1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

needed help with Windows ME

Discussion in 'Earlier Versions of Windows' started by lostinpcland, Sep 6, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. lostinpcland

    lostinpcland Thread Starter

    Joined:
    Sep 6, 2004
    Messages:
    16
    Hi!!

    We're errrr.. lost with all this pc stuff, so please bear with us. Our pc in question has Windows ME, Pentium 4, 128MB RAM, 60GB HD.

    We encounter the Blue Screen of Death at any given time and for any reason and freeze the pc, causing the need for rebooting.

    Last week, we ran Ad-Aware Pro and it said: WARNING AN ATTEMPT TO ALTER A PROTECTED OBJECT HAS BEEN DETECTED(attempt to add a registry value).
    Root HKEY_LOCAL_MACHINE
    KEY: SOFTWARE\mICROSOFT|Windows|current Version|Run
    Value: AVGCtrl

    Ad-Aware also stated: New date "C\PROGRA~1\AVPERS~1\AVGCTRLEXE"/min

    We don't run AVG on that pc (we run MacAfee- paid version), so we figured that's what the AVGCtrl dealt with & blocked it... oops?

    The other warning Ad-Aware gave was:
    Root HKEY_CURRENT_USER
    KEY: Software\microsoft\internet explorer\main
    Value: Start page
    Data http://www.ebay.co.uk/
    new Data http://runonce.msm.com/

    We upgraded IE6 a month ago, so blocked the http://runonce.msm.com/ and ran Ad-Aware and everything was clean after those two blocks.

    Now, on that pc, we cannot access msn messenger unless everyday, we uninstall messenger, reboot, reinstall it. We have to do this a few times throughout the day (quite slow on dial-up).

    I know this sounds petty, but it does infringe on our work with online business.

    We will record the information about the blue screen errors as we get them.

    I've seen people mentioning Hijackthis..? Will this help us to gather appropriate data for you about the pc with Windows ME to find out what problems are there?

    Thanks for your time. Any thoughts will be appreciated.

    Regards,

    Dippy & Dingy :D
    ----------
    Update of info:

    We just got these error messages:

    Error code: 0x81000370

    We were then chose the option to troubleshoot and it replied that It was unable to troubleshoot our pc.

    Upon rebooting, we were hit with the BSoD in which an Error has occurred 06:00:28 FF0E5EBC

    With the next reboot came this scripting error (we think): Internet Explorer, Line 64, Character 1, Error: SUIH is undefined, Code: 0, URL FICE(?)\\ C:/windows/application data/microsoft/internet explorer (we didn't get the rest)

    -----
    We hope this additional information helps someone to help us with these issues.

    Thank you!!

    Peace
     
  2. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
  3. lostinpcland

    lostinpcland Thread Starter

    Joined:
    Sep 6, 2004
    Messages:
    16
    Thank you, JSntgRvr!! :)

    We will d/l & install those programs today & post the log as soon as we can (hopefully today). (y)

    Thanks again & Have a Great Day!!

    Dippy & Dingy :D
     
  4. lostinpcland

    lostinpcland Thread Starter

    Joined:
    Sep 6, 2004
    Messages:
    16
    Hello again, JSntgRvr....

    We classify ourselves as pc illiterate... :D If you can help us, please explain in very simple terms for us :D Thanks!!!

    Here's the Hijack This log:

