Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Virus or Hardware problem? 2

Status
Not open for further replies.
jazzman111

jazzman111

IS-IT--Management
Dec 22, 2003
104
US
Recently my PC has developed some problems. I'm running Windows XP and use Foxfire 3.0 as my browser. I also use Vipre as my anti-virus program. A few weeks ago, I began to notice my performance when loading programs, and even features like mail in Foxfire, was slowing down considerably. It also takes seemingly forever for the computer to boot up. So I ran the "Remove Programs" program and deleted a number of those I didn't use any more. I also ran the defrag program. I checked the history on my Vipre program and found it was scanning daily, as I had scheduled it. It reported no viruses that it had not been able to eliminate.

Recently, I uncharacteristically left my PC on over night. (I usually religiously go through the prescribed shut-down process.) Since then, if the PC is idle for an hour or so, I find that a large, dark, rectangle shape appears in the middle of the screen--and the bottom tray that normally shows the "Start" icon on the left and other programs' icons on the right--is no longer visible.

Sorry for the long-winded description, but here's my question: does it sound like I have a virus problem here? A hardware problem? Both?
 
Sort by date Sort by votes
Doesn't really sound like a virus to me.

Have you checked your cabling from the video card to the monitor? Its tight?

Have you changed the drivers on your video card?

Have you tried a different monitor?

Have you tried a different video card?

These are the first things that come to mind for me, try them. Hope it helps.





CCNA
Network +
 
Upvote 0 Downvote
Are you sure you're running a valid copy of windows? I've seen machines with illegal copies of windows exhibit such behavior due to the WGA program Microsoft started a while back. Do you ever get popups telling you your software isn't genuine? One pc would have a black box up in he corner every now and then even though you could click on icons and stuff that were underneath the black spot. It wasn't the monitor either because installing a legit copy of windows solved the problem. Also, if i recall correctly, the taskbar would disappear sometimes too. I think the reason for the whole screen not going black like microsoft says is supposed to happen was due to a crack that had been installed to bypass an older wga version. Here's a bit more info on WGA:


Hope that helps you out.
 
Upvote 0 Downvote
For responder # 2: the answer is, yes, I'm using a valid copy of Windows.

For responder #1: I'm afraid your suggestions are probably a notch beyond my technical "pay grade". At the suggestion of another technical person, I downloaded and ran a deep scan using Malwarebytes. It found 15 "bad guys"--malware, spyware and trojans. I had it remove all of them and my performance improved dramatically. However, when I leave my PC inactive for a period of time after booting, that dark rectangle appears on the screen and the band at the bottom of the screen that usually shows the "Start" icon and program icons still disappears. One thing I notice is that, if I launch or maximize another program, the rectangle disappears(i.e. is not just overlayed by the program)--but the band at the bottom of the screen does NOT re-appear, until and unless I reboot. Don't know if this helps. Is there some sort of diagnostic I can run that might identify the source of this problem?
 
Upvote 0 Downvote
That dark screen sounds like a hung application , try the old fasioned CTRL ALT DEL, then make a list of all applications that the current user is running. Give google a shout for each one, learn what they are and what they are a part of. Dont forget the old fasioned MSCONFIG and turn off uneccesary items on the startup tab as well.

If you are curious what and whom your PC is talking too over the internet I reccomend a program from foundstone.com called FPORT. Run that program in dos, and pay attention to each file that is using your network and if they are indeed valid authorized files (Google FTW)

Good Luck

Surprise! Most loopback jacks are located conveniently behind the ear and above the leg
 
Upvote 0 Downvote
I did the "three finger salute" and there were no programs running that shouldn't have been. I just ran msconfig and selected a number of programs I think I can do without for starters. If I still have the problem, I'll do the Google things you mentioned. Thanks for the tips.
 
Upvote 0 Downvote
the three finger was new to me lol (Asci pro from 1981)

Also, there may be a clue in the story, absolutley look for any updated video drivers, and also concider the system bus drivers too! (One runs the other on the chipset flow) with this happining when your logged into the system for a long time, I ponder the power save mode, or sleep modes, or even the attempted hybernate (USB devices suck at this)

can it be possible this is related to AFK? if so.... USB devices active during a power save to hybernate can act goofy ... (Dont like repark of IRQ or DMA on wakeup during a keepalive signal)

serious experiece with HP USB drivers has led me to this synapsis.... but then I am known for looking at every tree for hours and not even noticing the forrest.

Surprise! Most loopback jacks are located conveniently behind the ear and above the leg
 
Upvote 0 Downvote
Hi,
I'm afraid most of the technology you discuss in your last email is way beyond my range of experience--I'm only a moderately technical layman. So I think I'm going to have to get in touch with some local PC repair service to get to the bottom of this problem.

