abpowell
asked on
Could it be MSBLAST or just Content Watch
I am getting a string of auto shutdowns due to RPC automatic shutdown authorized by NT/system(?). I can't find MSBLAST in my processes so it could be Content Watch. However, it seems to have disabled my virus protection and system mechanic. Here is how it started. CW said my password was invalid when I tried to uninstall and I KNOW it was not. Tried several time. So I just found all the files and deleted/terminated them. Wrong thing to do I guess. Now I keep showing some cwcptray error. I disabled it from startup and now my computer just goes into diagnostic mode and I don't have internet access. How do I get this off my startup list in MSCONFIG (in XP PRO) and get my system stable and running fast again. I was great before. Just got it a month ago and I've got an MSI K8N Diamond motherboard, AMD Dual Core Processor, 4 Gigs (or according to Windows 3 gigs) of RAM. Dual Geforce 7900 GT graphics cards with SLI link. It was great. Now it's all messed up. HELP!! I did some research and think I could have the MSBLAST worm. But I've also read where content watch could cause some of the same problems. I can't access the internet from that computer now so I'm left with trying to find the answers here at work and go back with a "to do" list which may make solving this issue more difficult. However, I did spend about 4 hours last night trying to get it fixed in every mode possibles so I should be able to answer most questions not relating to the existence of a specific file. I even went into regedit to try to delete the file from there but I couldn't find it. I searched the path it showed in msconfig (and did delete the file). Nowhere to be found in regedit. I'm not against reinstalling anything, I just want my speed and stability back.
1. To fix the internet connection on the infected machine download WinsockFix(using another machine and usb flash drive)
Download and run winsockFix:
http://www.majorgeeks.com/download4372.html
2. Let us look at your Hijackthis log.(the log can give us much info)
Please download HijackThis 1.99.1
http://www.cyberanswers.org/forum/uploads/HijackThis1991.exe
Open Hijackthis, click "Do a system scan and save a logfile" don't fix anything.
Notepad will also open, copy its contents and paste it to either of these sites:
http://www.rafb.net/paste/
then at the bottom left corner click "paste"
Copy the address/url and post it here:
Or paste the log at --> http://www.hijackthis.de/
and click "Analyse", click "Save". Then post the link to the saved list here.
Download and run winsockFix:
http://www.majorgeeks.com/download4372.html
2. Let us look at your Hijackthis log.(the log can give us much info)
Please download HijackThis 1.99.1
http://www.cyberanswers.org/forum/uploads/HijackThis1991.exe
Open Hijackthis, click "Do a system scan and save a logfile" don't fix anything.
Notepad will also open, copy its contents and paste it to either of these sites:
http://www.rafb.net/paste/
then at the bottom left corner click "paste"
Copy the address/url and post it here:
Or paste the log at --> http://www.hijackthis.de/
and click "Analyse", click "Save". Then post the link to the saved list here.
Since your system is only a month old, I would guess that you don't have too many important files on there yet. If so, I would suggest backing up any useful files (including documents, pictures, email etc.) to a USB device or CD and then doing a clean restore of your system from the system restore CD.
If the manufacturer did not provide a system restore CD, then you'll have to do a resformat and install from the Windows XP CD. But be sure you have the drivers and model numbers for important parts of your PC, namely the video card, network card, audio card etc.
In each of the above cases you'll then have to reinstall applications etc. Backing up personal files first is crucial.
If you'd rather not do that, or don't have the proper restore/install CD's, then we can try to get it working as is. It will be a bit tricky since you have lost network access and have to communicate from the office, but we can try.
I am not very familiar with Content Watch, but you could try calling their tech support and maybe they can walk you through the steps for getting the network working again. If that doesn't work or isn't an option, then I suggest you get LSPfix from http://www.cexx.org/lspfix.htm and run that and see if the network starts to work. Also get Winsock Fix from http://www.spychecker.com/program/winsockxpfix.html in case LSPfix is not able to fix it.
What brand/model PC is this?
If the manufacturer did not provide a system restore CD, then you'll have to do a resformat and install from the Windows XP CD. But be sure you have the drivers and model numbers for important parts of your PC, namely the video card, network card, audio card etc.
In each of the above cases you'll then have to reinstall applications etc. Backing up personal files first is crucial.
If you'd rather not do that, or don't have the proper restore/install CD's, then we can try to get it working as is. It will be a bit tricky since you have lost network access and have to communicate from the office, but we can try.
I am not very familiar with Content Watch, but you could try calling their tech support and maybe they can walk you through the steps for getting the network working again. If that doesn't work or isn't an option, then I suggest you get LSPfix from http://www.cexx.org/lspfix.htm and run that and see if the network starts to work. Also get Winsock Fix from http://www.spychecker.com/program/winsockxpfix.html in case LSPfix is not able to fix it.
What brand/model PC is this?
ASKER
RPGGamerGirl.....I hope you can get me out of this one. Here you go:
http://www.rafb.net/paste/results/BN9b1I69.html
and
http://www.hijackthis.de/#anl
I tried reinstalling Windows XP. Now if I turn my computer on it just cycles off and on. Goes into Windows, shutsdown and restarts again and again unless I take it to safe mode where now niether one of DVD drives are showing up on my computer or my second internal hard drive. My external hard drive is showing up however. I AM LOST!!! HELPPP!!!
http://www.rafb.net/paste/results/BN9b1I69.html
and
http://www.hijackthis.de/#anl
I tried reinstalling Windows XP. Now if I turn my computer on it just cycles off and on. Goes into Windows, shutsdown and restarts again and again unless I take it to safe mode where now niether one of DVD drives are showing up on my computer or my second internal hard drive. My external hard drive is showing up however. I AM LOST!!! HELPPP!!!
ASKER
or try this for the hijackthis site
http://www.hijackthis.de/logfiles/eb4ae2e2719c22965c005402fb9df123.html
I can't take much more. I started all this about a month ago just trying to get a system that would work for home video editing. I was using Pinnacle Studio. It still crashes. It's been one thing after another. Countless nights up till 2:00 or 3:00. My wife is about to kill me because I'm spending all my time trying to fix this stupid thing instead of helping with our 6 young kids.
http://www.hijackthis.de/logfiles/eb4ae2e2719c22965c005402fb9df123.html
I can't take much more. I started all this about a month ago just trying to get a system that would work for home video editing. I was using Pinnacle Studio. It still crashes. It's been one thing after another. Countless nights up till 2:00 or 3:00. My wife is about to kill me because I'm spending all my time trying to fix this stupid thing instead of helping with our 6 young kids.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I'll give that a go.
As far as accepting your post, well I'm obviously new at this so I didn't know what to do. I was working with the content of your post so I awarded you the points. Your post was the most helpful. You do have my permission to open up the thread.
A question on the posted log of my computer. Does that pose any type of security risk to put that out there?
As far as accepting your post, well I'm obviously new at this so I didn't know what to do. I was working with the content of your post so I awarded you the points. Your post was the most helpful. You do have my permission to open up the thread.
A question on the posted log of my computer. Does that pose any type of security risk to put that out there?
ASKER
Also you seemed the most knowledgable, I just looked at the hall of fame on here. WOW. You are good. Thanks for all your help.
ASKER
That probably would have worked if I hadn't tried to fix things myself earlier. Fixed all those items in HiJackthis. Still continuous loop on startup. (shutdown-restart......) Still no disk drives showing up. This probably happened when I reinstalled windows I thought I had all the drivers reinstalled too. I've tried inserting the disk but still nothing. I get a green light like its trying to read but nothing happens. Also, my second hard drive still not showing up either. I've also tried "add new hardware" but the computer did find them and I couldn't figure out how install the drives manually when windows asks for a disk but doesn't even recognize your disk drives. ???
Overall, still at the same spot as yesterday
Overall, still at the same spot as yesterday
Thanks for the compliments! that's so nice of you, :)
>>A question on the posted log of my computer. Does that pose any type of security risk to put that out there?<<
No, because what's mainly showing in the log are programs installed in your pc, almost everyone has same programs in their pc (the only security risk entries if it can be considered that) is where you saved hijackthis.exe and the 017 entry. And even if 017 entries are showing e.g. below:(it's very minimal)
O17 - HKLM\System\CCS\Services\T
that tells them who's your ISP. I noticed you took off yours :)
(also that site where you uploaded the log only keeps the log for few days)
The Hijackthis link that I always give installs and runs hijackthis.exe in the program files folder so it won't show your "user profile"
Here is an example of an improper running folder in XP/2000 that shows the user's name:
C:\Documents and Settings\Alex de Luca\Local Settings\Temp\HijackThis.e
C:\Documents and Settings\Michael\Desktop\P
C:\Documents and Settings\Gilbert Sullivan\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.
>>A question on the posted log of my computer. Does that pose any type of security risk to put that out there?<<
No, because what's mainly showing in the log are programs installed in your pc, almost everyone has same programs in their pc (the only security risk entries if it can be considered that) is where you saved hijackthis.exe and the 017 entry. And even if 017 entries are showing e.g. below:(it's very minimal)
O17 - HKLM\System\CCS\Services\T
that tells them who's your ISP. I noticed you took off yours :)
(also that site where you uploaded the log only keeps the log for few days)
The Hijackthis link that I always give installs and runs hijackthis.exe in the program files folder so it won't show your "user profile"
Here is an example of an improper running folder in XP/2000 that shows the user's name:
C:\Documents and Settings\Alex de Luca\Local Settings\Temp\HijackThis.e
C:\Documents and Settings\Michael\Desktop\P
C:\Documents and Settings\Gilbert Sullivan\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.
ASKER
I didn't take off my ISP on purpose. Probably another symptom of trying to reinstall windows xp. Not all my hardware/drivers are showing up. I did not uninstall first I just ran install again. A lot of programs ask whether you want to uninstall or repair the files when you do that so I assumed windows would do the same. It didn't, but it also didn't act like it would be a problem (except for my video drivers dual GeForce 7900 GTOC with SLI link) because they were not Windows certified or something like that.
ASKER
BTW....should I take this out of Virus and into another section? I couldn't find Idiot Newbies on the list so if so please suggest which section.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Since this problem is more like hardware/software than viruses, you might like to close this one and post a new Question on other Topic Areas like XP etc.
Closing Questions:
https://www.experts-exchange.com/help.jsp#hs5
Or you could also post a 20 pts pointer in other Topic Area pointing to them to here.
Here's EE sitemap:
https://www.experts-exchange.com/siteMap.jsp
Closing Questions:
https://www.experts-exchange.com/help.jsp#hs5
Or you could also post a 20 pts pointer in other Topic Area pointing to them to here.
Here's EE sitemap:
https://www.experts-exchange.com/siteMap.jsp
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
R-K - I tried the LSPFix and Winsock fix. Problem still there. I can start in safe mode and safe mode with network access.
I don't know if this tells you anything but windows shuts down when the initial "Windows XP Screen" comes up and the blue "bar", that goes back and forth to tell you windows is working, get about 3/4 away across the first time across.
Everything appears to boot correctly but then when that blue bar gets moving windows shuts down, restarts, etc......
I had everything backed up too but now I cannot access many backup files. I was able to "recover" over 120 *.exe files. They are now sitting in my external hard drive. I was going to try to post that list but I can't figure out how to copy just the text of the list. It's too large for a screen shot and any attempt to copy tries to copy the file.
Most of the files look like A031974 but, I've also recovered winlogon, a few setup files, ntbackup, regedit, mobsync, services, rundll32 and others that look important but I don't to run anything that will mess things up any further. I obviously got here by doing things I shouldn't have because I don't know what I'm doning. I will be working from home today so I can communicate via my laptop. While working on my desktop.
Also, when looking at startup in msconfig it looks like I'm missing a lot of files. Is that what the repairs above are about.?
I don't know if this tells you anything but windows shuts down when the initial "Windows XP Screen" comes up and the blue "bar", that goes back and forth to tell you windows is working, get about 3/4 away across the first time across.
Everything appears to boot correctly but then when that blue bar gets moving windows shuts down, restarts, etc......
I had everything backed up too but now I cannot access many backup files. I was able to "recover" over 120 *.exe files. They are now sitting in my external hard drive. I was going to try to post that list but I can't figure out how to copy just the text of the list. It's too large for a screen shot and any attempt to copy tries to copy the file.
Most of the files look like A031974 but, I've also recovered winlogon, a few setup files, ntbackup, regedit, mobsync, services, rundll32 and others that look important but I don't to run anything that will mess things up any further. I obviously got here by doing things I shouldn't have because I don't know what I'm doning. I will be working from home today so I can communicate via my laptop. While working on my desktop.
Also, when looking at startup in msconfig it looks like I'm missing a lot of files. Is that what the repairs above are about.?
OK to start if it starts shutting down and you get the timer quickly goto start then run and type shutdown -a to abort the shutdown or start run cmd then in the box type shutdown -a. To keep it from shutting down after that goto start run type services.msc scroll down to remote procedure call (rpc) double click it and goto the recovery tab from there change all the failures to take no action and press ok. Now you will no longer restart and have time to find the problem. Run this patch just to see if your just not updated http://www.microsoft.com/downloads/details.aspx?FamilyId=2354406C-C5B6-44AC-9532-3DE40F69C074&displaylang=en Next step look in the event log for any clues all the files you are stating you found in you system folder are system files and should be left alone. Next check your device manager for some clues. Your computer will not connect to the internet until you fix this rpc error
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I would be willing to bet it adds a service that is messing with your rpc because it cant find the exe files its looking for because you deleted them.
ASKER
The RPC shutdown is not the problem right now. I can't even get back to that point. I messed things up even worse trying to fix that originally. I have found backup registries, should I try to restore?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
OK slow down so what is it doing now going straight into safe mode goto start run and under the general tab make sure it is set to normal startup and then press ok and reboot this should get you back into regular windows. Then do what i said about the services thing.
oops sorry start run msconfig and under the general tab
before reinstalling or repairing I think i can get you back going
try to find that service and what do you mean your missing alot of files those repairs just set the registry back to default settings how are you missing files?? why are you moving files out of the system folder??? can you get to safe mode Please explain what you can and cannot do right now.
ASKER
I used hijack this to remove all remaining references to content watch
ok well what you did not get was the service it used as i stated can you access safe mode?
>>I would be willing to bet it adds a service that is messing with your rpc because it cant find the exe files its looking for because you deleted them.<<
Yes, files were already missing from the ContentWatch services and startup, that's why it was showing those errors and fixing the relevant entries in hijackthis would've removed the error.
abpowell,
Try reinstalling ContentWatch and let's hope it fixes it.
Yes, files were already missing from the ContentWatch services and startup, that's why it was showing those errors and fixing the relevant entries in hijackthis would've removed the error.
abpowell,
Try reinstalling ContentWatch and let's hope it fixes it.
rpg what im getting at is all he has to do is disable the service and all should be well again you see what i mean
OOps, so many posts I missed to read sorry.
>>rpg what im getting at is all he has to do is disable the service and all should be well again you see what i mean<<
Didn't he already did that?
Fixing those 023 ContentWatch service will stop and disable the service, and Hijackthis deleted the NT service -->"CwCpSvc20"
In my second post.
Didn't he already did that?
Fixing those 023 ContentWatch service will stop and disable the service, and Hijackthis deleted the NT service -->"CwCpSvc20"
In my second post.
sometimes hijack this is unable to disable or delete a service the bar freezing the boot is the time when drivers and services are being loaded thats why i was going to have him check in msconfig to be sure that the service was gone.
ASKER
Well I tried to reinstall ContentWatch. But I need an internet connection to do so. Aren't I supposed to be able to get access in Safe Mode? Anyway, it reinstalled some files but not all. However, I now the two showing back up in startup and one in processes. I'm not sure I ever delected the processes file.
When you start in "Safe Mode with Network Access", does your network not work?
ASKER
Redid same deletes from HiJackThis as above......
MSCONFIG shows nothing from ContentWatch or Content Protect anymore
Where to now?
MSCONFIG shows nothing from ContentWatch or Content Protect anymore
Where to now?
ASKER
I can't figure out how. I'm running my laptop off the wireless router so I know the connection is there but something is not right because I cannot connect.
ASKER
I just got off the phone with content protect tech support. They were able to help me get everything off there were still some files remaining. They also took me through the correct uninstall path so everything should have been fine....Except, I've messed up something esle along the way....still no solution
ASKER
Thanks all I've moved the thread over to OS for my new problems
https://www.experts-exchange.com/questions/21892986/XP-Pro-in-continuous-shutdown-restart-cycle-after-reinstall-Also-won't-recognize-disk-drives.html
Please come visit and help me finish this thing off.
https://www.experts-exchange.com/questions/21892986/XP-Pro-in-continuous-shutdown-restart-cycle-after-reinstall-Also-won't-recognize-disk-drives.html
Please come visit and help me finish this thing off.
(or according to Windows 3 gigs) of RAM - does your MB support 4GB (maybe only 3gb)?
It does sound like a virus may have caused the initial issues.
Have you tried System Restore?