    Logfile of HijackThis v1.97.7
    Scan saved at 16:50:38, on 08/09/2004
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\SSDPSRV.EXE
    C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
    C:\WINDOWS\SYSTEM\MDM.EXE
    C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVSYNMGR.EXE
    C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSSTAT.EXE
    C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSHWIN32.EXE
    C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVCONSOL.EXE
    C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\WEBSCANX.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
    C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\ALOGSERV.EXE
    C:\PROGRAM FILES\TEXTBRIDGE CLASSIC 2.0\BIN\INSTANTACCESS.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
    C:\WINDOWS\SYSTEM\LVCOMS.EXE
    C:\FREESERVE\FREESERVECONNECTIONKIT\ATDIALLER1.EXE
    C:\WINDOWS\SYSTEM\QTTASK.EXE
    C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
    C:\WINDOWS\SYSTEM\E_S10IC2.EXE
    C:\PROGRAM FILES\MICROSOFT HARDWARE\KEYBOARD\TYPE32.EXE
    C:\WINDOWS\SYSTEM\INTELCDX.EXE
    C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\INSTANT UPDATER\RULAUNCH.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\BIGFIX\BIGFIX.EXE
    C:\PROGRAM FILES\ULEAD SYSTEMS\ULEAD PHOTO EXPRESS 2 SE\CALCHECK.EXE
    C:\PROGRAM FILES\FINEPIXVIEWER\QUICKDCF.EXE
    C:\WINDOWS\START MENU\PROGRAMS\STARTUP\PUSH6599.EXE
    C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
    C:\MY DOCUMENTS\INTERNET DOWNLOADS\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.freeserve.com/iesearch/default.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.co.uk/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://www-cache.freeserve.com:8080;ftp=http://www-cache.freeserve.com:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local>
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = iexplore
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
    O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
    O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\BIN\INSTAN~1.EXE /h
    O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
    O4 - HKLM\..\Run: [LVComs] C:\WINDOWS\SYSTEM\LVComS.exe
    O4 - HKLM\..\Run: [MicroDialler] C:\Freeserve\FreeserveConnectionKit\atdialler1.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\SYSTEM\E_S10IC2.EXE /P23 "EPSON Stylus C64 Series" /O5 "LPT1:" /M "Stylus C64"
    O4 - HKLM\..\Run: [EPSON Stylus C64 Seri (Copy 2)] C:\WINDOWS\SYSTEM\E_S10IC2.EXE /P30 "EPSON Stylus C64 Seri (Copy 2)" /O5 "LPT1:" /M "Stylus C64"
    O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
    O4 - HKLM\..\Run: [IntelSMAPL] IntelCdx.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evxx.exe
    O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
    O4 - HKLM\..\RunServices: [McAfeeVirusScanService] C:\Program Files\McAfee\McAfee VirusScan\AVSYNMGR.EXE
    O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
    O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
    O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\INSTANT UPDATER\RuLaunch.exe" /STARTMONITOR
    O4 - HKCU\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\SYSTEM\E_S10IC2.EXE /P23 "EPSON Stylus C64 Series" /M "Stylus C64" /EF "HKCU"
    O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
    O4 - Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
    O4 - Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
    O4 - Startup: PUSH6599.EXE
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct0_x.cab
    O16 - DPF: Yahoo! Reversi - http://download.games.yahoo.com/games/clients/y/rt0_x.cab
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potb_x.cab
    O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt0_x.cab
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
    O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
    O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.com/games/clients/y/fltt1_x.cab
    O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - https://register.btopenworld.com/templates/btwebcontrol.cab
    O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/UK/install.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
    O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.141/code/PWActiveXImgCtl.CAB
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
    O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab


    Sincerely,

    Dippy & Dingy :D
     
  5. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    You have too many programs running in the background. I suggest you Run Msconfig and deselect all programs listed in the Startup tab except for systray, Scan Registry and those related to McAfee VirusScan. The rest are either not necessary or user defined, meaning, "it is up to you". These programs occupy a large space in your RAM and contribute to these error messages as well as a bad performance. After you have done this, let us know any changes in performance.
     
  6. lostinpcland

    lostinpcland Thread Starter

    Joined:
    Sep 6, 2004
    Messages:
    16
    Hello JSntgRvr & thank you for replying so quickly.

    When we unchecked those boxes, except for the ones you recommended to leave checked, many items disappeared from our toolbar... including our firewall. We went back into msnconfig & cannot find where to check for our firewall.

    We also found the folliwing in there... are all these safe to uncheck?


    PCHealth
    Task monitor
    Load power profile
    AtiPTA
    instant access
    Register Drop Handler
    Load QM
    PE2CKFNT SE
    InCD
    REGSHAVE
    SmcService
    LVComs
    MicroDialer
    IntelSMAPL
    Scheduling Agent
    SSDPSRV
    StateMgr
    PUSH6599

    Thank you for all your time!!!

