PDA

View Full Version : need help fast!!!!!



willson_slp
03-02-2004, 11:35 PM
this is kind of a long post but i needed to explain exactly what was happeing--i've tried everything i know of and still no luck.

i really need some help. my computer is constantly going into stand-by mode. i am running Windows XP and i thought it was a virus so i ran several system scans and nothing was found. i've been reading about w32.blaster.worm virus and it seemed like my computer was infected but after running a scan made to find the virus, it said i was not infected. i evn\entually had to reformat my hard drive and re-install windows. this worked at first, but soon after setting everything up, the same problem started happening again. although this time not only did the system randomly go into stand-by mode, a few times a box popped up saying the system was going to shut down in 1 minute. i remember reading that the blaster worm caused a pop up like that to appear, so i rebooted the computer in stand-by mode w/networking and installed a firewall and made sure i had the up-to-date patches and ran a tool to remove the worm. but again the results said there was no worm. after reading different threads on this and other forums, i changed a few settings under power options in the control panel, and for the time being, my system seems stable. im actually surprised my computer was stable long enought to type this post--im not sure the problem is fixed but i hope so. i defidently won't counmt on it. the thing is i don't want this problem to happen again. does anyone have any advise for me on how to fix my problem? and also, does someone know how to be sure the virus (or whatever it was) is gone for good? thanks alot!



there is one other thing that might help someone identify whats wrong with my computer. every now and then in the bottom right corner of my screen, the word "Suspend" shows up in green for a second or two and then disappears. before i changed the settings in power options, my computer would go to stand-by mode, but now nothing happens. what causes this? once again thanks for you time and help!

PrntRhd
03-02-2004, 11:55 PM
I would start with an online virus scan and then reboot and try HijackThis and post the results.

It would also help to know what security you are running, did you do all the XP Updates, etc.

willson_slp
03-03-2004, 12:18 AM
here is the HijakThis log. also i have installed all XP updates. hope this helps

Logfile of HijackThis v1.97.7
Scan saved at 11:14:32 PM, on 3/2/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\Dit.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Winamp\Winampa.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\WINDOWS\DitExp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Symantec\LiveUpdate\LUALL.EXE
C:\PROGRA~1\NETSCAPE\NETSCA~1\NETSCP.EXE
C:\Documents and Settings\Trey\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = https://customer.symantec.com/NASApp/web/PlsqlServlet/su_substatus.picklang?p_contact_id=476732557&p_checksum=5018CAB4&p_vendor_id=&p_vendor_tag=
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5 Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Trey\Application Data\Mozilla\Profiles\default\hlri04o4.slt\prefs.j s)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Bigfix.lnk = C:\Program Files\BigFix\BigFix.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com

Budfred
03-03-2004, 12:26 AM
Your HJT log looks clean...

You can fix this if you would like, but only because it is useless:

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

willson_slp
03-03-2004, 03:49 AM
its doing the stand-by bit again--now more frequently. this is really starting to make me mad. here is a current hijak result. maybe something is different about it. thanks.


Logfile of HijackThis v1.97.7
Scan saved at 2:49:03 AM, on 3/3/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\Dit.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Winamp\Winampa.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Program Files\BigFix\BigFix.exe
C:\WINDOWS\DitExp.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Netscape\Netscape 6\Netscp.exe
C:\Documents and Settings\Trey\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = https://customer.symantec.com/NASApp/web/PlsqlServlet/su_substatus.picklang?p_contact_id=476732557&p_checksum=5018CAB4&p_vendor_id=&p_vendor_tag=
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5 Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Trey\Application Data\Mozilla\Profiles\default\hlri04o4.slt\prefs.j s)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Bigfix.lnk = C:\Program Files\BigFix\BigFix.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com

Mini-Me
03-03-2004, 05:13 AM
Hiya!
:)

Just a couple of thoughts for you to try:

- Go into SETTINGS/CONTROL PANEL/POWER, and ensure that ALL options in there are set to "NEVER". This will prevent the system, monitor and hard-drives going into any sort of XP controlled sleep mode.

- Turn off any screen saver (just for the duration of the testing)

- Go into HIBERNATE tab of POWER options, and untick ENABLE HIBERNATION.

And the last thing I can think of is:

- Go into your computer's system BIOS, and check that there are no options in there that allow the machine to go into a sleep mode. Some BIOS's do allow this, some don't. If it does, check the time figures, and for the purposes of testing, I would disable ANY BIOS-level power saving modes or options.

Good luck!
:cool:


MM.

Mini-Me
03-03-2004, 05:19 AM
ADDITIONAL: As your monitor is coming up with the word SUSPEND in green, this usually points more to a BIOS or some sort of hardware power saving. The BIOS could be telling the monitor to go into suspend mode. Most of the time, the green on-screen text is hardware generated, usually by the electronics of the monitor itself, and in this case, the monitor has received an instruction(either from the BIOS or from XP) to enter suspend mode, which for all intents and purposes, turns the screen off...

:cool:


MM.

Mini-Me
03-03-2004, 05:28 AM
ADITIONAL ADITIONAL: If the system announces that it is going to shut down in one minute, I would seriously want to look at another two things:

- If you have any sort of intelligent system hardware monitor software - maybe installed as part of the m/board drivers or something; look into this software(if it exists), and check that it is not shutting down the system for the same reasons as below...

- Check the BIOS for any system monitor options, such as CPU or system overheat warnings, CPU-fan warnings, PSU-fan warnings. It is indeed possible, that something is overheating, and a hardware monitor of some description is taking over, and shutting down the system to protect it from heat-stress.

Check the PSU fan, and the CPU fan. Touch the CPU heatsink - it should not be so hot, that you cannot touch it. If it is, then the CPU is not being kept cool enough.

