Steve Posted November 20, 2005 Author Share Posted November 20, 2005 Sometimes it'll specify the name of a file (quite often a .sys file) that's causing the problem. The error you got is unspecific and could be hard to track down. You could try powering off the PC and removing the plug from the wall, opening the case and reseating the RAM, CPU and any cards you have installed. I had a problem a while back and I tried everything, then 2ndHand suggested removing the CPU and putting it back in and that fixed it. That's the first thing I would try anyway. After that it's a case of trying to narrow it down to the component causing the problem which can be very tricky. Quote Link to comment Share on other sites More sharing options...
Kper Posted November 20, 2005 Share Posted November 20, 2005 umm yeah it doesnt specify any files that i can see... reseting the cards eh? might try that later on. gonna see if anything else happens first. Â go to do this show first. nice one anyway! Quote Link to comment Share on other sites More sharing options...
rygon Posted November 22, 2005 Share Posted November 22, 2005 look at all this rubbish on my parents pc. ive installed a coule of programs (ccleaner, perfect disk adaware and regseeker) and the rest is graciously given for free...arent they nice Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Norton Internet Security\ISSVC.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exec:\APPS\Powercinema\Kernel\TV\CLCapSvc.exec:\APPS\Powercinema\Kernel\TV\CLSched.exeC:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exec:\APPS\HIDSERVICE\HIDSERVICE.exeC:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exeC:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exeC:\WINDOWS\system32\slserv.exeC:\Program Files\Raxco\PerfectDisk\PDSched.exeC:\WINDOWS\SOUNDMAN.EXEC:\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\Program Files\Java\jre1.5.0_04\bin\jusched.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Apps\Powercinema\PCMService.exeC:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exeC:\WINDOWS\system32\hphmon04.exeC:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exeC:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exeC:\WINDOWS\system32\HPHipm11.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\WinRAR\WinRAR.exeC:\DOCUME~1\home\LOCALS~1\Temp\Rar$EX05.562\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dllO2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dllO3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dllO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dllO4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNCO4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMENameO4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exeO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exeO4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exeO4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXEO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dllO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htmO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeO23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exeO23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exeO23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exeO23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exeO23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exeO23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exeO23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exeO23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exeO23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exeO23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exeO23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe Quote Link to comment Share on other sites More sharing options...
Steve Posted November 22, 2005 Author Share Posted November 22, 2005 You wanna clean that up mate? BTW, are either of your parents Asian, or do they need to type Asian characters in documents? Quote Link to comment Share on other sites More sharing options...
rygon Posted November 22, 2005 Share Posted November 22, 2005 no they dont need it...i have no idea where that came from. Have just removed norton so kaspersky is gonna be put on now Quote Link to comment Share on other sites More sharing options...
Steve Posted November 22, 2005 Author Share Posted November 22, 2005 Removing Norton will shrink the log by loads. All of these are added by it: - C:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Norton Internet Security\ISSVC.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeO2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dllO2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dllO3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dllO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dllO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeO23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exeO23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe That's one of the reasons why I don't like it. It's far too intrusive and runs too many services. Quote Link to comment Share on other sites More sharing options...
rygon Posted November 22, 2005 Share Posted November 22, 2005 yeah definately..im now down to this Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exec:\APPS\Powercinema\Kernel\TV\CLCapSvc.exec:\APPS\Powercinema\Kernel\TV\CLSched.exeC:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exeC:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exec:\APPS\HIDSERVICE\HIDSERVICE.exeC:\WINDOWS\SOUNDMAN.EXEC:\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\Program Files\Java\jre1.5.0_04\bin\jusched.exeC:\Apps\Powercinema\PCMService.exeC:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exeC:\WINDOWS\system32\hphmon04.exeC:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exeC:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exeC:\WINDOWS\system32\slserv.exeC:\Program Files\Raxco\PerfectDisk\PDSched.exeC:\WINDOWS\system32\HPHipm11.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\WinRAR\WinRAR.exeC:\DOCUME~1\home\LOCALS~1\Temp\Rar$EX00.110\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNCO4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMENameO4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exeO4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exeO4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exeO4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exeO4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimizeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXEO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dllO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exeO23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exeO23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exeO23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exeO23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exeO23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exeO23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exeO23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exeO23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe Quote Link to comment Share on other sites More sharing options...
