PC Crashing - Overheat, memory or Infected??
Hi all
My PC at home keeps crashing, especially when running SpyBot, Adaware and routine antivirus scans. I am going to to try and run a Hijack This (1.99) scan tonight, however have heard that the Ms4Hd parasite will crash HijackThis when it reaches the new O23 (NT Services) section. This parasite deliberately crashes most apps that query any regkeys/files it owns. If this is the case tonight, I will try a copy of HJT 1.98.2 (which shouldn't crash with Ms4Hd). Assuming HJT works I'll post the log here later. If Ms4Hd is the culprit, does anyone know how to get rid of it? In the meantime, could it just be overheating or memory - it has been stable for about a year however following some advice on another post I tried to run memtest yesterday and all I got was a page of blinking sets of 4 characters during boot up from floppy. Any Ideas?? Any thoughts appreciated. Oggin p.s. 3.2 Athlon 1 Gig RAM (2 pieces) Win XP Pro SP 2 with updates Hardware Firewall (Router) Software Firewall (McAffee) McAffee Antivirus etc. IE6 p.p.s. Edit to say when it crashes I get a blue screen of death, sometimes it flashes up and is disappears too quickly to read, sometimes I have enough time to read an "IRQ not less than zero" error prompt which leads me to think the memory is on its way out. I am not, however, sufficiently knowledgeable to know what to do about it! Hence this post. Cheers. |
Oggers,
Sounds like you got a duff Memtest floppy. Try to see if you can boot to another DOS boot floppy (easy to make in XP). Since Memtest is open source there are several versions. I always use this one. You are quite correct in that if you haven't changed your s/w & h/w config it'll either be malware or the big three (you only mentioned two) MEMORY - HEAT - POWER It could be your PSU is on the way out. If when it's working to spec and the +12V rail is 16 Amps or less it would be marginal for your system anyway. Try a min power config of graphics card, one hard drive and one memory stick. Disconnect / remove everything else, pci cards, floppy, optical drive, peripherals etc. If it then works, suspect your PSU. You could also look to see how much undervoltage/fluctuation you are getting in the bios or with a utility like Speedfan (Google for it). |
Toxteth
I used the same download site for memtest but there are 6 versions to download from - I downloaded the last one on the that list ie the 62.2kb file size. Should I try another? Cheers for the advice. Oggin |
MEMORY - HEAT - POWER
Or mobo. I've just had an elderly Socket A mobo die on me. Same symptoms. Looked at it, lots of swollen caps (capacitors). http://www.badcaps.net/tips/ |
Oggers
Try this Or just re-run the install batch file on a new floppy. @McKnife Unlikely for OA's symptoms; his does boot. A fried mobo wouldn't even post. |
Well ....
Took the case off - a lot of dust in there. Unscrewed the fan from the processor - a lot (~30%) of clogged dust on the heatsink. Vacuumed all that lot. Now nice and dust free. Drilled some large holes in the side of my previously solid desk to aid airflow. Ran HJT 1.99 OK, which leads to the assumption that I havent got Ms4Hd. Anyway, this is the result of the HJT scan, if an expert would oblige - Logfile of HijackThis v1.99.0 Scan saved at 6:23:17 PM, on 1/20/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\WINDOWS\system32\drivers\dcfssvc.exe C:\WINDOWS\System32\inetsrv\inetinfo.exe C:\PROGRA~1\Iomega\System32\AppServices.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe C:\WINDOWS\System32\PGPsdkServ.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Iomega\AutoDisk\ADService.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\CTHELPER.EXE C:\WINDOWS\system32\carpserv.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\Program Files\Support.com\bin\tgcmd.exe C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe C:\Program Files\Microsoft Hardware\Mouse\point32.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe C:\Program Files\Iomega\AutoDisk\ADUserMon.exe C:\Program Files\Iomega\DriveIcons\ImgIcon.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\Program Files\Messenger\MSMSGS.EXE C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\PGP Corporation\PGP for Windows XP\PGPtray.