One thing you did mention, though, does ring a bell:

"I ponder the power save mode, or sleep modes, or even the attempted hybernate (USB devices suck at this)." Because another technical guy I know said it sounded like these functions were involved with the problem, since the dark rectangle pops onto the screen (and the bottom band disappears) when the PC is left idle for a given period of time.

 
Upvote 0 Downvote
Lets test this , unplug all USB devices running on your system and try to replicate the problem, reboot, walk away, does the problem resurface? if so then its the wrong tree we are looking for. if it doesnt come back its tied to aa SUB driver..... let me know, you have my attention now :p

Surprise! Most loopback jacks are located conveniently behind the ear and above the leg
 
Upvote 0 Downvote
Typo SUb = USB... It must be dislexia

Surprise! Most loopback jacks are located conveniently behind the ear and above the leg
 
Upvote 0 Downvote
Since you are running a valid copy of windows, i wont look in that direction anymore. When you say the bar at the bottom of the screen disappears it almost sounds like the explorer.exe process is being killed. Possibly by a virus or malware? Next time the bar disappears do the "Three finger salute" (I love that, never heard it before. hahaha) and click the processes tab. Sort by name and then check to see if the explorer.exe process is still running. If not, something is killing it and that would seem to be the root of the problem. Also, i have dealt with quite a bit of malware in my past and i noticed you said you did a scan and a number of things came up but were fixed. In my experience, malware removal programs rarely get rid of everything. It may take a bit of manual detective work and removal steps to get rid of everything especially if you have caught something especially tricky to get rid of. Once again, hope this gets you somewhere....
 
Upvote 0 Downvote
How about for starters listing the hardware that you have, the SP you are at, what AntiMalware/Viral software you have used...

also it would help if you did a HiJackThis scan with log and paste it here for our perusal...

TrendMicro HiJackThis

Two antimalware apps that have a good reputation (free versions will do):

MalwareBytes' AntiMalware (MBAM)

SuperAntiSpyware

download both and do a full scan...


Ben
"If it works don't fix it! If it doesn't use a sledgehammer..."
How to ask a question, when posting them to a professional forum.
Only ask questions with yes/no answers if you want "yes" or "no"
 
Upvote 0 Downvote
Jazz, Did the USB test work?

Surprise! Most loopback jacks are located conveniently behind the ear and above the leg
 
Upvote 0 Downvote
Being less technical than you guys, I'm following the "KISS" principle: Keep It Simple, Stupid. So, first of all, to Bivic01's question, the Processes Tab shows that the explorer.exe program is running, and using 5,312K of memory. Just under it, it also shows--for what it's worth--that firefox.exe (which I use exclusively as my browser) is running and using 93,876K of memory.
 
Upvote 0 Downvote
To BigBadBen, below is the readout of the scan I did using HijackThis. (My next step will be to download and run SuperSpyWare.)

______
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:34:53 AM, on 8/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [PD0630 STISvc] RunDLL32.exe P0630Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Update Service (gupdate1c985ebb0b3dd9a) (gupdate1c985ebb0b3dd9a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: VIPRE Antivirus + Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 9308 bytes
 
Upvote 0 Downvote
BigBadBen:

I also ran SuperAntiSpyware and it found and quarantined over two dozen suspicious files. I've rebooted and will leave the PC idle to see if the rectangle/disappearing band occurs again.
 
Upvote 0 Downvote
The log appears to be clean, although the following items are unknown to me, and can be fixed with HJT (as it creates backups in case they are needed)...

O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) -
Ben
"If it works don't fix it! If it doesn't use a sledgehammer..."
How to ask a question, when posting them to a professional forum.
Only ask questions with yes/no answers if you want "yes" or "no"
 
Upvote 0 Downvote
Are you suggesting I run HijackThis and delete those the three items you listed?
 
Upvote 0 Downvote
DOIMPRO:

As you suggested, I disconnected all USB devices, rebooted, and left the machine idle. The rectangle returned.
 
Upvote 0 Downvote
Here is some additional information on my PC:

PC:

Dell Dimension DV051
Intel Pentium (R) CPU 2.80 GHz
2.79 GHz, 504MB of RAM

Operating system:

Microsoft Windows XP
Media Center Edition
Version 2002
Service Pack 3
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

DrB0b
  • Locked
  • Question
Has anyone seen this 445 traffic before? Not sure if virus/malware/MS crapware
Replies
4
Views
127
DrB0b
DrB0b
kenthephoneman
  • Locked
  • Question
New PC Restart problems
Replies
2
Views
130
technome
technome
dik
  • Locked
  • Question
New fProcessor Problems
Replies
0
Views
72
dik
dik
steve288
  • Locked
  • Question
Convert MBR to GPT problems how to do this?
Replies
1
Views
97
goombawaho
goombawaho
Carlvic
  • Locked
  • Question
Bitcoin or Lite Coin?? 3
Replies
7
Views
124
Scott24x7
Scott24x7

Part and Inventory Search

Sponsor

Back
Top