Kper Posted November 22, 2005 Share Posted November 22, 2005 ok sorry but im back again  Twice in the last two days i';ve had this:- comp starts then black screen saying Windows needs to be reinstalled cos a file is corrupt. this has happened three times, each time referring a diff file:- \WINDOWS\SYSTEM32\CONFIG\SYSTEM- <windows root>\system32\ntoskrnl.exe- System32\Drivers\Fastfat.sys the last two have just happened.  Got another 2 blue screens today as well:- PAGE_FAULT_IN_NON_PAGED_AREA- BAD_SYSTEM_CONFIG_INFO  Both without a reference to a file. both just happened,  When i got the windows needs reinstalling last night, i rebooted and it went fine comp worked. Today i rebooted and got a blue screen, rebooted windows needs resintalling, rebooted blue screen. etc... now comp seems to work, kapersky is asking for a full scan to be done.  Ive not tried the taking out of the cpu thing yet (mianly cos i dont know what the fuck it is!)    Quote Link to comment Share on other sites More sharing options...
Steve Posted November 22, 2005 Author Share Posted November 22, 2005 Rygon - none of these are essential, but disabling them is down to you and depends if you use the features or not: - O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNCO4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName These are related to entering complex characters and foreign language symbols. O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE Adds an icon in the system tray for adjusting your sound card. O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe Adds an icon in the system try for adjusting the graphics card. O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe Updater for Sun's Java. You can check manually. O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe" Appears on Dell PCs. Allows you to access music, movies and other media quickly (whatever that means!). O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" Checks for updates to Photosmart software. O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe Allows you to share photos to a secure web site. O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background MSN Messenger. Disable autostart from the program's options. O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE Starts the Office toolbar. Not required as all Office elements can be started from shortcuts when required. O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll A link to Real.com added by RealPlayer. O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe Related to the graphics card. Can be safely disabled in the services list. O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe Related to Power Cinema. Non-essential. O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe Task scheduler for Power Cinema. O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe Another related to Power Cinama. O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe Driver to enable function keys on certain types of keyboard. O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe  Adds an icon to the system tray to show the status of your Internet connection. Quote Link to comment Share on other sites More sharing options...
Steve Posted November 22, 2005 Author Share Posted November 22, 2005 Lo, I reckon you could have memory problems. I've seen that fastfat.sys error before on other forums. The first thing you need to try is reseating the memory sticks. If you have more than 1 stick of memory and reseating them doesn't work, then you need to take a stick out and see how the PC runs without it. Again, if the errors continue, put that stick of memory back in and take out the other. The PC will be slower with only one stick in there obviously, but if the blue screens disappear then you know you have a bad memory stick and you can buy a replacement. They're cheap these days. Quote Link to comment Share on other sites More sharing options...
rygon Posted November 22, 2005 Share Posted November 22, 2005 cheers for the help steve Quote Link to comment Share on other sites More sharing options...
Steve Posted November 22, 2005 Author Share Posted November 22, 2005 Here's what it looks like inside your PC: - http://www.frozencpu.com/images/products/detail_secondary_hires/ram-11_3.jpg Your RAM may not look like that - most is a green circuit board with a row of black chips on it - but there should be several slots parallel to each other as in that pic. Release the clips at each end, pull out the RAM, check for dust and other rubbish in the RAM slots, then push the sticks firmly back into place and lock them using the clips. Quote Link to comment Share on other sites More sharing options...
Kper Posted November 22, 2005 Share Posted November 22, 2005 ok, one thing tho... wtf does a mem stick look like? Â ha ha beat me to it. thanks mate Quote Link to comment Share on other sites More sharing options...
Steve Posted November 22, 2005 Author Share Posted November 22, 2005 cheers for the help steveNo problem. Run HijackThis from it's own folder rather and undo files will be created, so if you remove something and decide you need it after all you can always restore it. Quote Link to comment Share on other sites More sharing options...