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\WINDOWS\System32\svchost.exe c:\progra~1\mcafee.com\vso\mcvsftsn.exe C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE C:\Documents and Settings\<my name>\My Documents\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...ch/ie.html</a> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust....yahoo.com</a> R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/2/hi/default.stm R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust....yahoo.com</a> R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;;localhost;<local> O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar1.dll O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file) O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar1.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe" O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe O4 - HKLM\..\Run: [SSRunScript] "C:\Program Files\Support.com\Charter\bin\SSRunScript.exe" /script "C:\Program Files\Support.com\Charter\vbs\verifyconnection.vbs" /args //b startupdelay O4 - HKLM\..\Run: [POINTER] point32.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: PGPtray.lnk = ? O8 - Extra context menu item: &Google Search - res://c:\windows\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\windows\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\windows\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\windows\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\windows\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...tup1.0.0.6.cab O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...4/mcinsctl.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/301cb569...p/RdxIE601.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1093230445288 O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/soft...ch/alaunch.cab O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...21/mcgdmgr.cab O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?312 O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe O23 - Service: McAfee.com McShield - Unknown - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee SecurityCenter Update Manager - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: McAfee Personal Firewall Service - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe O23 - Service: PGPsdkService - PGP Corporation - C:\WINDOWS\System32\PGPsdkServ.exe O23 - Service: Iomega Active Disk - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe Thanks for all your help. Oggin |
Oggin,
Assuming your problems continue and it is not a virus/duff software, there is another test you can run. Most PCs have inbuilt temperature sensors. A useful free programme for finding what is going on heat wise inside your PC is: Speedfan. Re hoovering out the dust - a word of Warning. Hoover hoses being attached to rotating fans can carry a lot of static, putting one inside your PC can result in a static discharge with disasterous results for static sensitive components. Keep the hose as far from the PC as you can. Hope this helps EG |
ExG
Thanks for the info - will run the test.
I always ground myself when tinkering inside the PC and this time ensured no static was discharged. But thanks for the tip. Anyone any help with the HJT log? Cheers Oggin |
Hi Oggin,
Well at least you can forget about malware being the cause.. The HJT log shows that you are clean. A couple of entries you can fix though.. O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - Global Startup: PGPtray.lnk = ? Just housekeeping.. :ok: :) Cheers Liam |
Just a quickie on removing dust from inside a computer, get an "air duster" (a can of compressed air) and blow the dust out. These can be sourced form most stationary suppliers. Like ExG says, don't use a hoover.
|
E-Liam et al
Thanks for all the advice. Glad to know its not malware. Will fix those 2 entries. Still cant get memtest to work but will keep trying - I suspect I've got some duff memory. All the best :ok: Oggin |
Try what I suggested earlier about booting with min h/w config to see if it's a psu prob. Also help find which of your 2 mem sticks may be duff as you'll only be booting with single stick.
|
Having similar problems myself. Downloaded and ran Speedfan. Its telling me that Temp 1 is 43c and Temp 2 is 61c (also got a flame next to it) does this mean its running too hot or are these temps okay. Its an AMD64 Athlon 3200+
|
Depends on which temp is which.
Configure the Speedfan tabs in the following order: FANS Tab The three fans are displayed. Select the fans shown below one at a time and use the F2 key to rename them: Winbond W83627HF Fan1-Rename to "CPU" Fan2-Rename to "NB" Winbond W83627THF Fan2-Rename to "CPU" Check the box in front of Fan1 and Fan2. Fan 3 isn't used and this keeps it from showing up in other tabs. Temperatures Tab Click on a temperature in the displayed list. At the bottom of the screen you will get a desired temperature (fan speed is controlled around this temperature) and a warning temperature (fan speed is set to 100% at this temperature). There is also a checkbox "Show in Tray". You can check this for only one temperature. It is then displayed in the tray (if you hold the mouse over the temperature, all temperatures are displayed in the popup). Use the F2 Key to rename as follows: Winbond W83627HF Temp1-Rename to "System" Temp2-Rename to "CPU" Temp3-Rename to "NB" [However, if board has no sensor, ignore 3] Winbond W83627THF Temp2-Rename to "CPU" Temp3-Rename to "System" If you have and hard drives with SMART and they have temperature monitoring they will show in this list as well. Since these boards don't control the system fan the temperature setpoints don't need to be set. Expand each temperature by clicking on the "+" in front of it. This will show all configured fans and you can choose which fans the selected temperature should control. A single temperature can control more than one fan (in my case I use CPU temperature to control CPU and NB fans, since the NB temperature isn't real for these boards). Voltages These should all be checked and are correctly displayed. Speeds Winbond W83627HF Sensor Pwm1-Use F2 and rename to "Speed CPU". Sensor Pwm2-Use F2 and rename to "Speed NB". Winbond W83627THF Sensor Pwm2-Use F2 and rename to "Speed CPU". When you click a fan, the bottom of the screen gives you two boxes where you can set the minimum value and maximum value. Setting either fan to a minimum value of 0 will allow it to stop. A setting of 1 may result with the fan speed signal saying 0 although the fan still runs. I find the fans are noisy at low speed so I set the minimum to 10. You can set the maximum value to whatever you want; if it is less than 100 then the fans won't run full speed until the warning temperature controlling that fan is reached. If you want the fan speed controlled, check the "Automatically variated" box. Options Select the font colors and size you want. You will probably want to check "Start minimized" to put it in the tray on start. Don't check the "Enable Dell..." box. You can check "set fans to 100% on program exit" which is a good idea. I have "ISA BUS" and "SMBus" both checked. Select Celsius or Fahrenheit. Advanced SpeedFan sets up these settings OK by default. I find if you select this tab and don't make changes sometimes they change anyway. The correct settings for Winbond W83627HF are: Winbond W83627HF Temperature sensor diode 1 - Thermistor diode Temperature sensor diode 2 - PII diode Temperature sensor diode 3 - Thermistor diode Winbond W83627THF Temperature sensor diode 1 - Thermistor diode Temperature sensor diode 2 - PII diode Temperature sensor diode 3 - Thermistor diode PWMOUT1 clock - 23.43 KHZ PWMOUT2 clock - 23.43 KHZ Fan 1 Divisor - 8 Fan 2 Divisor - 8 Fan 3 Connector The Fan3 connector on the motherboard has no speed regulation and no speed monitoring. Thus it is only capable of running a small fan at full speed, so you may as well connect a fan direct to the power supply cable instead of the board. Temperature Corrections If a manufacturer uses a non-standard sensor and SpeedFan reports a different temperature than the hardware, you can go to CONFIG / ADVANCED and set the TEMP OFFSET. |
Okay...seems that fan 2 isn't working at all. Sorry if this sounds dumb but should I have a fan two? I assume if it has detected one it should be working. ?
|
Depends how many fan headers with sensor out your motherboard has.
What's your mobo - I'll check for you? |
Thanks - Its a K8T Neo MS-6702 (v1.x) ATX motherboard, its based on a VIA k8T800 North Bridge & VT8237 South Bridge chipset. Hope this means more to you than it does to me!
|
Your mobo has the Winbond W83697F sensor chip.
It also has 4 fan headers with sensor connections; Fan Power Connectors: CFAN1/SFAN1/PWFAN1/PWFAN2 The CFAN1 (processor fan), SFAN1 (system fan), PWFAN1 (Power Supply fan) and PWFAN2 (Power Supply fan) support system cooling fan with +12V. It supports three-pin head connector. When connecting the wire to the connectors, always take note that the red wire is the positive and should be connected to the +12V, the black wire is Ground and should be connected to GND. This mainboard has a System Hardware Monitor chipset on-board, so that you must use a specially designed fan with speed sensor to take advantage of the CPU fan control. So depending on how many and type of fans you have fitted you can set up Speedfan to monitor the temps and control the speeds of all four. Obviously you need to keep your cpu fan connected to the mobo header to read cpu temp. you can then connect any of your remaining case or psu fans to the three remaining headers. The sysfan header will read the temp of the surface of the mobo and is usually used to control the rear case exhaust fan, although some people use it for the Northbridge fan if fitted. To use the sensor for fan control you need to check your fans have 3 wires (usu. black -Gnd, Red - +12V, Yellow - sensor/control). If they only have black and red there is no benefit in connecting them to the mobo, you may as well run them at constant speed directly off the psu (or a rheostat fan controller). HTH |
All times are GMT. The time now is 15:22. |
Copyright © 2024 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.