| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 81184 | 2007-07-19 12:05:00 | Windows help! | JOEJG (10295) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 570356 | 2007-07-19 12:05:00 | Right so 2 days ago I had to install Windows for no known reason. And now I've had to do it again, but luckily I lost nothing, unlike I did the first time. My comp would reboot, come up with the Windows logo and then flash with a blue screen extrememly quickly, then restarts. So it's impossible to read to my skill. I even tried safe mode and last known config, but neither worked. I had no choice but to reinstall Windows. Whilst it was installing, the screen kept flashing on and off until it decided to stop. I guess it really was the gfx card. Once it was done, I logged on and a message appeared say something similar: ''Computer restarted after an unexpected shutdown. Microsoft Windows detected a possible device failure. The display driver for NVIDIIA GeForce 6600 GT seems to be responsible for ths system instability.'' I have now updated it, yet to reboot because I'm scared. Now that the computer is on, I want to do what I came online to do first. Now I'm being hassled with a message like this, in a grey box, randomly every half a minute or less: ''Message from FROM to TO. Stop! Windows requires immediate attention Windows has found 55 critical system errors. Visit www.helpfixpc.com'' Is it just targetting me or is it really that important? I've never done registry cleaning before and I have had my CPU for 6 years. The message varies within different links, randomly. Extremely annoying. Edit: Atm it hasn't done within a minute or so. Edit: And now it's just done it 3 times in a row! Edit: Twice again. So annoyed! Edit: Has not done it in 2 minutes now. Oh it just did! |
JOEJG (10295) | ||
| 570357 | 2007-07-19 14:46:00 | Get Hijackthis by searching from Google and run a scan and then copy and post the logfile here so Speedy can have a look and see if there are any infections/spyware etc. | beeswax34 (63) | ||
| 570358 | 2007-07-19 16:01:00 | Okay, and I've mananged to get rid of the grey boxes, by going into the admin tools. But people still recommend me to install SP2, whatever that is. Here it is: Logfile of HijackThis v1.99.1 Scan saved at 4:24:30 PM, on 7/19/2007 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\WINDOWS\System32\rundll32.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 7.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\WINDOWS\System32\hphmon04.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\System32\HPHipm11.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE C:\Documents and Settings\Tony\Local Settings\Temp\Temporary Directory 2 for hijackthis[1].zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.wanadoo.co.uk R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [zzzHPSETUP] F:\Setup.exe O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 7.exe O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [STManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O17 - HKLM\System\CCS\Services\Tcpip\..\{E8D8DD16-1C16-4B70-84E8-98C2BAEC0E74}: NameServer = 195.92.195.94 195.92.195.95 O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe |
JOEJG (10295) | ||
| 570359 | 2007-07-19 16:45:00 | and this is ANOTHER case of getting killed by rogue malware by using an unpatched and non-secured pc on the web . SP-1 is not enough . . you gotta get SP-2! and do it immediately and well before before going online . . . get/buy/steal/borrow an SP-2 disc from somebody and don't rely upon the Windows site to get it to you fast enough either! You could get it via a well-secured and running system as an . iso and just run it on the new install too . You can also legally run a ripped version of SP-2; Windows even recommended making copies for everyone on your shopping list . It was legal and licensed by M$ to do that for just the same reason as you are now experiencing . . it HAS to be in XP for reasons that are oh-so too many to tell . They wanted to get it out to as many people as fast as they could . It is a complete re-write of XP anyway and takes almost as long to install as XP does . Needless to say, you would not try to download XP either . Put SP-2 in as early as you can . . and 'way before any other updates and installations . It like to get in first and set up housekeeping before you garbage up the root drive with add-ons and such . If you wait too long, it will likely die trying to get in a solid footing . Many people have had bad experiences with SP-2 for just that reason . Some non-insightful persons actually blamed SP-2 for all their problems . The rest of the herd had them pushed off a cliff . |
SurferJoe46 (51) | ||
| 570360 | 2007-07-19 20:05:00 | Okay I'll get it as soon as I can. How much would it cost and will I have to completely reinstall Windows wiping everything off? This computer is 6 years old and I've never done this before as you can tell. And what should I delete from the above list? This ''speedy'' you are referring to is Speedy Gonzales? |
JOEJG (10295) | ||
| 570361 | 2007-07-19 20:16:00 | and this is ANOTHER case of getting killed by rogue malware by using an unpatched and non-secured pc on the web . SP-1 is not enough . . you gotta get SP-2! and do it immediately and well before before going online . . . get/buy/steal/borrow an SP-2 disc from somebody and don't rely upon the Windows site to get it to you fast enough either! . Get real Surferjoe . I have not got SP2 and have never had SP2 . Nor do I have malware problems . You're mad if you think Microsoft patches, updates or service packs have anything to do with protecting you from malware . All SP2 has in it is a few IE tweaks . This is dangerous advice to give someone . So they trot off and install SP2 and STILL get malware . Obviously . He needs to install: A 3rd party firewall such as ZOne Alarm or Commodo, and configure it correctly . Antivirus At least 2 anti-spyware programs such as Spybot, AdAware SE Personal or the stuff listed in Speedys signature . I clean malware out of SP2 PCs all the time . |
pctek (84) | ||
| 570362 | 2007-07-19 21:27:00 | Sorry, but this isn't really helping. I'm getting mixed opinions. I have Norton AntiVirus and AdAware SE Personal. I run full system scans weekly or less. |
JOEJG (10295) | ||
| 570363 | 2007-07-19 21:45:00 | Put hijackthis in its own folder, run it, then tick these entries then tick fix checked. Close browser/s. These arent nasty O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background This looks nasty O4 - HKLM\..\Run: [zzzHPSETUP] F:\Setup.exe (Do you know what this is)??? O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm Try Rogueremover in my sig below. Update it then click on scan. Then reboot. See if that fixes things. |
Speedy Gonzales (78) | ||
| 570364 | 2007-07-19 22:52:00 | Can I ask a stupid question The grey box that pops up is obviously winows messenger, did you follow the instructions it gave you about downloading some registry app, as the app could be less than kosher ie malware if they use such a dodgy form of marketing, I am assuming this is the message you got (www.helpscreen.com.au) you may also want to clear all your cookies etc if you haven't already SP2 is Microsofts service pack 2, basically a big bug patch/update, by the sounds of it you have service pack one installed, it's up to you if you want it installed, it is free and was on many cover CDs, and i think can still be downloaded from Microsofts site it is big though if you are on dial up |
Morgenmuffel (187) | ||
| 570365 | 2007-07-19 22:56:00 | This looks nasty O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm That will be Joes ISPs searchbar I think that is the old wanadoo searchbar like the msn or google bar, you may want to get the newer version of it as wanadoo is now called Orange and is europes biggest ISP http://www.orange.co.uk/ |
Morgenmuffel (187) | ||
| 1 2 3 | |||||