1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Im getting really hacked off with this now...

Discussion in 'Windows XP' started by Peepo, Jan 27, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. Peepo

    Peepo Thread Starter

    Joined:
    Sep 21, 2005
    Messages:
    57
    Hello, I have a problem with my pc that is only a year old & was wondering if anyone would throw some light on the matter?

    I have an AMD Sempron 2200 processor with Abit VA-20 mobo. With Windows XP Home.
    I use Norton internet securoity & a usb modem.
    My pc has ran fine for the last year and the problem started the other day..

    The other day it froze on shutdown & I had to turn it off at the plug. Then when I started it up the next day it would only let me boot in safe mode, with no networking capabilities either. So I decided to format & reinstall.
    Since then Ive formatted 3 times & reinstalled, all with the same result. After a few hours it freezes & when I start it up again it gets to the windows page, a blue screen flashes up so quick I cant read it, & then it reboots again & again, round & round in circles, with thiis blue screen flashing up.
    So now the only way I can get it to start up properly when this happens is by getting my windows disc & opting to 'repair' windows. (so I wont lose all my data again) which although isnt as time consuming as formatting, is still time consuming enough for me not to want to do it every few hours.

    A couple of other little bits of info that may help or may not...

    1) Before my system froze up the first time I had aquired a piece of software for removing software that couldnt be removed with the usual uninstall software.The piece of software that was proving hard to remove was some Nokia software, which I managed to uninstall. Then my pc froze up. (I figured this couldnt have any lasting problems though because Ive formatted & reinstalled since then)

    2)Since the first reinstall I have an error message keeps popping up when I go on the net. I think its a piece of spyware attached itself to me, but Ive done a full scan & apparently I have none.
    Anyway it claims to be a message from Microsoft informing me my Windows registry' is corrupt & if I visit www.uric.net & download a piece fo software it will fix it for me. (which I havent done)

    3)Since the first reinstall my pc is running very slowly & the mouse is floating quite alot, also its taking ages to surf the net.

    4)The last 2 times it has crashed it has been after Ive downloaded some Windows updates from Microsoft. (I had no trouble with downloading & installing these a year ago when I first got the pc)

    Also I am only running on service pack 1 now since my reinstall because I havent been able to find service pack 2 on the Microsoft webite. They make it quite hard to find on there! (I had service pack 2 for the last year & had no trouble downloading it or running it)

    Sorry or waffling, Im trying to give everyone as much info as possible :)

    Thanks in advance for any replies (y)

    Peepo
     
  2. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Right click on My Computer. Select Properties, then the Advanced tab.

    Under Startup and Recovery click on Settings. Remove the check mark from "Automatically restart". Click Ok, Apply, the Ok again.

    That will give you the oppportunity to read the error message, if any.

    I don't believe is Malware related, but it will be a good idea to see a Hijackthis log:

    Click here to download HJTsetup.exe:

    http://www.thespykiller.co.uk/files/HJTSetup.exe

    Save HJTsetup.exe to your desktop.

    • *Double click on the HJTsetup.exe icon on your desktop.
    • *By default it will install to C:\Program Files\Hijack This.
    • *Continue to click Next in the setup dialogue boxes until you get to the *Select Addition Tasks dialogue.
    • *Put a check by Create a desktop icon then click Next again.
    • *Continue to follow the rest of the prompts from there.
    • *At the final dialogue box click Finish and it will launch Hijack This.
    • *Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
    • *Click Save to save the log file and then the log will open in notepad.
    • *Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • *Come back here to this thread and Paste the log in your next reply.
    • *DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

    In addition, check your hard drive for errors, Run CMD. At the prompt type CHKDSK /r and schedule a session at startup. This comand is better ran within the recovery console as it will give you a complete report if ran with the /p switch.
     
  3. Peepo

    Peepo Thread Starter

    Joined:
    Sep 21, 2005
    Messages:
    57
    Heya, thanks for the reply,
    this is the log file from Hijack thing...