Steve Posted November 22, 2005 Author Share Posted November 22, 2005 ok, one thing tho... wtf does a mem stick look like?  ha ha beat me to it. thanks mateHehe. Yours may look more like this than the sticks in the image above: - http://www.servicioalpc.com/images/RamDIMM.jpg Make sure you remove the plug from the wall before you start! (Obvious I know, but I don't want you electrocuting yourself.) Make sure you pull the sticks straight up out of the slots (after releasing the locking clips). They can be a tight fit so you might need to give them quite a pull. When you put them back in, they should click into place and the locking clips should click back into place easily. Quote Link to comment Share on other sites More sharing options...
Kper Posted November 26, 2005 Share Posted November 26, 2005 right me again I took the mem sticks out and dusted the entire computer inside (needed it badly). Seemed to work fine afterwards (put them both back). For a whole day no blue screens, ran fast... then blue screen came back but this time i had a file info - Got the PAGE_FAULT_IN_NON_PAGED_AREA title, then:0x000000050 (0xF861FA90 ; 0X0000001 ; 0X8058703E ; 0X00000000)and the file it referred to was serial.sys with this infoAddress: F861FA90 base at F8610000 Datestamp 41107f17  All i can think of is that once i'd reinstalled windows office, it didnt actually ask me for a serial number, it seemed to pick up the one from before (tho that was uninstalled). It also kept all the preferences, like when i opened outlook the account that used to be set up on there, was there as if it'd never been uninstalled (all the imap details were there etc...) anyways if you can let me know if this means anything else apart from what we've already been through i'd be very grateful once more : )  oh and check pms too! Quote Link to comment Share on other sites More sharing options...
Steve Posted November 26, 2005 Author Share Posted November 26, 2005 That version of Office didn't ask me for a serial number either. Your Office preferences are saved to make upgrading easier, so it's quite normal for certain settings and account details to be transferred between installs. Serial.sys isn't actually related to serial numbers. You can read some info on it here: - http://www.microsoft.com/whdc/system/CEC/serddvr.mspx#EZ I still think this is a hardware problem of some sort. It could also be related to drivers. Did you install any drivers for any of your hardware right before this started happening? Quote Link to comment Share on other sites More sharing options...
Kper Posted November 26, 2005 Share Posted November 26, 2005 That version of Office didn't ask me for a serial number either. Your Office preferences are saved to make upgrading easier, so it's quite normal for certain settings and account details to be transferred between installs. Serial.sys isn't actually related to serial numbers. You can read some info on it here: - http://www.microsoft.com/whdc/system/CEC/serddvr.mspx#EZ I still think this is a hardware problem of some sort. It could also be related to drivers. Did you install any drivers for any of your hardware right before this started happening?<{POST_SNAPBACK}> nah man. the last driver i installed was ages ago bfeore the blu screens started happening... unless i think maybe we installed a driver for a digi cam i bought, but that' it. not for any hardware. the last hardware i installed was a sound card nearly 2 years ago. i think the pc just dont like me!!! thanks for you help and advice tho, it's cleaned it up a lot and made it smoother, so better then nothing really, i think its time for a new baby Quote Link to comment Share on other sites More sharing options...
Steve Posted November 26, 2005 Author Share Posted November 26, 2005 It could possibly be the digicam drivers. You should find a folder here: - C:\Windows\Minidump Inside that should be some .dmp files. If you sort them by date and then send me the most recent one, I'll take a look. You could also try running MemTest, because even though you took the sticks out, cleared out the dust and put them back in, one or both of them could be faulty: - http://www.memtest.org/ The program is free and instructions are here: - http://forum.x86-secret.com/viewtopic.php?...c4baced6267c1a3 Quote Link to comment Share on other sites More sharing options...
Nimrod Posted December 10, 2005 Share Posted December 10, 2005 yo steve could you sort this log out? if you do i shall upload a few albums for everyone to enjoy and what not.     Logfile of HijackThis v1.99.1Scan saved at 14:08:58, on 10/12/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exec:\Program Files\Common Files\Symantec Shared\ccProxy.exec:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exec:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\svchost.exec:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\keyhook.exeC:\WINDOWS\ALCXMNTR.EXEC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\WINDOWS\AGRSMMSG.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Java\jre1.5.0_05\bin\jusched.exeC:\Program Files\winupdates\winupdates.exeC:\Program Files\MSN Messenger\msnmsgr.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Microsoft Office\Office\WINWORD.EXEC:\Program Files\Microsoft Works\WkDStore.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Program Files\KillTask\KILLTASK.EXEC:\Program Files\WinRAR\WinRAR.exeC:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Rar$EX00.641\HijackThis.exeC:\WINDOWS\system32\NOTEPAD.EXEC:\WINDOWS\system32\NOTEPAD.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktopR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktopR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktopR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktopR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktopR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktopR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktopR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktopO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dllO2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dllO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dllO4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\keyhook.exeO4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXEO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /ConsumerO4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exeO4 - HKLM\..\Run: [WinProfile] sndcfg16.exeO4 - HKLM\..\Run: [AutoTBar] c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXEO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exeO4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /autoO4 - HKLM\..\RunServices: [WinProfile] sndcfg16.exeO4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /backgroundO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXEO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dllO9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exeO9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exeO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO17 - HKLM\System\CCS\Services\Tcpip\..\{2E7FDBAF-F747-4094-9C1A-245041A21800}: NameServer = 192.168.1.1O17 - HKLM\System\CS1\Services\Tcpip\..\{2E7FDBAF-F747-4094-9C1A-245041A21800}: NameServer = 192.168.1.1O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dllO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exeO23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe    nice one mango... its not actually my regular comp, its my other one i dont use that often but thought i'd give it a scan - the problem is that whenever i close limewire, it (limewire) will restart like a minute later automatically, and so i've had to remove it fully.  also, i cant open up task manager at all... if you could give me some help that would be awesome! cheers dood Quote Link to comment Share on other sites More sharing options...
Nimrod Posted December 11, 2005 Share Posted December 11, 2005 bump Quote Link to comment Share on other sites More sharing options...
Steve Posted December 11, 2005 Author Share Posted December 11, 2005 You have 2 viruses and the leftovers of a third. Download CCleaner from here, install it, but don't run it yet: - http://www.ccleaner.com Run HijackThis and check off the following: - R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktopR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktopR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktopR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktopR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktopR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktopR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktopR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktopO4 - HKLM\..\Run: [WinProfile] sndcfg16.exeO4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /autoO4 - HKLM\..\RunServices: [WinProfile] sndcfg16.exeO23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing) Close all other windows and hit Fix Checked. Reboot the PC into Safe Mode, enable the viewing of hidden and system files, then delete the following if found: - C:\Program Files\winupdates C:\WINDOWS\svcproc.exe sndcfg16.exe  Once you've deleted those, run CCleaner and let it delete any temp files, then reboot into regular Windows and start Internet Explorer. Hit Tools, Internet Options then on the Programs tab, hit the Reset Web Settings button. Click on the Security tab, Internet zone icon and make sure the security level hasn't been set to low. If it has, hit the Default Level button. Finally, on the General tab re-enter the home page you want to use and then you must hit Apply, then OK. Download the latest version of Java by clicking here: - http://jdl.sun.com/webapps/download/AutoDL?BundleId=10343 Go to Add or Remove Programs and uninstall your current version, reboot the PC, then install this one. Quote Link to comment Share on other sites More sharing options...