(warm to hot is O.K., but if you cannot put your finger on the CPU heatsink for 10 seconds, then the heatsink is too hot, and the CPU might be getting a little stressed out.)

Sorry for all the posts!
:p


MM.

willson_slp
03-03-2004, 06:09 AM
thanks for the advise! i have already changed the stand-by and hibernation steeting but i haven't tried any of your other suggestions. i'll get back and let you know if they worked in a little while. thanks again.

bassman
03-03-2004, 07:50 AM
Aloha Wilson and welcome to http://www.pcguide.com/ubb/pcgubb.gif
If what MiniMe suggested hasn’t fixed it, could you tell us a bit more about this machine? How old is it? How long has this been happening? What were you doing 1 hour, 1 day, 1 week prior to this starting? Nothing to personal here, more like new programs, different websites, power failure, kids involved, you know, that kind of stuff. ;)
It is apparently an E Macine so we should know if it is still under warranty. Have you been to their site for any support? When in standby mode, what do you need to do to get it back up? Move mouse, power button, kick start….? :eek:

Good luck

Budfred
03-03-2004, 09:34 AM
Your HJT log still looks clean....

Paul Komski
03-03-2004, 03:52 PM
stand-by mode w/networking

Are you sure you dont mean Safe Mode and not Stand-by Mode?

willson_slp
03-03-2004, 04:29 PM
yeah i did mean safe mode w/ networking--sorry about that. well, i tried the suggestions given and still no luck. my computer is an Emachines D2586 running windows xp professional. i bought it in august/september 2003. this problem started about 2, maybe 3 weeks ago at most. i called emachines tech support line and they couldn't find out exactly what was wrong. the guy helping me did say he thought it was a specific file or program causing it because the problem does not occure while in safe mode. i hadn't installed any new programs that i can think of, so i don't know what prograsm could be causing it. im completely out of ideas. if i can't fix it, then i will probably reformat the hard drive and re-install windows one more time. and if that doesn't fix it then im going to return my computer (which is still under warranty). i hope someone can figure out whats going on so i don't have to resort to that. thanks.

oh yeah, one more thing--when it does go into stand-by mode all i have to do to get ot of it is hit a key on the keyboard (although sometimes if i do then it goes into hibernation right away, but not always) or move the mouse.

Paul Komski
03-04-2004, 06:22 PM
Run box and enter msconfig

Disable all entries under Services and StartUp.

Reboot.

If problem has gone away, run msconfig again and start enabling the services and startups (singly or in groups followed by rebooting) until you can hopefully thereby discover the culprit. It may take a while or you may be lucky and hit it quickly.

Try just the startups for starters.

Mini-Me
03-05-2004, 05:24 AM
Hiya!
:-)

A most strange problem!!!

The fact that it is waking up when you move your mouse, or press a key, indicates to me, that there can be only one of two things causing this:

1) BIOS hardware shutdown
2) Windows hardware manager(of some sort)

IF POSSIBLE put another old HDD into your machine for the re-install, just to ensure that your current HDD does not have problems(either in the read or write modes). If the problem goes away with this install on another HDD, then you might want to look into the stability of the HDD you are using...

At any rate, if the machine is still under warranty, I would return it to the store you got it from, and let them fix it for you...

Please keep us posted!
:)


MM.

Mini-Me
03-05-2004, 05:29 AM
ADDITIONAL: Oh - one other thing - with the aid of your motherboard manual, is there any jumper on the board, that tells the hardware to go to sleep after a certain point?

Quite probably not, but I would check the motherboard manual anyway...

...just in case...


MM.

Mini-Me
03-05-2004, 05:42 AM
The reason I suggest another HDD is due to the fact that if an old HDD is failing, it can have trouble transferring data to and from the discs, and therefore, result in garbled data transfer.

In-accurate data transfer might be translated by your motherboard as a terminal fault...

...one that it cannot get out of, so it shuts down the system...

This is, of course, the extreme case, but worth mentioning...

Also, if your machine is still under warranty, I would not go changing any HDD's - just return it with a description of your problems...


MM.

willson_slp
03-05-2004, 03:35 PM
well, the problems gone! i have no idea what i did though. i just turned on my computer yesterday morning and a window popped up saying windows had just recovered from a serious error. im not sure wat it was talking about but my compter has been working fine ever since then. i later decided to run a spyware program and it found the msblaster worm so i deleted that, and i have had no problems. thanks for your help!!!!!!!!

Budfred
03-05-2004, 04:59 PM
If you found Blaster, you need to do a lot more checking for infestation. I recommend running one of the online virus scans in addition to running both AdAware and Spybot after updating them.... Also, make sure you WinXP is fully updated...

Mini-Me
03-06-2004, 03:50 AM
Hiya!
:-)

Hey, that's great news!
:-)

I'd definetly follow Budfred's advice from this point on...

Good luck!


MM.

willson_slp
03-08-2004, 04:31 AM
yeah--after finding the blaster worm i did go ahead and run several different virus scans and have completely updated windows xp. ive also installed an additional firewall for futher protection. i just want to say thanks again to everyone who helped me out with my problem. i still don't know what caused it to go away but everyone was extremely helpful!!! hopefully i won't have anymore crazy glitches, but if i do i defidently know where to go for help!

Budfred
03-08-2004, 10:49 PM
If you are running 2 firewalls at the same time, it is an invitation for more trouble. You can run the hardware firewall in a router with a software firewall, but 2 firewalls running together will conflict with each other....

It is a good idea to run a spyware blocker like SpywareBlaster and IE-Spyads. They can be run together and with other programs without difficulty....