    Sincerely,

    Dippy & Dingy :D
     
  7. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    PCHealth N pchschd.exe This is a "scheduler" and does not turn off PC Health. For more information refer here :

    http://groups.google.com/groups?q=P...l=en&[email protected]&rnum=1

    TaskMonitor, User defined, taskmon.exe. The Task Monitor checks the disk-access patterns of programs when they are started and stores this information in log files in the Applog folder. Task Monitor also records the number of times you use a program. The Disk Defragmenter tool uses this information to optimize your hard disk so that programs that you use frequently are loaded faster. Not required - but can be useful. Note: for Norton Anti-Virus 2002 users, loading TaskMonitor will typically solve many, if not most, of those annoying IE scripting errors (per Symantec's Knowledgebase)

    Load power profile. This program was developed for notebooks. If you have a PC, is not necessary.

    AtiPTA, or AtiPTAAA, or atiptaxx User defined, Ati2ptxx.exe, Atiptaxx.exe Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settings

    Instant Access, rundll32.exe EGDHTML_1023.dll, InstantAccess Adult content dialler related

    Register Drop Handler, I find no record on this program.

    LoadQM U loadqm.exe Installed with MSN Explorer and loads the MSN Queue Manager. Required to enable the WU AutoUpdate feature. Note that disabling this can sometimes prevent internet sharing working on Win2K Pro SP2. Reports also suggest that removing it will re-enable internet access - hence the "users choice" recommendation. If you have problems leave it, otherwise I recommend you disable it.

    Pe2ckfnt SE N chkfont.exe Used to check whether the fonts are installed properly on your computer or not for a scanner. If you don't want to execute it, you can uncheck it in the startup menu

    InCD N incd.exe Ahead InCD packet writing software. Similar to DirectCD. On my system there isn't an entry, on another visitor's there is. Run manually before insert an appropriately formatted CD-RW disk

    RegShave N regshave.exe Part of the USB driver for your Fuji digital cameras - used when uninstalling the USB drivers, erasing all entries from the registry. Only required BEFORE attempting to uninstall the Fuji software or the uninstall may not work correctly

    smc or SMC Service or SmcServices Y smc.exe spfsmc.exe Sygate Firewall (Is this whats missing?) If it is, you may select it.

    LVComs U lvcoms.exe Lvcomm server. Related to Logitech Quick Cam - works fine without it but it is needed for the Logitech ImageStudio software to connect to the camera. If you have a logitech camera, select it.

    MicroDialer. I find no record for this program but, since seems to be a dialer, deselect it.

    IntelSMAPL, I find no record of this program.

    SchedulingAgent U mstask.exe, mstinit.exe MS Scheduling Agent displayed as a box with a stopwatch in the System Tray that is only needed if you have regular scheduled disk defragmenting, ScanDisk, etc. Required if you have regularily scheduled events such as weekly virus scans. I have always kept it deselected.

    SSDPSRV N ssdpsrv.exe Simple Service Discovery Protocol (SSDP) and General Event Notification Architecture (GENA) services for network plug and play functionality. Starts up a web server on port 5000. Used by Universal Plug and Play (for network device discovery). To remove this program, open Add/Remove Programs, select either Communications (Me) or Networking Services (XP), and remove the checkmark next to Universal Plug and Play . Not necessary.

    StateMgr Y statemgr.exe Windows ME default for System Restore. Do NOT disable!

    PUSH6599 N PUSH6599.EXE Scan button monitor for Relysis Episode MF6599 USB scanner as you can start scanning manually via the scanning software

    Except for the firewall and the StateMgr, I feel all others are "User's Choice" and unnecessary. I hope the information above helps.
     
  8. lostinpcland

    lostinpcland Thread Starter

    Joined:
    Sep 6, 2004
    Messages:
    16
    Howdy JSntgRvr!

