Random PC Crashing/Restarts

Hello, everyone. I am having some issues with my PC that I cannot solve.

There are many things I can tell you that could possibly help you help me. I'll try to keep them short and in a list:

I play a LOT of graphic-intensive games. I have a Radeon X1950PRO which has been getting about 70 degrees Celsius playing Crysis on medium settings.

I have scanned my computer with Norton about a month ago(uninstalled), AVG the same time as Norton(uninstalled), BitDefender just a week or two ago, and Ad-Aware today. Norton, AVG, and BitDefender successfully found and deleted everything they found. Ad-Aware found "Win32.Trojan.KillProc ". It was found in the file C:/hp/bin/KillIt.exe . After some quick Google-ing, most forums stated that this file was a false/positive. I'm thinking this may be the cause of my crashes. Since the name is "KillProcess ", it could be killing a process that is vital for Windows to function.

It seems it only happens when I am playing games. I JUST thought about that. I'm so stupid. Still, it could be something else that the HijackThis log can help with.

A forum I visit quite often had a post I found today that said:
"ATI released a new version of their Radeon drivers, 7.12, which causes graphical corruption on OpenGL. To reverse this, get the following. It is universal for all Radeon cards.

http://ati.amd.com/support/drivers/xp/radeonx-xp.html "
This may be the problem, but I think the random crashing has been going on before I downloaded a update from ati.com.

That's all I can think of at this moment, but I had many other things I needed to say, but I forgot them.

Now, onto the HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:49:45 PM, on 1/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\HP_Administrator\Desktop\shexview.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/resetpw.srf?lc=1033
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: 2nd &Speech Center - {CFE40ED8-564E-4693-A9D9-80DB70C8E460} - C:\PROGRA~1\2nd Speech Center\tts4ie.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe "
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe "
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe "
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe "
O4 - HKLM\..\Run: [Eamonn] C:\Program Files\Eamonn\bin\Eamonn.exe -h
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: Disabled
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Disabled
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install2.5/Installer.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Unknown owner - c:\Program Files\Norton Internet Security\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe (file missing)
O23 - Service: COM Host (comHost) - Unknown owner - c:\Program Files\Norton Internet Security\comHost.exe (file missing)
O23 - Service: DiamondCS ProcessGuard Service v3.410 (DCSPGSRV) - Unknown owner - C:\Documents and Settings\HP_Administrator\Desktop\ProcessGuard\dcsuserprot.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Norton Protection Center Service (NSCService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: DiRT Drivers Auto Removal (pr2ah4nc) (pr2ah4nc) - CODEMASTERS - C:\WINDOWS\system32\pr2ah4nc.exe
O23 - Service: Symantec AVScan (SAVScan) - Unknown owner - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 10535 bytes

 

Welcome to WindowsBBS Jubeix90

It certainly does sound as though your BSODs are graphics card/driver related, though it could be other drivers/hardware as well. There are a couple of items in the HijackThis log that can be removed, but it's highly unlikely it will make any difference for the BSOD problem.

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)


I recommend you read through this topic and gather the necessary tools to create a debugged dump log, then start a new topic in the XP forum to see if you can get help with it. Make sure to include the information you've given here in regards to the graphics drivers.

The KillIt.exe file is a legitimate HP file used only by an HP application, and only when necessary, such as when applying updaes to HP software or products. I think it would be good of you to report the detection to the Lavasoft Support Forums. They have a section just for false positive reports.

 

Thanks, noahdfear.

I've removed the HijackThis entries successfully.

But I may have made a mistake with the Ad-Aware finding. I quarantined it. I was able to restore it, but now I cannot find where it is located. I did a Windows Explorer search, and nothing. I've looked on my desktop, and its original folder, still nothing.

If anyone knows where the default location where Ad-Aware places the restored files, please let me know.

I'm asking here hoping someone here knows where. It's a lot easier than signing up and asking one silly question for my first post.

 

It should have restored it to it's original location of C:/hp/bin/KillIt.exe

Is it a hidden file or directory? Does it still show up as a quarantined item in Ad-aware?

 

I changed the folder options to check for it, and both Hidden System Files and Hidden Files and Folders showed no results.

It is not in quarantine anymore. I'll do another scan to see if it can find it again.

 

Check the recycle bin.

 

Nothing :/

 

It's not a system critical file, and chances are you'll never miss it anyway. I will see if there's a source for replacement though.

 

http://www.lavasoftsupport.com/index.php?showtopic=15181&st=0&p=66437&#entry66437

He has an attached killit.exe, but I don't think it is the same exact one that I need for my computer.

If you really think I shouldn't worry about it, I won't. But if there is any way to check to see if that is the file I use also, then that'd be great.

EDIT:

Okay, I tried doing this, but I never had a memory dump set.

Does this mean I need to get it to crash again so I can get a log file of it?

 

You can trust the source. CalamityJane is a very well known and respected individual in the malware removal community. KillIt.exe is just a process killer and I would expect that any version would work. Good chance there's but one version anyway.

 

Check to see if your computer is configured to create a memory dump. Right click My Computer and select Properties. Select the Advanced tab, then Startup and Recovery Settings button. Under System Failure, the box to 'Write an event to the system log' should be checked. Under 'Write Debugging info' select Small Memory Dump and set the path to %SystemRoot%\Minidump. If these settings are already in place, I may be mis-interpreting your topic title of 'Random PC Crashing'. What exactly happens?

 

It's a little hard to explain, but I'll give it my best:

It only happens while I'm in a game, and it doesn't matter which game it is.

I'll be playing my game, and with no warning or error sound, my monitor will do the same thing it does when it, I guess 'hibernates' after the screen-saver has been on for a good while. My monitor will say "POWER SAVING ENABLED" in a big colorful box which floats around like a screen-saver.

This will happen while in the middle of a game, and I can't do anything to get it back running. After a few seconds, my computer will restart itself. Before it can even get to the login screen of Windows, it restarts yet again. Then again, and again. The only way to keep from looping is to hold the shutdown button on the front of the tower. It then proceeds to run without any problems or errors.

Something interesting happened the last time I played a game, I could hear the game's ambient sounds(gunfire and mortar rounds) in the background still playing. I tried Ctrl+Alt+Delete, but nothing. I moved around the mouse to see if it would hover over any buttons and make a sound. Nothing. It soon went into the looping restarts.

And again, this only happens while I'm in a game. So I'll get this memory dump over to the XP section.

And do I need to get my PC to try to crash again so I can get some info in the memory dump?

 

I'm not sure that behavior will even produce a dump, but you would have to make it happen again (if you just set it to report dumps) to even know if one is created. Definitely a graphics problem, and drivers is a good place to start. Is the card staying cool enough? Does the card have a fan on it, and if so, is the fan working? The hardware forum might be a better place to look for assistance.

 

Okay. Thank you for all your help, noahdfear.

 

You're quite welcome.