1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Massive ME problems after Windows Update - HJT included

Discussion in 'Earlier Versions of Windows' started by Tony1966, Jul 1, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. Tony1966

    Tony1966 Thread Starter

    Joined:
    Jul 16, 2006
    Messages:
    109
    (Posting this from my laptop).

    Having finally got my desktop/laptop configured for networking I thought I'd concentrate on tidying one or two things up on the ME desktop this morning. I was already aware that I had an Eied_57_c_exe virus after running a full Norton scan (NIS 2005) but I think a seach located it to a Killbox directory, so I have a feeling I hadn't completed a process last time I ran Killbox.

    I succesfully ran Ad-Aware SE and Spybot search and destroy. I thought I'd be very clever and run a Windows update, despite the fact that Microsoft no longer actively support ME, installing 27 "critical" and a couple of non-critical updates before rebooting the PC.

    Since running the update and rebooting the system is shocking. To be more specific I can click on start menu and navigate to all the programs but nothing will open on a double click. None of the desktop items will open on a doubleclick, nor any of the icons stored in the bottom bar (whatever that's called).

    IF I do a CTRL+ALT+DEL and end Quick Launch I'm then able to run some applicationsi but it soon freezes up again so though I was able to run a HJT as soon as I tried to save a log to copy into a shared file and post here it freezes again. I did manage to turn off NIS just to see if that had any effect. Also if it is at all relevant, ending quick launch removes NIS from the quick launch toolbar.

    I've just about managed to save a HJT log laptop through repeated ending of quick launch - I am more than happy to clean up and get rid of any yahoo/games and unneccesary bits and pieces.

    Any suggestions as to what to do next please.

    ----------- rant mode on -------------

    Microsoft GRRRRRRRRRRRRRRRRRR *****


    ----------- rant mode off -------------

    Logfile of HijackThis v1.99.1
    Scan saved at 11:30:03, on 01/07/2007
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v5.50 (5.50.4134.0100)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\SSDPSRV.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\ALUSCHEDULERSVC.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
    C:\PROGRAM FILES\NORTON INTERNET SECURITY\ISSVC.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPROXY.EXE
    C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
    C:\PROGRAM FILES\SITECOM\C2SLOAD.EXE
    C:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD2.EXE
    C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE
    C:\PROGRAM FILES\SITECOM\IFR_SHARE.EXE
    C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQTRA08.EXE
    C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\SYSTEM\HPZIPM12.EXE
    C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQGALRY.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
    C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\ADBLOCKING\NSMDTR.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.co.uk/iesearch/default.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
    O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\WANADOO\WSBAR\WSBAR.DLL
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Click2Share] C:\Program Files\Sitecom\C2SLoad.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE"
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\RunServices: [ALU Scheduler Service] C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
    O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
    O4 - HKLM\..\RunServices: [ISSVC] "C:\Program Files\Norton Internet Security\ISSVC.exe"
    O4 - HKLM\..\RunServices: [ccProxy] C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\WANADOO\WSBAR\WSBAR.DLL/VSearch.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLL
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLL
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLL
    O12 - Plugin for .interaction=printAndSave_pdf&DateString=1169757980724: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
    O16 - DPF: {2F824F9A-F14B-4847-83DE-616D7B589CD0} (Viair Address Book Importer) - https://email.vodafone.net/en_gb/pc/contacts/addrbook2.cab
    O16 - DPF: {47CEF84E-92D8-4C4A-86D7-CB982889DCC0} (Oberon Media Network Optimizer) - http://mp1.mplay.oberon-media.com/client/flashnet.cab
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potg_x.cab
    O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/games/clients/y/it1_x.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
    O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab
    O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
    O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab
    O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://zone.msn.com/bingame/zpagames/zpa_shvl.cab46704.cab
    O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com/DLHelper/version7/DLHelper.cab
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://fortunelounge.microgaming.com/generic/FlashAX.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin9x/AvSniff.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game05.zylom.com/activex/zylomgamesplayer.cab
     
  2. Blue Zee

    Blue Zee

    Joined:
    May 18, 2007
    Messages:
    1,759
  3. Tony1966

    Tony1966 Thread Starter

    Joined:
    Jul 16, 2006
    Messages:
    109
    Ooooooooooooooh - just had a quick read - It's all going to go horribly wrong :D :D

    Thanks very much for the response.

    I'll do it step by step to the letter including back ups and let you know the results. I'll always mark a solved thread (or continue to pester on here until I get a resolution :p ).

    Once I can get some stability into the entire networked set up (and some more money !) I will be upgrading to a supported OS. I believe with all the money Microsoft make they should be made to support their systems for a minimum 20 years.
     
  4. Tony1966

    Tony1966 Thread Starter

    Joined:
    Jul 16, 2006
    Messages:
    109
    Just re-read your post and I intend to replace IE with Firefox on the ME system (was on my list of things to do today- unless you can think of any good reasons why not.)
     
  5. Blue Zee

    Blue Zee

    Joined:
    May 18, 2007
    Messages:
    1,759
    Regarding the EXE issue, just download the registry patch:

    http://filext.com/Win98_EXE_Fix.reg

    Right-click the link and select Save as.

    After downloading double-click it, if it opens in Notepad, close Notepad, right-click the file and select Merge.

    After successfully adding to registry, restart the PC and test.

    See if that is enough.

    Regarding Firefox, it is an excellent alternative to IE, safer, faster, and I'm posting with it.

    My favorite browser.

    But do upgrade IE, it's built into Windows and that alone is a good enough reason to do it.

    And also... you can only access Windows Update with IE:mad:

    Listening.

    Zee
     
  6. Tony1966

    Tony1966 Thread Starter

    Joined:
    Jul 16, 2006
    Messages:
    109
    I'm glad you posted that because I'm struggling to try the not registry solutions - won't let me open My Computer/My docs either the long or short way, with or without killing quick launches.

    If this solutions freezes will it work just as well in safe mode ?
     
  7. Tony1966

    Tony1966 Thread Starter

    Joined:
    Jul 16, 2006
    Messages:
    109
    Oh and IE 6 update was one of those I ignored from Windows Update - do you think this is Microsoft's revenge :D:D :D :D
     
  8. Blue Zee

    Blue Zee

    Joined:
    May 18, 2007
    Messages:
    1,759
    It should work in Safe Mode too but you must reboot to Normal Mode so that the new registry entries are applied.

    I wouldn't say it's a revenge, just a way MS found to tell us (users) they are in charge.

    And wait till you try Vista...(n)

    Zee
     
  9. Tony1966

    Tony1966 Thread Starter

    Joined:
    Jul 16, 2006
    Messages:
    109
    It appears to merged directly from the download - just rebooting now
     
  10. Tony1966

    Tony1966 Thread Starter

    Joined:
    Jul 16, 2006
    Messages:
    109
    Oops forgot to switch off Norton - so this could be fun !

    I have Vista on the new laptop - I'm not a techie gury (clearly !) and my usage is limited to light office and surfing, with the odd webgame thrown in. I've learned a lesson from the desktop years ago. Playstations are for games PCs aren't !!! :D

    I'm going to try that again with Norton Disabled - and disabled on start up as well if I can find the right setting.
     
  11. Blue Zee

    Blue Zee

    Joined:
    May 18, 2007
    Messages:
    1,759
    Did you see a message similar to "successfully added to registry"?

    Now think a little more... if that link was pointing to a malware file and you executed it without knowing what it was (OK, I know you trusted me, but...) you could now be facing a succumbing system, even it seems it was already.

    That's why I posted "Right-click the link and select Save as".

    Anyway still curious on the end result.

    Zee
     
  12. Tony1966

    Tony1966 Thread Starter

    Joined:
    Jul 16, 2006
    Messages:
    109
    I trust all advice from senior members on here - it's worked enough times before :D

    I've just tried it your way with NIS disabled and set to manual start up only and received the message

    just rebooting now so hang tight.
     
  13. Tony1966

    Tony1966 Thread Starter

    Joined:
    Jul 16, 2006
    Messages:
    109
    Waaaaaaaaaaaaaaah - still got the quick launch not responding issue - once I can get it to post a new log I'll post in here -
     
  14. Tony1966

    Tony1966 Thread Starter

    Joined:
    Jul 16, 2006
    Messages:
    109
    Bloody Norton - despite setting it to manual start up on Supervisor I have it defaulted to kids for start up account. Just reconfigured and will give it one more shot before posting HJT if it fails or big flags if it works
     
  15. Tony1966

    Tony1966 Thread Starter

    Joined:
    Jul 16, 2006
    Messages:
    109
    Nope !!!!

    Norton is disabled correctly. I'm going to physically uninstall all the freeware virus/spyware progrs. Re-run the fix and reboot
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/590501

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice