Posts by caperjack

So I got a virus and had to switch drives but now when I try to access my old drive, it tells me to format it. Help me. There was some important stuff on it.

how are you trying to axcess it ?

a few thing in the log that look wrong but a search shows me nothing ,let download and run and fix what it find with this program .http://www.prevx.com/security.asp

not sure about the dump file ,but the check disk on reboot is not enough the site above is talking about usin the winxp recovery ,you need to boot computer with you wixxp cd and do hit R for repair and then type in
chkdsk /r ,at the prompt when you get there .note there is a space between the k and the R.

using the xp recovery .
http://support.microsoft.com/kb/314058

First Im no expert but what i read a error in ram ,not necessarily bad ram .But i could be wrong and for sure swap ram or test ram try memtest86 program .
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/DevTest_g/hh/DevTest_g/t05_bugs_60_299217d6-98d1-4d1d-8068-883e89933845.xml.asp

From another site . i found this info and i quote!
0x0000008E: KERNEL_MODE_EXCEPTION_NOT_HANDLED
(Click to consult the online MSDN article.)
A kernel mode program generated an exception which the error handler didn’t catch. These are nearly always hardware compatibility issues (which sometimes means a driver issue or a need for a BIOS upgrade).

I would suggest not using beta program on your main machine !

two things i would disable with hijack ,it creates backups so you can enable them again if you wish .
just to see if it makes any difference some time programs created to speed up systems actuall use a lot of ram themself to do it .
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Asus Probe\AsusProb.exe
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe

So....what do you suggest me to do?, am I in a dead end, what do you think?

not sure really ,i have 6 svchost and one of them is using about 11.800 k

check this microsoft site http://support.microsoft.com/kb/314056
and do what it says to view the services running in svchost

did yo use the ccleaner mentioned in the post above ,use its issues section to fix registry ,say to to create backup

hi, download ,update and run this program .recan with hijack and post new log ,just save log in notepad and copy and past it into the post ,instead of the way you did the first one thanks ,
http://www.ewido.net/en/download/

Hello just copied you log to post to make it easyer to read .

Logfile of HijackThis v1.99.1
Scan saved at 7:18:04 AM, on 10/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\1145110146\ee\services\safetyCore\ver2_5_4_1\aolavupd.exe
C:\WINNT\system32\drivers\KodakCCS.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\MsPMSPSv.exe
C:\WINNT\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\McAfee.com\agent\McAgent.exe
C:\Program Files\Common Files\AOL\1145110146\ee\services\safetyCore\ver2_5_4_1\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1145110146\ee\aolsoftware.exe
C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Common Files\AOL\1145110146\ee\SSCEvtHdlr.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\Common Files\AOL\1145110146\ee\aolsoftware.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Netscape\Netscape Browser\netscape.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gatewaybiz.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\about.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpoofBHO Class - {07A78AEA-4A54-4967-9A60-4B68592D30C7} - C:\WINNT\se_spoof.dll (file missing)
O2 - BHO: ChangerBHO Class - {0D4C7057-EAD2-44C6-AD18-9092905F28F1} - C:\WINNT\system32\atmlibv.dll (file missing)
O2 - BHO: McBrwHelper Class - …

My son caught a nasty virus. Can't identify. I just want to reformat his c: and go on with life. However, this virus has made his a: unusable. If I put a boot disc in a: and start the machine, I get a message asking me to insert a bootable disc or select a different boot drive. I have tried more than one disc and have subsequently used the floppies to boot my own machine. Does this sound familiar to anyone?

try this first when boot his go the startup/bios and make sure that its set to boot to floppy first .in the boot section you should find it.
maybe a bad floopy drive ,easy to just take yours out and hook it to his temp,

Description:
svchost.exe is a system process belonging to the Microsoft Windows Operating System which handles processes executed from DLLs. This program is important for the stable and secure running of your computer and should not be terminated. http://windowsxp.mvps.org/svchost.htm
and yes it normal to have more than one i have 6 .

