I know a double tap of the 3 finger salute will normally reboot a machine but i have an odd one here.

when i 3 finger salute this box one time it reboots. it will load windows normally and sit there just fine, when i try to run any spyware/malware/virus scan the machine reboots or if i hit the 3 finger salute.

any idea what virus this is so maybe i can throw on a hot fix??

thanks in advance

Run the scan in safe mode. That should do it. If not:confused:

ya safe mode isnt picking up anything on the scans as of now, but it does stay booted up in safe mode so i know its a software problem.

AVG Spybot S&D and ad-aware came up with nothing as well as a program from Mcafee called Stinger and Vundo for trojans.

im a bit stumped, would a registry problem do this?

What version of Windows is being used? (Should really not have to be asked)

Give Windows Defender a try, it's free.

if this is a recent thing, maybe try a restore point.

run hijackthis :D

Give Windows Defender a try, it's free.
The Windows XP Pro x64 version of Windows Defender is amazing, it caught a virus the second I finished downloading the file... Norton would of failed me and resulted in a big chunk of the OS being destroyed.
IT HAS CAUGHT SEVERAL VIRUSES THE SECOND I FINISHED DOWNLOADING!
I kept the files partitioned to see how long it would take Norton to even reconise them... over a day... and I submitted both of them.
If Vista has an insanely advanced version of that intergrated into the OS... hackers may have to concentrate on MAC and Linux for now on. :drool:
It's all the security I need on my computer... it has yet to let even a byte of spyware remain alive after the daily scan, I've even set it to block malicious sites such as the "gay porn window spaming trojan imbedder" and "ridin spinnaz" and such...
I also like that my ISP now accepts automated reports from Defender(with a custom plugin that has to be installed) involving DDOS attacks and such... that du-bag HL2:DM admin finally has been banned from a large chunk of the internet for lagging over 2 million people and crashing all of my clan's(not actually my clan, but I am #9 up) servers.

My only complaint is that it takes up alot of processing power(1 billion ops when it's doing more then one thing at a time) with it at the highest level of security possible, and if I'm downloading alot of big things it'll take up to 256mb of my 2Gb of RAM.

But for a free app, it owns... now only if the XP Home version was that good... and it'll work best if you put it on a clean install.

thanks guys, its my mothers computer and i didnt get the time with it i wanted.

i tried a restore point in safe mode but they are disabled in safe mode and i cant keep the desktop up long enough to get one going and reboot.

sorry i didnt mention OS its xp home, and i will try defender tomorrow when i get the chance and get HJT on that machine.

she just paid 170$ for a company to do this for her and a week later its a mess again ( i didnt have time to go over to her house and help her so she got mad at me and took it somewhere and it bit her right in the behind.)

maybe ill give that company a call also they obviously overlooked something.

try doing a check disk scan too ..

Logfile of HijackThis v1.99.1
Scan saved at 6:00:42 PM, on 9/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\WINDOWS\Explorer.EXE
C:\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sp/*http://www.yahoo.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.d ll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.d ll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON PictureMate 2005] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9 ZA.EXE" /P22 "EPSON PictureMate 2005" /O6 "USB001" /M "PictureMate 2005"
O4 - HKLM\..\Run: [Device Detector] "C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe" -autorun
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\RunServices: [ÿ_zskqdxz[auhzvl`^h[l40inkrwksz_] c:\windows\system32\_zskwrkni04l[h^`lvzhua[zxdq.exe
O4 - HKLM\..\RunServices: [ÿ_zskY^XBAZBYSZ_XLM] C:\WINDOWS\System32\_zskwrkni04X\MLX_ZSYBZABX^Y.ex e
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/1.0.0971.20/WinSSWebAgent.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1148918375155
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Microsoft Networks DN (msndn) - Unknown owner - C:\WINDOWS\msndn.exe (file missing)
O23 - Service: Socks-Cap (Sc32Inch) - Unknown owner - C:\WINDOWS\Sc32Inch.exe (file missing)

theres the HjT log i wasnt sure if you guys could help on HjT or not, im not real familiar with it.

i put in bold what i thought might be the problem, keep in mind this is also in safe mode, i cannot keep a normal load up for more than 3 mins.

thanks

I know a double tap of the 3 finger salute will normally reboot a machine but i have an odd one here.

when i 3 finger salute this box one time it reboots. it will load windows normally and sit there just fine, when i try to run any spyware/malware/virus scan the machine reboots or if i hit the 3 finger salute.I shall, for the moment, ignore the possiblity of a hardware problem.

"I know a double tap of the 3 finger salute will normally reboot a machine", is true. Microsoft Windows NT based operating systems (such as Windows XP Home Edition) normally would not reboot on tap of Ctrl + Alt + Delete ("three finger salute").

If the three finger salute does not reboot Windows with a single tap in Safe Mode, something running in Windows is interfering with the normal outcome of the three finger salute. The interfering thing or things would likely be a process, service, or driver ("or" is inclusive).

To solve the problem, modification of the offending thing(s) must occur (elimination is considered a modification) and anything to restore offending things or render substitutes of the offending things must not exist.

With this information I believe Hexnan should be able to solve his problem.

mine does not reboot w/ the three finger salute, 1 time comes the task manager, 2 times... nothing... or maybe it does but I don't want to try now:p

I shall, for the moment, ignore the possiblity of a hardware problem.

"I know a double tap of the 3 finger salute will normally reboot a machine", is true. Microsoft Windows NT based operating systems (such as Windows XP Home Edition) normally would not reboot on tap of Ctrl + Alt + Delete ("three finger salute").

If the three finger salute does not reboot Windows with a single tap in Safe Mode, something running in Windows is interfering with the normal outcome of the three finger salute. The interfering thing or things would likely be a process, service, or driver ("or" is inclusive).

To solve the problem, modification of the offending thing(s) must occur (elimination is considered a modification) and anything to restore offending things or render substitutes of the offending things must not exist.

With this information I believe Hexnan should be able to solve his problem.

i do beleive that is the smartest smartass answer i have ever heard :bday:

thanks for the laugh.

when i get a chance ill research your log..

otherwise if you beat me to it you can simply google each one..

thanks barton no worries about the research, i joined a HjT forum and posted it up. i can afford to wait a few days for an answer if indeed thats the problem...but i dont think it is.

i do however think i found the problem, i kept noticing in task manager something trying to run but it would fail immediatley and only stay in task manager for a brief second then disapear.

after a google search of every process running in task manager i came up with nothing but did notice a pattern of automatic updates trying to install an update.

so i put automatic updates to automatically download the updates but let me choose when to install them. currently i am able to stay in a normal boot for 10 mins with AVG burning clock cycles. ill try to manually install these updates when AVG CWshredder AD-aware and Spybot are finished for the 3rd time to see if it crashes the machine again.

thanks for the help guys

Open up msconfig and then the Startup Tab. Google eveything in that list your not familiar with and either allow or uncheck depending on what it is. That might keep you in windows long enough to install Defender.

Not allowing Automatic Updates has it's risks.

i have mixed feeling about automatic updates, on one hand i dont think they are necessary. I havent touched an update on the rig in my sig since sp2.

on the other hand, i wouldnt live w/o them on any family members box because they wont take the time to clean/update anti-<insert problem> software.

so anyway its working alright now, apparently windows updater had a bad download of an update and kept trying to install it which in turn crashed the computer. turning off the auto install of auto-updates allowed me into auto-updates to install each update manually until i found the culprit which was then removed from add/remove.

Turns out i had the worst kind of virus...one MS made :)

the msconfig/bootup only showed AVG running on the box every time i booted