i feel like it may be a virus. i have run norton, spy hunter, adware, system mechanic. checked my start up thru msconfig.
some days it wont start, or it will start and restart several times. or it will just kick off like someone pulled the plug and restart.
:mad: :mad: :mad:
any ideas? it has winxp second edition

please help!

The most common cause is the psu (power supply unit) or a bad stick of ram.

2nd most common is a bad sector on the harddrive.
Open my computer / right click C:/ /properties/tools/ error checking/ tick both boxes/ and reboot.
This with run a scan and fix on reboot.

If still reboots, get hyjackthis (google) run it and it will show if any trogens/virus' have infected....It shows everything that runs, including suspect stuff...there is good support for hyjackthis on their web site

A virus scanner will detect a vrus, it will not clean up if the virus has been run...
Works like this...lets say u are going to install a program, u have a instail file (this is equilient to the virus install file) u install the program (this is equiv to the virus running) u can then detete the install program file, but the program is still installed. The virus scanner can delete the virus install program but the intallation is still there....u need special patches to uninstall the virus.

A new psu wouldnt hurt, getabout a 430 to 450 W...or if have a spare try that.

Ram is not epensive, may as well upgrade while at it...

Generally it is cheaper/faster, when a machine comes into the workshop, simply replace both, if the hd passes tests, and no signs of infection.
Thu infection can cause, and most machines are infected in varying degrees, 9 times out of 10, it is still crook ram and/or psu.

I'm voting it's the power supply (PSU) as Step said above. You said some times it won't start, or it will restart over and over. When you say "won't start" Are you meaning it won't power on? Or won't start Windows? If it won't power on, then it's either the PSU, Power Switch, or Motherboard.

I would throw heat in as a likely suspect also. Are you sure the heat sink fan on the CPU is working?

A PS usually just dies. Don't ever remember a PS randomly and spontaneously rebooting a PC in my 20 years of working on them. But ya never know.

it is just windows that wont start or restarts. it is just so wierd. i never saw a power supply do that either but i may have a spare to test with. if i start in safe mode i can run anti virus or sys mech and it will stay on all day. but in normal run it has the problem. sometimes when i open a browser, 5 min. later, poof. but it is not at all predictable.

i did the disk check but it came up fine.

i will try hyjack this. i may have it somewhere. i used it to fix a friend's laptop and may have a copy.

If it's just windows, then throw out the PSU as a cause. You have software issues. Let's see how the hijack report comes out.

did the disk check with 4 different softwares. no problems.
ran a program called the cleaner, to find trojans. it cant scan 3 files. here is the log

C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\QT87K9AN\_Passenger-Vehicles_Chevrolet-Corvette_W0QQa39Z1937QQa41Z10381QQalistZa39Q2ca41Q QcurcatZtrueQQfromZR42QQgcsZ13QQpfidZ2473QQsacatZ6 001QQsatitleZQQsocmdZListingItemListQQs[1].htm
PROBLEM: Could not scan this file. Error Code = 206
SOLUTION: Inspect the file manually or ask for help.

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
PROBLEM: Could not scan this file. Error Code = 32
SOLUTION: Inspect the file manually or ask for help.

C:\WINDOWS\SoftwareDistribution\EventCache\{71473B 87-A1C2-41ED-B2BD-9A7DD9C5AA2B}.bin
PROBLEM: Could not scan this file. Error Code = 32
SOLUTION: Inspect the file manually or ask for help.

the 2nd is just a norton file. i tried to delete the 1st one but it does not let me. even tried in safe mode.

log form hyjack this. looks chineese to me.

Logfile of HijackThis v1.99.1
Scan saved at 2:38:33 PM, on 6/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\The Cleaner\tca.exe
C:\Program Files\The Cleaner\tcm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Compaq_Owner\My
Documents\temp\programs\hyjack\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=presario&pf
=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=presario&
pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=presario&
pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride =
localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program
Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} -
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program
Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program
Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
/Consumer
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100
Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ioloDelayModule] C:\Program Files\iolo\System Mechanic Professional
6\delay.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program
Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional
6\SMSystemAnalyzer.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe
Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network
Diagnostic\xpnetdiag.exe (file missing)

part 2 ( too long for 1 post)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file

missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [INTERNATIONAL] International*

O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll

O12 - Plugin for .tif: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin7.dll

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -

http://pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage

Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -

http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) -

http://photo.walgreens.com/WalgreensActivia.cab

O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) -

http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-36.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -

http://by133w.bay133.mail.live.com/mail/resources/MsnPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?11425

47023811

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -

http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) -

http://secure2.comned.com/signuptemplates/securelogin-devel.cab

O16 - DPF: {CBD8B1CB-2F5F-415F-93E8-A297B33DCBB2} (CentrinoCheck Control) -

http://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/cpucheck_1_0_0_5.cab

O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} -

http://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/Entriq_3_4_0_15_Silent.cab

O16 - DPF: {DE0FB644-C59B-46D1-B650-88BA945BC98F} -

http://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/NBCUniversal_1_0_0_3.cab

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) -

http://driveragent.com/files/driveragent.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -

http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4549/mcfscan.cab

O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) -

http://pcpitstop.com/antivirus/PitPav.cab

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) -

http://by107fd.bay107.hotmail.msn.com/activex/HMAtchmt.ocx

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -

C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -

C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe

Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program

Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program

Files\Common Files\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program

Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program

Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program

Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -

C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation -

C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation -

C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pantech&Curitel Utility Service - Unknown owner - C:\Program

Files\UTStarcom\Sprint\Sprint PCS Connection Manager\PnCUtilityService.exe (file missing)

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton

AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -

C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation -

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program

Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC -

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

I forgot the basics...mentione above....clean out the dust and heat sinks....
A vaccuum cleaner that has a blow and a soft brush....

The reports above show nothing as far as trogens go...
BUT there is a huge about of crap running in the background...and have 2 maybe 3 firewalls running...thats not good
And ever wondered why it running so damn slow...just look at the symantic stuff...
This poor machine is running like trying to do long haulage freight with a compact car.

Start by cleaning temp internet files, all users, and temp files
uninstall all the stuff u dont need.
Kill anything u dont need running in the background all the time, thru the program settlings, then kill what is left u dont need in hyjack this...
with hyjack this, kill stuff "cant find"

Here is a log of a striped basic xp machine
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\devldr32.exe
C:\PROGRA~1\ICQ\ICQ.exe
C:\WINDOWS\PowerS.exe
C:\Program Files\AntiViral Toolkit Pro\avpm.exe
C:\Documents and Settings\Steptoes\Desktop\Virus Cleaners\HijackThis.exe
O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129346992934
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

i opened it up and it is clean inside but it was pretty hot. i agree with all the steff running in the background but dont know how to turn it off so it stays off.
it restarted this morning twice, then it was fine most of the day. around 4pm i clicked explorer to go online and poof it restarted again. error messages, more restarts.
i shut the stupid thing down and left it off.
this is my main work computer and i need it to work. lots of important things in there.

could a bad stick of memory do this? i can pull one out and see if it still does it.

thanks for the help

could a bad stick of memory do this? i can pull one out and see if it still does it.

From my post above
The most common cause is the psu (power supply unit) or a bad stick of ram.

There is ALOT of stuff being loaded on boot up.

Click on Start and Run. In the run box type "msconfig". Select "Diagnostic Startup" and reboot.

Work with it and see if it does the "reboot" thing.

I didn't see anything in the HiJack This log that looked suspicious.

thanks guys i will try this monday and let you know.