Hello ,log is clean !
HP computers do have a lot of stuff running at startup that is not necessary ,they are shown in the 04 section of the log ,you need to determin the one that are neccessary ,most aren't .and use hijackthis to disable them,like the one listed below just copy the exe in to google and search [like this , "HP Wireless Assistant.exe" with out the quotes ]it you should get info on wherther its need to run or just user choice.
This is what you shoud find with the search ,sometime it will be a different web site .
http://www.castlecops.com/s11875-hpWirelessAssistant.html
just use the search on this site ,check of to searck castle cop.

O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe"

ok, i came back to my PC to find a BSOD screen

Stop:0x00000024
(0x001902FE,0XBAEE54C,0XBAEEF248,0XF846ED2D)

NTFS.SYS
ADDRESS
F846ED7D 6YEATF844A000

DATE STAMP 41107EEA

i thinks thats pretty much exact

Thats what is needed to find solution ,search of the stop:0x00000024 i find this .
http://support.microsoft.com/Default.aspx?kbid=228888&sd=RMVP

Download trojan hunter trial run and post new log
http://www.misec.net/

Then run hijackthis again and fix any of the item below if they still exist.

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} -

C:\WINDOWS\system32\hoxrwbgf.dll

O2 - BHO: (no name) - {5A3E97DD-2A08-48BC-8F43-C0DEABC90266} - (no file)

O2 - BHO: (no name) - {873D6182-28AF-48AF-9955-2F831FFB0ACC} -

C:\WINDOWS\inf\lpaypm3.dll

O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - C:\WINDOWS\system32\ixt0.dll

(file missing)

Is this a site you want to be in the trusted zone.,If you ever see any domains or IP addresses listed here

you should generally remove it unless it is a recognizable URL such as one you use.

O15 - Trusted Zone: http://locator.cdn.imageservr.com

O20 - AppInit_DLLs: C:\WINDOWS\system32\smss.dll C:\WINDOWS\system32\explorer.dll

O20 - Winlogon Notify: ddccdca - ddccdca.dll (file missing)
O20 - Winlogon Notify: lpaypm3 - C:\WINDOWS\inf\lpaypm3.dll
O20 - Winlogon Notify: winerj32 - winerj32.dll (file missing)

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil

Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil

Software\Avast4\ashWebSv.exe" /service (file missing)

get the avg spyware i posted the link for it in post # 7 ,its a fully working 14 day free trial,run it,then run hijackthis and post a new log .
Not to disagree with Snowdog about the format and reload ,but that a time saver used by free phone tech support,lol, i see no reason to format just because of one nastie like mywebsearch !

the first site went rhtu all the steps, it was ez but i cant find the cable that fits the harddrive lol.
thnz cap, my problrem is solved

your welcome,good luck

..and the sweetest of them all is.. No Sounds.

lol ,you stole my comment!!

can you get into safe mode ,if so when you get in ,right click mycomputer/properties/advanced/ open the settings on the recovery section on the bottom and uncheck restart on errors or how ever its written ,and this should get you a bsod errror instead of restarting ,not the stop error # in the error report and post it back here ,that is if you can get into safe mode ,hit f8 on reboot to get to safe mode

defently some nastie stuff in the log ,likely came along with your install of msn messenger plus program .
I sugges a run of spybot ,then post a new hjt log .
http://fileforum.betanews.com/detail/Spybot_Search_and_Destroy/1043809773/1

if you do get to use hijackthis it is recomended that you unzip it to a folder of its own like c:\HJT, as you are running it from with in the zip folder .

hello again ,i move the thread to the virus fourm as that is where the hijackthis logs are to be posted ,i don't read logs anymore myself ,but do see abit in it , like the mywebsearch stuff .
see if you can download and run AVG antispyware tool free trial .
http://free.grisoft.com/softw/70free/setup/avg75free_428a818.exe

6 scvhost is the norm i think i know i have 6 running .

1-no real info on your problem ,my suggesting would be for you to go an gert another 512 of ram and add it !you'll be suprised!
2-also you say the cpu isn't overheating ,ram can overheat ,next time open case ground self and touch ram to see if its really hot.

reboot to safe mode and try scanning with nortons.
to get to safe mode hit f8 on reboot

Sorry about that my bad typing... I ment no other sound card installed.. or sound card controllers i can find

Ok, i read your other post in another thread and i under stand the problem now ,,the other thread was started in 2004,and it seem there was no answer then ,and im sorry i have no answer to the problem now,but someone else reading this might .driver compatible issue for sure i guess

My PC running Windows XP has been telling me it's been recovering from srious errors on startup for a few weeks now. I couldn't repair anything because it didn't tell me what was wrong.

Now my PC won't start. I get a black screen with white text telling me i have a missing or corrupt SYSTEM 32/SYSTEM CONFIG/SYSTEM file. Apparently that's the registry. I have inserted the Windows XP CD in the CD drive and restarted but there's no clue as to how to get to its contents.

I am supposed to press 'r' at the first screen to start repair. But there is no first screen. All I get is the same message over and over when I restart manually or press esc.

Is there something I can do to get the PC to look at the CD drive...or is that the wrong approach?

IMany thanks for any help!

put cdron drive ,boot computer ,do you hit a key when it says, hit any key to boot from cdrom. if you don't get that message then you may need to go into the bios to make sure its set to boot from cdrom first ,also if you have 2 cdrom in computer you need to put the cdrom in the master drive [first boot device],easy way to find what one is first is to just reboot with it in one drive [if nothing try other drive] drives .
anyway when you do get to to where you hit …

reboot computer ,hit the f8 key repeatedly as soon as computers starts to boot .untill you get the option to boot in safe mode ,if you get there click on administrator .when you get in to windows go to the control panel go t ousers ,and create a new account with admin rights ,give it a name ,reboot computer ,this should fix you problem ,if it doesent you have other issues ,

i can't find it

I just installed it also ,didn't find a scan at boot up ,but did find a task scheduler,it may be set for startup,also thought of this when install it ,in windows go to start /allprograms /startup /see if there is a icon for it in there if there is delete it ,this will stop it from running at startup

oh, just that I heard you can fix the mbr with http://www.bootdisk.com ???? oh yeah im building my own pc soon and am getting an xp disk then, then can i fix mbr on this??? and what is repair install? will it delete all my files?

Never used the 6 disk not sure if they do allow you to do things like fix mbr, ,but downloaded the file to created them, something else to play with .
the wwwbootdisk link takes you here ,http://support.microsoft.com/?kbid=310994 , should be able to use the new xp to fix the mbr on you machine as long as it a full version xp and the same version as the one you have on the machine now.and not a recovery winxp disk .like the ones from Dell and other makers.

Hello ,I don't use avg antivirus now but have and you should be able to uncheckscan at startup in the preferences of the program ,if you can't find it let me know .i will install it on my test computer after and see where its at ,is the scan started after windows opens or before windows opens .

xp cd needed to do a repair install !

ok just a fast update, i Turned off automatic Restart on system failure and the Blue screen reads " DRIVER_IRQL_NOT_LESS_OR_EQUAL"

the stop # is the most important part of the BSOD, like this part 0x00000009.[xxxxxxxxxx][xxxxxxxxxx][xxxx]

can any1 plz help me, i have tried 2 install mcafee security suite 2007 but it didn't install properly n now it won't uninstall. I don't have the folder named mcafee.com n it not in the add remove programs. I have tried 2 do system restore but that won't load n neither will my search. I'm runnin windows xp service pack 2, i have run out of websites 2 try n look 4 how 2 fix it.

Hello and welcome to Daniweb,first thing, please if you would ,this is a help fourn and not a chat room so i would like very much if you stop using the chat speak shortcuts ,thanks ,
Ok so it didn't install right the first time ,did you try re-installing it the second time .
If and it didn't work download ccleaner and run the issues section to remove dead issues in the registry,say yes to make registry backup.this may remove something from mcafe that is stoping the re-install.
Ccleaner.link ,check the screen shots on the site too.
http://www.filehippo.com/download_ccleaner/

This site should help you debug you problem .
Microsoft help site . http://msdn.microsoft.com/library/default.asp?url=/library/en-us/DevTest_g/hh/DevTest_g/t05_bugs_60_299217d6-98d1-4d1d-8068-883e89933845.xml.asp]

I was wondering is there any way to turn off complete test at startup:?:

assumming you mean the ram teast on boot up ,its may be changeable in the "BIOS" , not ,not all bios are the same though ,you may be able to change it .now if you mean some other programs complete test let me know ,also the name ans version #of the bios in you computer will help ,its at the top of the screen when you first turn the machine on.

I have the same problem when I upgraded to XP. I do not have volume controls on key board and another sound card on board... any possible fixes..thanx

Both may be releated ,
first though for me you need to explain what you mean by this ,
"and another sound card on board."

also get hijackthis, and post a log in the virus and spyware and other nastes section of this fourm .

Sorted this one out myself. Downloaded a program called winsockfix.exe.

great ,I came into this post to suggest winsock fix .

i like belarc to get windows key from working computer .and a lot more info http://www.belarc.com/free_download.html

cccleaner will fine and remove registry keys that no longer have software assoiated with them ,its free and will ask if you wish to cdreat regstry back up ,i use it all the time on my own and other computers that i fix. use the issues feature for regstry fixes
check screen shots on the page the link takes you to.
http://www.filehippo.com/download_ccleaner/

Looks like a Bos??
anyway ,have a look here, http://www.helpwithpcs.com/upgrading/install-hard-drive.htm
,2 types IDE and SATA harddrives,and here
http://www.waterwheel.com/Guides/how_to/magnetic_drives/magnetic_drives.htm

I would assume that after 3 formats ,it would be a hardware issuse and not a software one .you need to check you harddrive ,cpu your ram ,video card , basically everything .also fans ,heat problem.dirt in computer you name it ,

for ram test i suggest ramtest86 free on the net ,you harddrive manufactor will should have hdd tool on there site ,,

did you check yous event viewer for errors ,type this in RUN , eventvwr.msc

System Rstore doesn't put deleted files back!

When you say 'deleted' do you mean 'uninstalled'? What exactly did you do (i.e. how did you do it)?

What Make and model is your PC?

Off topic sort of ,Thats what i always thought to, the other day i was deleting file in a temp folder ,hit the back icon by mistake with out noticing ,then i hi-lighted and deleted the top 6 or 7 folders in the root of C:\ ,and deleted them of course i was holding down the shift key, so they didn't go to recycle bin ,did a system restore back to 2 days before ,and the folders &files all came back , i was supprised .

when do you get this error message ,after click what/or where??.
when i click on the wireless icon by the clock ,i get a popup ,to search for wireless conection ,i click connect ,it finds to wireless conection my own and my neighbours i then click connect on mine and im on .do you get to where you have to choose the wirelss you have setup on you linksys,and click connect .

if you use paint make sure when you save it that you change the file type from .bmp to .jpg format ,because the bmp will be to large to in post online fourms like this one .

My nephew bought a blaster audigy from tigerdirect.com
,open box ,of course no driver cd,we tried to download drivers from blaster site and get the same message it doesent reconize the card ,reason !! because the downlaod drivers are all updates and we need to have the orignals installed first !so we can't use the card as we cant find orignals anywhere on the net ,.

LOL ,you actually said that in the other post ,brain freeze .lol

thanks for the help guys, i managed to fix the problem using "Shellexview" an intel graphics shell was causing explorer to crash when the right click menu came up. i used to program to disable all non microsoft shell's then re-enabled them one at a time until i found what one was causing the problem.

Interesting ,never see that program before ,I scaned and have 230 different one in list ,how did you ever figure out what one was causing the problem

Hi,this is from the site im linking ,
==================
0x000000D1: DRIVER_IRQL_NOT_LESS_OR_EQUAL
(Click to consult the online Win XP Resource Kit article.)
The system attempted to access pageable memory using a kernel process IRQL that was too high. The most typical cause is a bad device driver (one that uses improper addresses). It can also be caused by caused by faulty or mismatched RAM, or a damaged pagefile.
===================
scroll way down near the bottom of the list for you bsod error .
http://www.aumha.org/win5/kbestop.php

is it the same with all destop pictures ,like the winxp default ones