I work in IT and should know this, but my home PC has started acting crap.

It tripped out and rebooted one morning, it then did it again the next day in the morning.

One of my USB ports doesn't work. My MP3 Player isn't recognised by my PC anymore (is fine on another PC).

I turned my PC the other day, and left it logged in, and wandered off to cook dinner, came back and it was at the login screen - it had rebooted again.

It has also rebooted when I have submitted a reply to the clan site twice. Interestingly the reply got on the web straight away, whereas normally it takes a while for it to think about it - strange?

There are a few ideas on this. We have had reports of buggy main Anti-virus exe's at work, it sounds the same, but my event logs are not the same as what we are finding at work, and also there is nothing of excitement or interest to promote suspicion from me.

I have disabled my AV for now just to see what it does. Then I will turn it back on.

One thing I will do is capture the error log next time and save it somewhere else.

Another thing is my AV records the network traffic I generate. Winlogon.exe is sending/trying to send info. Why? I have not clicked "send error report".

So for now, what is a decent hardware diagnostic scanner. I'm happy to run checks, and my girlfriend will be happy as I can paint something in the house whilst it is doing it.

Also is there something I can run in the background logging all activity up to the point it craps it's pants so I can look at it to work out the problem?

It is something hardware related on PC or some really oddball XP problem. Some people think it is Microsoft trying to break XP to force people on to Windows7. Whatever.

Cheers

Just crashed on me again. Anti-virus was not running. Got the error logs. 32Mb in size, I'll need a dump log analyser.

Manifest says this:

Server=watson.microsoft.com
UI LCID=1033
Flags=1672016
Brand=WINDOWS
TitleName=winlogon.exe
DigPidRegPath=HKLM\Software\Microsoft\Windows NT\CurrentVersion\DigitalProductId
ErrorText=This error occurred on 07/11/2009 at 14:24:37.
HeaderText=winlogon.exe encountered a problem and needed to close.

I'm going to run a full AV scan. This problem has only started doing this from 4th November

Here's and interesting one. I have had a Malware problem in the past - last year I think. And I also got false postitives on stuff.

Using Sysinteranals "Autoruns" it flag that I had a scheduled task set.

C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nzcysxo.dll,DllMain -

nzcysxo.dll - doesn't flag as dodgy on the net. Properties of the file come up with a description of SMVERI32 DLL SMVERI32

SMCORPNAME Corporation doesn't reveal much. But I'm guessing it was part of a driver for my wireless set up at the time (I had fun with that).

I will be removing this, it appears set to run on a weekly basis, but everyday at 11:27 but only on my profile on the PC

I suppose checking task scheduler is something else to look for when virus hunting

I wander if someone is trying to get in through remote desktop. Check to see if you have remote desktop enabled.

~Johnny Jones

Run ccleaner, malwarebytes. Isolate your system power from any power board/surge protector and plug it straight into a wall socket. Then memtest your RAM, then get a copy of Spinrite and check your HDD. If still issues persist or not found, try a repair install of Windows.

Failing all that... you know... reinstall that OS.

I turn all the bells and whistles off my PC, any un-needed services are turned off. My AV jumps up and down for the slightlest thing, so remote connection of any kind unless it was very veiled would flag.

What I may do is leave my PC at the login screen and see if it trips, if not, I'll login on my default profile and see what happens. I am currently using my Admin account on the PC and it is a hell of a lot faster.

Might be my rather untidy desktop and large user profile is pissing the OS off to the point is is telling me to sort it. Can't blame it.

I do know one thing that is annoying

nzcysxo.dll. If I log in as my default then there are security attributes for the file, BUT I can't change them. It says Administrator has full control. I login as Administrator and there are no security attributes. I can't delete the file as it is in use, but there is nothing in the registry pointing at it, and nothing to suggest it starting?

When I find a working ERD Commander CD I'll splat the bastard and be done with it.

I'll also see how much of a bind it is to get all my programs working under a different profile, if the problem is related to my default profile and just that, then I can live with getting rid of it and starting from scratch.

I'm also going to set up Windows 7 install on a spare drive, just to see what fuss is about.

On going saga with this. Something mascarading as legit dll, and is tied to Winlogon.exe however can't get rid of it until I get a more up to date ERD Commander (I text my brother asking to borrow and he brought Supreme Commander back that he had borrowed - duh!).

The FUN site reads better under Administrator on my PC for some strange reason?

Eeeeeehm ok what i used to do. If you know the name of the file.

I start up my pc in safe mode. go to the file. Change the extantion on it to some bs thing. Start up regular way and delete it.

I cam up with SMVERI32 DLL as a trojan back door (Trojan.BHO.H, original name smveri32.dll) http://forums.majorgeeks.com/showthread.php?t=186454

or use a linux distro in 'live cd' mode, navigate to the offending file and nuke that sucker

In the end I probably think a clean install would not only fix your issues, but give you a fresh start.

Cheers for the link Pinny, any pain in the arse virus/trojan is interesting and you don't learn without having to sort crap out yourself, and in some respects the idiot users at work are actually useful for providing us with things to do.

Don't really want to do a re-install as I have loads of stuff however.

ERD Commander I will splat it. Safe Mode does not work, as it is resident and tied to Winlogon.exe.

The shutdowns were something killing the winlogon.exe process, if you use Process Explorer (SysInternals) and kill it, your PC goes bye bye. So I'm discounting the hardware fault at the moment (my USB is still crap though).

Been using Spybot, and removing the run keys, but it turns back on.

One of the problems is it is called nzcysxo.dll, but is SMVERI32.DLL but is hooked into Windows, the role of the dll is that of kmsvc.dll

Problem is the AV is ignoring it, I assume at some point it was either trusted or it is that good that the AV is crap and sees nothing wrong.

Hopefully I'll get ERD Commander later.

Spybot I have running to detect anything running or executing. Getting Browser helper objects popping up for this site and for my work webmail.

Try this if you can or rather want to.

Got to http://www.eset.com/ and dwld the free client version install and run. If it is tied with a stealth root kit Virus as I have been reading, it will catch it and fix it. You may still have to to a system repair from your install disc but it is still easier that an clean reinstall.

Here is my two cents worth.
Aside from having something undesirable.....running Windows is like running a car.
If you're always on the road then do frequent checks.....then replace/fresh install every two years. I believe even without any outside influence, Windows OS would eventually slow down and grind to a halt.

One valuable hint that was given to me by a friend working for M/Soft support, was to ensure the HD was always set on DMA mode and not PIA mode. You can do that by looking at the IDE Controller properties in device manager.

This one important step is paramount to the speed that windows reads the HD. Trouble is if you have a lot of errors, Win OS will auto reset the mode........So it's always good to do a spring clean and fresh install.

OK......off to the gym

Your correct Catt, I do it every 12months give or take (whenever I have the time) because processes start to appear that are no longer necessery.

Here is my two cents worth.
Aside from having something undesirable.....running Windows is like running a car.
If you're always on the road then do frequent checks.....then replace/fresh install every two years. I believe even without any outside influence, Windows OS would eventually slow down and grind to a halt.

One valuable hint that was given to me by a friend working for M/Soft support, was to ensure the HD was always set on DMA mode and not PIA mode. You can do that by looking at the IDE Controller properties in device manager.

This one important step is paramount to the speed that windows reads the HD. Trouble is if you have a lot of errors, Win OS will auto reset the mode........So it's always good to do a spring clean and fresh install.

OK......off to the gym

Cheers Catt

Both my drives are set to DMA and not PIO. Not something I have come across before though, but something to bear in mind.

XP is behaving at the moment. I'd prefer to just have one PC with a couple of games on just for that purpose, and have some sort of roll back facility. If I ever have the time and resources I may do something.