    Thank you for all that researching info you did for us!! Much appreciated! *Cheers*

    We went through each of those on that pc and unclicked the ones we didn't need to be checked (like ya said- almost all of them! haha). We had to uninstall & reinstall Sygate (upgraded it to v5.5) and it reinstalled fine.

    At this time, the pc seems to be working all in order!! No BSoD, no errors, scandisc worked (although it didn't run on the first reboot, it did on the 2nd one (y) )

    We hope this has solved the issue :) We will check the pc throughout the day and post here again if any errors occur.

    Thank you heaps for all your advice and great help!!!!

    Peace

    Dippy & Dingy :D
     
  9. lostinpcland

    lostinpcland Thread Starter

    Joined:
    Sep 6, 2004
    Messages:
    16
    Hello JSntgRvr,

    Here's the update...

    We encountered Error 678, the computer we are dialing into is not answering.

    Then we had Error SDStbRes.dll. One of the library files needed to run this application cannot be found. We looked on net and think that file has to do with Macafee's updating; we have the paid version of Macafee, too, but cannot update virus protection now.

    Can you help us with this? :confused:

    Thank you!!!!

    Dippy & Dingy :D
     
  10. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Error 678 is due to a dialer running in the background, else see this page for trobleshooting:

    http://www.xtra.co.nz/help/0,,6156-1384253,00.html

    In regard to the SDStbRes.dll, deselect from Msconfig the McAfee.InstantUpdate.Monitor. That will disable the utility until you are able to update your .dat files.

    Post another Hijackthis log and let me take a look at it.
     
  11. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Check this entry also:

    Instant Access, rundll32.exe EGDHTML_1023.dll, InstantAccess Adult content dialler related

    It is a dialer and could be the cause of error 678.
     
  12. lostinpcland

    lostinpcland Thread Starter

    Joined:
    Sep 6, 2004
    Messages:
    16
    Hello JSntgRvr,

    We didn't know what that thing was, so we unchecked the "rundll32.exe EGDHTML_1023.dll, InstantAccess Adult content dialler related " thing last night and got the 678 error today. It is still unchecked.

    In the msconfig, we cannot find anything in regards to the SDStbRes.dll, to deselect from Msconfig the McAfee InstantUpdate Monitor. The only thing for Macafee we found was Mcafee virus scan service

    We also encountered the Blue Screen when dialing up... we forgot to write down the error code (oops), but it's usually: An error has occurred at 06:00:28 FF0E5EBC. Sorry about that... we'll get it next time. :(

    In order to be able to use MSN messenger, we are still having to uninstall, reboot and reinstall MSN messenger a few times a day. Before we posted started posting on this site, we contacted MSN tech support & they said that it sounded like we had a corrupted file & told us to uninstall, clear temp folders, reboot, reinstall it. We did that, but it solved nothing. Any suggestions? :confused:

    We did another Hijack This log, as requested :)


    Logfile of HijackThis v1.97.7
    Scan saved at 21:39:38, on 09/09/2004
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVSYNMGR.EXE
    C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSSTAT.EXE
    C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSHWIN32.EXE
    C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVCONSOL.EXE
    C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\WEBSCANX.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\ALOGSERV.EXE
    C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\INSTANT UPDATER\RULAUNCH.EXE
    C:\WINDOWS\SYSTEM\E_S10IC2.EXE
    C:\PROGRAM FILES\BIGFIX\BIGFIX.EXE
    C:\WINDOWS\START MENU\PROGRAMS\STARTUP\PUSH6599.EXE
    C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    C:\MY DOCUMENTS\INTERNET DOWNLOADS\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.uk.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://www-cache.freeserve.com:8080;ftp=http://www-cache.freeserve.com:8080
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
    O4 - HKLM\..\RunServices: [McAfeeVirusScanService] C:\Program Files\McAfee\McAfee VirusScan\AVSYNMGR.EXE
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\INSTANT UPDATER\RuLaunch.exe" /STARTMONITOR
    O4 - HKCU\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\SYSTEM\E_S10IC2.EXE /P23 "EPSON Stylus C64 Series" /M "Stylus C64" /EF "HKCU"
    O4 - Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
    O4 - Startup: PUSH6599.EXE
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct0_x.cab
    O16 - DPF: Yahoo! Reversi - http://download.games.yahoo.com/games/clients/y/rt0_x.cab
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potb_x.cab
    O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt0_x.cab
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
    O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
    O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.com/games/clients/y/fltt1_x.cab
    O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - https://register.btopenworld.com/templates/btwebcontrol.cab
    O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/UK/install.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
    O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.141/code/PWActiveXImgCtl.CAB
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
    O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab


    Thanks for all your time & help!!

    Sincerely,

    Dippy & Dingy :D
     
  13. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    I believe we made an error. The InstantAccess is related to your Scanner. Par of the C:\PROGRAM FILES\TEXTBRIDGE CLASSIC 2.0 program. There is a another InstantAccess entry that is related to Adult Entertainment. That is not the case with you. The command Rundll32 EGDHTML_1023.dll was not present in your configuration.

    My fault, I should have check this more throroughly. Enable the InstantAccess entry in you computer. It has nothing to do with Adult Entertainment.

    RuLaunch.exe is the command for the McAfee.InstantUpdate.Monitor. Expand the MsConfig window and look for a a line with this command.

    Let me know any progress. I see no other problem in the Hijackthis log.
     
  14. lostinpcland

    lostinpcland Thread Starter

    Joined:
    Sep 6, 2004
    Messages:
    16
    Hey there JSntgRvr! :)

    Thanks for the speedy replies!! Well... we have no clue where to find the RuLaunch.exe... we looked in msconfig>>StartUp, but didn't see it there. Is this the reason why we can no longer update our Macafee AV? We are are stumped. :confused:

    Also, do you have any idea why this msn messenger needs to be reinstalled almost everytime the server disconnects? Do you have any suggestions on how to resolve this? :confused:

    Sygate reported:
    Somebody is scanning your computer.
    Your computer's TCP ports:
    2745, 5000, 6129, and 80 have been scanned from xxx.xxx.xx.xxx (we replaced the #'s with x's).


    Is there anyway to close those ports? (maybe some good freeware programs or something?)

    Thank you!!!

    Dippy & Dingy :D
     
  15. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Every computer is in constant attacks. I suggest you visit the Windows Updates page and download all reccomended secutity updates.

    http://windowsupdate.microsoft.com/

    This is the entry in you HijackThis log:

    O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\INSTANT UPDATER\RuLaunch.exe" /STARTMONITOR

    The entry is being called from HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run in your registry. It wont appear in MsConfig. I saw the first few letters of the entry and assumed it was part of MSconfig. According to the last log, is being loaded.

    I thought you did not want to update McAfee. Is it that you are unable to connect to McAfee? Have you tried to update thru the McAfee web site instead thru the instant updater? Contact McAfee Support. There may be a patch to update the RuLaunch.exe application.

    www.McAfee.com

    In regard to MSn Messenger, delete all Temporary Internet Files and History. If the browser's cache (Temporary Internet Files) is corrupted or contains multiple files, the computer will behave like this. Open Internet Explorer, select Tools, then Internet Options. Delete the Temporary Internet Files and History.

    Since you are running IE 6.0, and had a bunch of malware running, to make sure the integrity of your browser is in place, repair the Internet Explorer.

    Go to the Add/Remove Programs icon in the Control Panel. Attempt to removel the internet explorer and internet tools. You will be offered three options. Select "Repair" from those and follow instructions on screen.

    If you still experiencing the Error SDStbRes.dll missing, contact McAfee to see if this file is part of their sofware.

    Here is a small utility that can be made part of Adaware:

    http://www.lavasoftusa.com/software/plugins/vx2cleaner.shtml

    Once downloaded it will be part of Adaware as a plug-in. Run this program as to complete the cleaning in your computer.

    Also, under Internet Options, the Connections tab. Is there a connection other than your normal connection to the internet?
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/270755

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice