1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Blue screens & hanging

Discussion in 'Earlier Versions of Windows' started by juerobtum, Sep 27, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. juerobtum

    juerobtum Thread Starter

    Joined:
    Aug 7, 2003
    Messages:
    10
    I have had various problems with my computer this week. It has started to have programs not responding, blue screens, had internet problems,e-mail problems. NAV has stop working all together! Can anyone help please. here is my hijack log:

    Logfile of HijackThis v1.96.0
    Scan saved at 12:07:55, on 27/09/2003
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\SSDPSRV.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\LEXBCES.EXE
    C:\WINDOWS\SYSTEM\SXGTKBAR.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\PROGRAM FILES\SOPHOS SWEEP\ICMON.EXE
    C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\WINDOWS\TEMP\ICSUPP95.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\SLLIGHTS.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
    C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.tesco.net/search
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgin.net/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by TescoNet
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Use Custom Search URL = 
    O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [LexStart] Lexstart.exe
    O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
    O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [SxgTkBar] SxgTkBar.exe
    O4 - HKLM\..\Run: [InterCheckMonitor] "C:\PROGRAM FILES\SOPHOS SWEEP\ICMON.EXE" -minimised
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\RunServices: [Sweep95] C:\Program Files\Sophos SWEEP\ICLOAD95.EXE
    O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37884.641875
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
     
  2. TheJoost

    TheJoost

    Joined:
    Sep 18, 2003
    Messages:
    110
    Hi, Have you already run anti-virus, spyware\malware checker, emptied temp. files, temp. internet files, run scan disk, disk cleanup, defragger, etc?:confused:
     
  3. Rache

    Rache Banned

    Joined:
    Sep 30, 2002
    Messages:
    1,398
    ... plus TOTAL uninstall of NAV (the symatec way) then reinstall.
     
  4. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Both these Running Processes puzzle me.

    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\WINDOWS\TEMP\ICSUPP95.EXE

    The first is unusual to see in WinME as it is normally a "service" associated with "NT" based systems, but I have seen it in some WinME configurations -- I presume because they are configured in some remote administration type setup.

    The second raises a red flag, not because the file name is odd, it is associated with Sophos, but because it is starting out of a TEMP directory, which is NEVER a proper place for a routine startup or process. Something must be wrong with the Sophos installation.

    The easiest way to address this, without a lot of second guessing, might just be to use WinME's System Restore capabability and go back a couple of weeks or so to before when this started happening.

    I would recommend starting up in Safe Mode to run System Restore if you choose that option.

    http://support.microsoft.com/default.aspx?scid=kb;EN-US;267951

    To start in Safe Mode, press and hold the ctrl key promptly after restarting and select from the Boot Menu.
     
  5. juerobtum

    juerobtum Thread Starter

    Joined:
    Aug 7, 2003
    Messages:
    10
    I've do scan disc, disc clean up, defrag & spybot about once a month if not more often. I've tried to unistall NAV but my system says something about an intergrater! or file not installed. Tried system restore and it won't go back any further than 21/09/03 which is about when i had trouble!!
     
  6. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    My recommendation then would be this. Uninstall the Sophos antivirus program temporarily. Reboot and delete the contents c:\windows\temp to flush that file out of there.

    Next, run msconfig and click on the Startup tab. Leave only the following items checked:

    [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun

    [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
    [SystemTray] SysTray.Exe
    [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe

    This will be a test configuration. Be VERY careful about your e-mail and browsing during this period as you will have NO antivirus protection.

    See how the system runs. You will not have scanner support with stimon.exe unchecked, so if you need that immediately you will have to check it.

    I see no indication of NAV in the startups, so it does not look like it was ever properly installed (unless you unchecked the items in msconfig).

    You can try their removal utility if it cannot be uninstalled through Add/Remove programs.

    http://service1.symantec.com/SUPPOR...sf&view=docid&dtype=&prod=&ver=&osv=&osv_lvl=


    AND if you get any blue screens, please note and post exactly any modules and error addresses mentioned.
     
  7. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/167796

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice