Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Big problem with my comp

Status
Not open for further replies.

Codename46

IS-IT--Management
Jul 25, 2005
21
US
I don't know whether this is a software or hardware problem, but I'll try anyway.

Here's my problem:

Ever since I installed Style XP in order to use more desktop themes, my computer started acting weird. I always hibernate instead of doing a regular shutdown. However, when I start my computer back up again, even though I may not be doing anything, about 10-20 minutes after boot-up, my computer just suddenly restarts and then often I would get 7 error messages after the re-boot saying that it recovered from a serious error.

Now, whats more disturbing that now whenver I try to press F2 and go to the CMOS configuration, it just restarts. I don't know what is going on. I scanned for viruses and spyware using Counter-Spy and Avast! 4, and even though it took out a few, the problem persists.

I checked for chip creep. My RAM sticks, my video card, and all my expansion cards are secure. I ran a simple Video and RAM test using PC Doctor for Windows XP, and it passed all the tests.

Can someone please tell me whats going on?
 
It sounds like the same problem that I had with the SAME program..It is possible that removing the program will fix the issue..This worked for me. I removed the prog, rescanned to be sure that it was clean, searched files for complete removal, even searched for registry links to the prog. Once all of these were removed, the problem seemed to suddenly correct itself. Good luck and I certainly hope this helps. Otherwise, check the configuration of the program, itself....It may be set to actually perform the actions that you are experiencing...Nonetheless, I wish you luck!
 
Yeah. I uninstalled Style XP and it didn't work.

Is there an un-corrupted version of uhtheme.dll or whatever its called that I can download?

But that shouldn't cause the CMOS screw-up, should it????
 
Hey well I just joined like yesterday.

Well I uninstalled Style XP, so theoretically it should work right? Wrong. The problems still persist.
 
Sounds like spyware or virus,, We were working on an IBM laptop. The "school" removed nortons, and installed avast. Well,,, when we got it. it would boot,,, but stop working, after about a minute, and just set there doing nothing. We disable Avast,, then removed it, and installed Nortons,,, it promptly found over a dozen virus. Experience tell me,,not to place too much faith in Avast.
 
Hi,
Not always..If it installed spyware as separate program(s) then the uninstall of the Style XP may not remove those..

Re-Run your spyware detection software again - and perhaps try other ones in addition to the ones you have tried ( like Hijak This, or Spybot S and D )

This may not be the cause of your problem, but the coincidence is suspicious....



[profile]

To Paraphrase:"The Help you get is proportional to the Help you give.."
 
Hmm well I ran Counterspy and it removed a few cookies, and ran Spybot and it got rid of Backweb lite. I'll see if this works tomorrow.

But I doubt spyware is what is causing the fact that whenever I press F2 to go to the CMOS configuration after the POST, it restarts instead of going to the config.
 
Hmm...something tells me this may be more a hardware problem than a software problem.

It turns out that when I boot my computer after I put it on standby or hibernate (Windows XP), the problem occurs, but if I do a complete shutdown and restart it, the problem doesn't occur. Weird.

I use hijackthis for over a year and I didn't really find anything strange. But here it is anyway

Logfile of HijackThis v1.99.1
Scan saved at 6:38:06 PM, on 7/31/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\Jeff Shi's Domain\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = OmG 1337 h4x0r j3ff sh33 wUz h33r!!!!111
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\FRESHD~2\fdcatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [hpScannerFirstBoot] c:\hp\drivers\scanners\scannerfb.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [sunasDtServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
O4 - HKLM\..\Run: [User Logger] C:\hong\data\User Logger\UsrLog.exe run
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: WebWorks Help 2.0 - file://C:\Program Files\Corel\Bryce 5 Trial Version\Help\wwhelp2.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE
 
Err...crap dunno where the edit button is.

BTW I got rid of User Logger and the problem still persists.
 
If some form of malware is taking over your PC, it can simulate a restart such that it lives through it.

The fact that you can use <F2> from a true shutdown suggests to me that it is probably NOT Hardware.

I would try the following:

1: Boot into CMOS and check your settings - make sure the malware hasn't mucked around in there... Fix anything you need to fix.

2: Boot into Recovery Console if you can (you may need to boot from the CD to do this), or at least "Safe Mode - Command Prompt".

(Hint: regular "Safe Mode" isn't safe anymore ~ the malware authors have figured out places to hide stuff so Windows will start it anyway.)

3: CD to C:\Windows\PreFetch

Anything in here will be started when Windows starts, even if it's not in the Registry Run sections or in your Startup Group. I believe the intent of prefetch was to help things start faster. Unfortunately, it also creates this vulnerability.

4: Either delete *.* or create yourself a quarantine folder and move everything into it. Needless to say, the quarantine idea is safer, but I'm pretty sure you don't really need anything in prefetch. (Anyone disagree?)

5: Boot into regular "SAFE MODE" and run your malware checkers. (CW-Shredder, SpyBot-S&D, Ad-Aware, MS-AntiSpy, Microsoft's "Malicious Software Removal Tool" (MSRT), whatever Anti-Virus software you trust, etc.)

Good luck! Please let us know the results either way.

Seumas
 
Oops I didn't see if the problem persists if I press F2 when doing a regular shutdown yet.

more to come when I do...

Funny thing. I ran Spybot, MS Anti-spyware, Counterspy, and Hijackthis. I have Spywareblaster enabled too.

No I did not disable Restore Points. How would that affect this?
 
Ok. The CMOS configutation problem occurs even though I completely shut down and restart.

So I'm still thinking that this is a hardware problem, not a software problem.

The thing is, I don't know what part of my hardware is damaged. Hm....CMOS config error AND comp crash after standby/hibernate? I can't really connect the dots. Could it be physical damage to hard drive? or RAM?
 
It could be any of a number of things, from a power supply (or a previous bad power supply which blew something else), memory, HDD (although I doubt HDD), processor, BIOS, or any of the other components which connect all of those together.

I agree that it sounds like hardware, or possibly FIRMWARE. The BIOS is probably flash-upgradeable, and it is also possible that a virus or similar such has re-programmed it. Highly unlikely, but possible.

I'd watch for a sale at Fry's or whatever electronics or computer store is local for you and replace the components systematically until the problem goes away. Then take the parts you replaced before the problem went away, and build a new computer. You'll just need a third one of the last thing you replaced... (Unless more than one thing is broken, of course.)

Now, the theory on turning off System Restore is that a virus or other malware may be saved in one or more previous Restore Point(s), and that you might inadvertently bring back the problem in the future by invoking an old restore-point.

Personally, I prefer to not turn it off until I have the problem fixed. If I mess something up by "fixing" the wrong thing, System Restore may be the only thing saving me from a complete rebuild.

(I've been doing this for many years, and I feel that System Restore is one of the best features Microsoft has added to Windows. It was the one thing which made Windows ME almost a viable product...)

I have also been successful in restoring to a point before the problems appeared, then running my malware eradication programs.

Once I am satisfied that I have fixed the problem, I make a new restore point, then have Windows erase the old ones. This can be done through Disk Cleanup (More Options Tab).
Or you can turn off System Restore, re-boot, IMMEDIATELY turn it back on and create a new Restore Point.
 
Two things I have to add here...

1.) have you tried clearing the CMOS as of yet? how about hitting DEL key to try to get into the BIOS?

2.) what type of Keyboard are you using, there may be a problem with the keyboard...


I would suggest, aswell, that you run from the command prompt (Start/RUN) SFC /SCANNOW, have your XP CD at hand...

good hunting..

Ben

If it works don't fix it! If it doesn't use a sledgehammer...
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top