savwar Posted December 11, 2005 Share Posted December 11, 2005 hey steve, was wonderin if u could have a look here....runnin a piece of shit dell my sister had in work.. seems to be loaded with spy/ad ware.... i'm been runnin spybot , ad -adware and AVG free, but still bullshit everywhere..pop ups, windows has told me theres spy ware, homepage keeps changin to about:Blank and shit... cheers man heres the log...  Logfile of HijackThis v1.99.1Scan saved at 17:35:01, on 11/12/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Java\jre1.5.0_05\bin\jusched.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\QuickTime\qttask.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exeC:\Program Files\SpyFighter\SpyFighter.exeC:\Program Files\SpyFighter\AutoUpdate.exeC:\WINDOWS\system32\winud.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exeC:\WINDOWS\system32\ntpa.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\Program Files\iPod\bin\iPodService.exeC:\WINDOWS\system32\wuauclt.exeC:\Documents and Settings\una\Desktop\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\ubrgu.dll/sp.html#93256R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ubrgu.dll/sp.html#93256R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\ubrgu.dll/sp.html#93256R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\ubrgu.dll/sp.html#93256R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ubrgu.dll/sp.html#93256R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\ubrgu.dll/sp.html#93256R3 - Default URLSearchHook is missingO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO2 - BHO: Class - {B1C677B3-B411-DB4C-5060-4FBCDCDEE682} - C:\WINDOWS\appnp.dllO2 - BHO: Class - {D4A73795-115C-35C2-E903-9D8423062AAF} - C:\WINDOWS\d3ne32.dllO2 - BHO: (no name) - {daa873d4-958c-453c-81ca-3fe6f3676a87} - C:\WINDOWS\system32:wjaa.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUPO4 - HKLM\..\Run: [iejv32.exe] C:\WINDOWS\iejv32.exeO4 - HKLM\..\Run: [mfcwh32.exe] C:\WINDOWS\system32\mfcwh32.exeO4 - HKLM\..\Run: [spyFighterMonitor] "C:\Program Files\SpyFighter\SpyFighter.exe" monitorO4 - HKLM\..\Run: [spyFighterUpdate] "C:\Program Files\SpyFighter\AutoUpdate.exe" silentO4 - HKLM\..\Run: [atlwq.exe] C:\WINDOWS\atlwq.exeO4 - HKLM\..\Run: [winud.exe] C:\WINDOWS\system32\winud.exeO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exeO8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.htmlO8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.htmlO8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.htmlO8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.htmlO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.htmlO8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dllO23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\ntpa.exeO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeO23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe  i appreciate this shit man... will hook you up for the helpcheers Quote Link to comment Share on other sites More sharing options...
Steve Posted December 11, 2005 Author Share Posted December 11, 2005 OK mate, first off download CCleaner from here, install it, but don't run it yet: - http://www.ccleaner.com Next, download CWShredder from here, run it and hit the Fix button: - http://www.trendmicro.com/ftp/products/onl.../cwshredder.exe You have a program on your machine called SpyFighter. It's a fake antispyware program, so go to Add or Remove Programs and uninstall it. At this stage, reboot the PC. Hit Control/Alt/Delete to bring up Task Manager and end this process if you can: - ntpa.exe Run HijackThis and check off all of the following if found. Some items may no longer exist after running CWShredder: - R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\ubrgu.dll/sp.html#93256R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ubrgu.dll/sp.html#93256R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\ubrgu.dll/sp.html#93256R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\ubrgu.dll/sp.html#93256R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ubrgu.dll/sp.html#93256R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\ubrgu.dll/sp.html#93256R3 - Default URLSearchHook is missingO2 - BHO: Class - {B1C677B3-B411-DB4C-5060-4FBCDCDEE682} - C:\WINDOWS\appnp.dllO2 - BHO: Class - {D4A73795-115C-35C2-E903-9D8423062AAF} - C:\WINDOWS\d3ne32.dllO2 - BHO: (no name) - {daa873d4-958c-453c-81ca-3fe6f3676a87} - C:\WINDOWS\system32:wjaa.dllO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [iejv32.exe] C:\WINDOWS\iejv32.exeO4 - HKLM\..\Run: [mfcwh32.exe] C:\WINDOWS\system32\mfcwh32.exeO4 - HKLM\..\Run: [spyFighterMonitor] "C:\Program Files\SpyFighter\SpyFighter.exe" monitorO4 - HKLM\..\Run: [spyFighterUpdate] "C:\Program Files\SpyFighter\AutoUpdate.exe" silentO4 - HKLM\..\Run: [atlwq.exe] C:\WINDOWS\atlwq.exeO4 - HKLM\..\Run: [winud.exe] C:\WINDOWS\system32\winud.exeO23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\ntpa.exe Close ALL other windows and hit Fix Checked. Reboot the PC into Safe Mode by tapping F8 as it's booting. Start Windows Explorer and hit Tools, then Folder Options. On the View tab, set the following like this: - Show hidden files and folders - CheckedHide extensions for known file types - NOT checkedHide protected operating system files (Recommended) - NOT checked Then hit Apply then OK. Search for the following files and folders shown in bold and delete them if found. They may not all be there after running CWShredder and Hijack This, but make sure you double check, cos if you miss one it can cause some or all of the others to come back.: - C:\WINDOWS\system32\ubrgu.dll C:\WINDOWS\appnp.dll C:\WINDOWS\d3ne32.dll C:\WINDOWS\system32\wjaa.dll C:\WINDOWS\iejv32.exe C:\WINDOWS\system32\mfcwh32.exe C:\WINDOWS\atlwq.exe C:\WINDOWS\system32\winud.exe C:\WINDOWS\system32\ntpa.exe  C:\Program Files\SpyFighter  Delete what you can and post back with the list of those that wouldn't delete (if any). Once you've done that, run CCleaner and let it clean your drive. Then reboot into regular Windows. Start Internet Explorer and hit Tools, then Internet Options. Click on the Programs tab, followed by the Reset Web Settings button. Then click on the Security tab, then the Internet zone icon and see if the security level has been set to low. If it has, hit the Default Level button. Click on the General tab and re-enter the home page you want to use. Now you must click Apply then OK. Download the latest version of Java by clicking here, but don't install it yet: - http://jdl.sun.com/webapps/download/AutoDL?BundleId=10343 Go to Add or Remove Programs and uninstall your current version, then reboot and install the new one. Finally, you need to get yourself a firewall. I used to recommend Sygate, but it's no longer available so give Kerio a try. It's free: - http://www.kerio.com/kpf_download.html Once you've done all of that, reboot one final time and grab a new HijackThis log and post it. Quote Link to comment Share on other sites More sharing options...
chopsyturvy Posted December 11, 2005 Share Posted December 11, 2005 Basically, I installed a messenger plus update (which i have now uninstalled) and it has added a new toolbar and i keep getting pop ups. In the past, I've located it and deleted it successfully but i can't seem to do it this time, it just keeps coming back. Any ideas? Thanks Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Apps\ActivBoard\nhksrv.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\system32\slserv.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Virtual CD v4 SDK\system\vcssecs.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\htpatch.exeC:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exeC:\Program Files\Java\jre1.5.0_04\bin\jusched.exeC:\Program Files\QuickTime\qttask.exeC:\WINDOWS\system32\wscntfy.exeC:\Program Files\Internet Explorer\iexplore.exec:\progra~1\intern~1\iexplore.exeC:\Program Files\LimeWire\LimeWire.exeC:\Program Files\MSN Messenger\msnmsgr.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Documents and Settings\Charlie\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ygbhuttxjp.com/VZDZy5eTaWqIvNIN...5_kEUcJNyzx.htmF2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exeO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocxO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exeO4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /backgroundO4 - HKCU\..\Run: [drvbits] C:\DOCUME~1\Charlie\APPLIC~1\TONSRD~1\deletegram.exeO4 - Startup: PowerReg Scheduler V3.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.htmlO8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.htmlO8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.htmlO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.htmlO8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.htmlO14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk/O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cabO16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http://akamai.downloadv3.com/binaries/P2EC..._1014_EN_XP.cabO16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cabO16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/WebsiteA...e/bridge-c9.cabO16 - DPF: {2AEEAC34-FD74-4142-B891-4B05C0C03C87} - http://akamai.downloadv3.com/binaries/Dial...042_pack_XP.cabO16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...s/yinst0401.cabO16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_EN_XP.cabO16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/073d983b13a5e0...ip/RdxIE601.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab30149.cabO16 - DPF: {94F5DCB7-816C-4B94-A2C1-856C6E323C5B} - http://akamai.downloadv3.com/binaries/Live...ice_4_EN_XP.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cabO16 - DPF: {EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1} - http://akamai.downloadv3.com/binaries/IA/netpe32_EN_XP.cabO16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab30149.cabO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)O18 - Filter: text/html - (no CLSID) - (no file)O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exeO23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exeO23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exeO23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exeO23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.