    Logfile of HijackThis v1.99.1
    Scan saved at 19:42:07, on 27/01/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton Internet Security\ISSVC.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\System32\VTTimer.exe
    C:\WINDOWS\System32\GSICON.EXE
    C:\WINDOWS\System32\dslagent.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Labtec\Labtec Mouse Software\2.0\mouse32a.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\VIA\RAID\raid_tool.exe
    C:\program Files\internet Explorer\iexplore.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
    O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
    O4 - HKLM\..\Run: [RemHelp] remhelp.exe
    O4 - HKLM\..\Run: [FLMLABTECMOUSE] C:\Program Files\Labtec\Labtec Mouse Software\2.0\mouse32a.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1138356623562
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1138382846040
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3C79A0D4-CBA4-4813-9A4B-86C027813D47}: NameServer = 194.74.65.69 62.6.40.178
    O17 - HKLM\System\CS1\Services\Tcpip\..\{3C79A0D4-CBA4-4813-9A4B-86C027813D47}: NameServer = 194.74.65.69 62.6.40.178
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    and Ive set the chkdsk thing to work on start-up.
    (y)
     
  4. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    I see no malware in the log. Is the following information familiar to you?

    Private Circuit Customer Networks
    BTnet Support
    154 St Albans Rd
    Sandridge
    St Albans
    Hertfordshire
    AL4 9NH
    GB
    +44 1189 512313
    [email protected]

    Does it has anything to do with your ISP (BT Voyager maybe?)?


    For those popups, check if the Messenger Service in Windows XP is active. If it is, disable the Messenger Srvice:

    http://www.microsoft.com/windowsxp/using/security/learnmore/stopspam.mspx

    I guess we will need to wait for an error message.
     
  5. matt_aj

    matt_aj

    Joined:
    Jan 23, 2006
    Messages:
    658
    Sounds more like a hardware issue if you've formatted and reinstalled. Sounds to me like either a bad hard drive or it is overheating. Open the case and check to make sure all the fans are going. Also, check the capacitors on the motherboard to make sure that they are not bulged or leaking. If you've formatted and reinstalled 3 times, I highly doubt spyware is your issue.

    It could also be caused by PCI card. What I would do if everything else checks out, take all the PCI cards out (modem, nic, sound card, etc.) Try running it like that for awhile. It could be a bad card causing the issue.
     
  6. Peepo

    Peepo Thread Starter

    Joined:
    Sep 21, 2005
    Messages:
    57
    Heya, yes the BT thing is to do with my internet connection.
    Ive disabled the messenger service.
    These things make me worried though cos I never had to do them before :(
     
  7. Peepo

    Peepo Thread Starter

    Joined:
    Sep 21, 2005
    Messages:
    57
    Oke, I did scandisk & everything seems oke.
    Last time I tried to reboot I recieved this error message..
    'procedure entrypoint_resetstkoflw not located in dynamic link library msvcrtdll'

    and then I had to reinstall Windows again beforeit would boot up properly.

    Also Ive noticed another thing. Since the first time I reinstalled last week the 3 blue squares that appear on the Windows page before the desktop appears after starting up...

    [​IMG]

    well mine have turned green.
    Even after Activating Windows they still stay green.
    Does anyone know why they would be green?
     
  8. flynstone

    flynstone

    Joined:
    Feb 21, 2002
    Messages:
    162
  9. Peepo

    Peepo Thread Starter

    Joined:
    Sep 21, 2005
    Messages:
    57
    Any ideas as to why those squares would now be green? :(
     
  10. matt_aj

    matt_aj

    Joined:
    Jan 23, 2006
    Messages:
    658
    Well XP PRO they are blue, XP Home they are green. You might have installed XP Home instead of PRO. At the desktop, right click my computer > Properties. This should tell you which version you are running.
     
  11. Peepo

    Peepo Thread Starter

    Joined:
    Sep 21, 2005
    Messages:
    57
    My copy is deffiantely XP Home. I dont have 2 copies either so its not an error I could make.
    They were blue before. Very strange...
     
  12. Peepo

    Peepo Thread Starter

    Joined:
    Sep 21, 2005
    Messages:
    57
    oke this is very strange now.
    I reinstalled again because my pc was running glitchy.
    the squares have turned blue again & its running fine.
    How weird is that!?
     
  13. Stallcup

    Stallcup

    Joined:
    Apr 23, 2005
    Messages:
    238
    If I recall correctly, the squares were initially green in WinXP Home, but became blue after the SP2 install. In your reinstalls, did they contain SP2 and did you install all updates subsequent to SP2?
     
  14. Peepo

    Peepo Thread Starter

    Joined:
    Sep 21, 2005
    Messages:
    57
    oh yeah, come to think of it you're right. They turned blue after I installed SP2.
    Mystery solved :D
     
  15. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/437728

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice