Blue screens & hanging

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

juerobtum

Thread Starter
Joined
Aug 7, 2003
Messages
10
I have had various problems with my computer this week. It has started to have programs not responding, blue screens, had internet problems,e-mail problems. NAV has stop working all together! Can anyone help please. here is my hijack log:

Logfile of HijackThis v1.96.0
Scan saved at 12:07:55, on 27/09/2003
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\SXGTKBAR.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\SOPHOS SWEEP\ICMON.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\TEMP\ICSUPP95.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SLLIGHTS.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.tesco.net/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgin.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by TescoNet
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Use Custom Search URL = 
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [SxgTkBar] SxgTkBar.exe
O4 - HKLM\..\Run: [InterCheckMonitor] "C:\PROGRAM FILES\SOPHOS SWEEP\ICMON.EXE" -minimised
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [Sweep95] C:\Program Files\Sophos SWEEP\ICLOAD95.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37884.641875
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
 
Joined
Sep 18, 2003
Messages
110
Hi, Have you already run anti-virus, spyware\malware checker, emptied temp. files, temp. internet files, run scan disk, disk cleanup, defragger, etc?:confused:
 

Rache

Banned
Joined
Sep 30, 2002
Messages
1,398
... plus TOTAL uninstall of NAV (the symatec way) then reinstall.
 
Joined
Dec 9, 2000
Messages
45,855
Both these Running Processes puzzle me.

C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\TEMP\ICSUPP95.EXE

The first is unusual to see in WinME as it is normally a "service" associated with "NT" based systems, but I have seen it in some WinME configurations -- I presume because they are configured in some remote administration type setup.

The second raises a red flag, not because the file name is odd, it is associated with Sophos, but because it is starting out of a TEMP directory, which is NEVER a proper place for a routine startup or process. Something must be wrong with the Sophos installation.

The easiest way to address this, without a lot of second guessing, might just be to use WinME's System Restore capabability and go back a couple of weeks or so to before when this started happening.

I would recommend starting up in Safe Mode to run System Restore if you choose that option.

http://support.microsoft.com/default.aspx?scid=kb;EN-US;267951

To start in Safe Mode, press and hold the ctrl key promptly after restarting and select from the Boot Menu.
 

juerobtum

Thread Starter
Joined
Aug 7, 2003
Messages
10
I've do scan disc, disc clean up, defrag & spybot about once a month if not more often. I've tried to unistall NAV but my system says something about an intergrater! or file not installed. Tried system restore and it won't go back any further than 21/09/03 which is about when i had trouble!!
 
Joined
Dec 9, 2000
Messages
45,855
My recommendation then would be this. Uninstall the Sophos antivirus program temporarily. Reboot and delete the contents c:\windows\temp to flush that file out of there.

Next, run msconfig and click on the Startup tab. Leave only the following items checked:

[ScanRegistry] C:\WINDOWS\scanregw.exe /autorun

[PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
[SystemTray] SysTray.Exe
[*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe

This will be a test configuration. Be VERY careful about your e-mail and browsing during this period as you will have NO antivirus protection.

See how the system runs. You will not have scanner support with stimon.exe unchecked, so if you need that immediately you will have to check it.

I see no indication of NAV in the startups, so it does not look like it was ever properly installed (unless you unchecked the items in msconfig).

You can try their removal utility if it cannot be uninstalled through Add/Remove programs.

http://service1.symantec.com/SUPPOR...sf&view=docid&dtype=&prod=&ver=&osv=&osv_lvl=


AND if you get any blue screens, please note and post exactly any modules and error addresses mentioned.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top