(outdated version) and install Avast instead. http://www.avast.com/index

Tekken
 


#15 Sedadren

Sedadren
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:01:25 PM

Posted 29 August 2012 - 01:30 AM

After a complete search of my system, the file sptd.sys was not found. I have no idea what that means, but my search can't find it anywhere apparently.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users