Solved: Please help. ME locks up

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Sury

Thread Starter
Joined
Feb 16, 2004
Messages
59
I have a Dell Dimension L500CX which was working fine till a week ago. Then I noticed the performance degraded. It would take 2-3 minutes to open IE browser. I installed ad-aware and spybot and did the clean up including editing MSCONFIG to remove other junk. Now the computer does not boot. When I power up the computer, the Dell logo comes up and soon after ME screen pops. Then after about 2-3 minutes I get a blue screen and hour glass
and nothing else.
 

flavallee

Frank
Trusted Advisor
Joined
May 12, 2002
Messages
81,614
Did you edit the MSCONFIG "Startup" tab list or did you edit some other settings?

You want to leave

ScanRegistry

SystemTray

StateMgr

Antivirus program entries


checked and enabled.
 

Sury

Thread Starter
Joined
Feb 16, 2004
Messages
59
I edited the the file a while ago following Frank's tips. Not recently.
 

flavallee

Frank
Trusted Advisor
Joined
May 12, 2002
Messages
81,614
Since you're using Windows ME, have you tried restoring to a date prior to when the problem occurred?
 

Sury

Thread Starter
Joined
Feb 16, 2004
Messages
59
Hi flavallee,
First of all I have not been able to get my desk top. Next, this is a dumb question alright but how do I restore?
 

flavallee

Frank
Trusted Advisor
Joined
May 12, 2002
Messages
81,614
I only know how to run System Restore within Windows and not within DOS mode, so I'll let someone else answer your question.
 

GoJoAGoGo

Joe
Joined
Dec 26, 2002
Messages
42,056
If you can boot into the Safe Mode you can use System Restore from there.

To boot into Safe Mode tap the F8 key several times right after you start your system. Then a screen will appear with 4 options, choose option #3 "Safe Mode". Once you are in the Safe Mode you will be brought to the Help and Support Center where you should see the System Restore link. If not go to Start>Programs>Accessories>System Tools>System Restore, then select the task of "Restore my computer to an earlier time" and click "Next" You should see a calendar with some Bold Type dates, select a date prior to your problem. Your system will be restored to the date you selected and then will reboot automatically.

I hope this works out for you ...
 

Sury

Thread Starter
Joined
Feb 16, 2004
Messages
59
My apologies for going cold turkey. My mom died in her sleep two weeks ago and I had to drop everything and travel to India. I just came back. I will try to restore using the safe mode as suggested.
 

Sury

Thread Starter
Joined
Feb 16, 2004
Messages
59
I managed to restore my system - thank you GoJo. It takes about 5-7 minutes to boot the system and the applications are doggone slow. I tried HJT and saved the info. in a log file. I am waiting for the browser to respond so that I can cut and paste the log file. I think something is hogging the cpu. In one of my numerous attempts to reboot I saw a message flash saying some VxD I might have installed is taking up all the resources. I clicked on the window too fast to write down exactly what the message said.
 

Sury

Thread Starter
Joined
Feb 16, 2004
Messages
59
Here is my HJT log file
Logfile of HijackThis v1.99.0
Scan saved at 9:29:17 PM, on 2/8/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\WZCBDL SERVICE\WZCBDL9X.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\PROMON.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\LEXMARK X74-X75\LXBBBMGR.EXE
C:\PROGRAM FILES\LEXMARK X74-X75\LXBBBMON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\USB MEDIA\SHWICON.EXE
C:\PROGRAM FILES\ABBYY FINEREADER 5.0 SPRINT\CAGENT.EXE
C:\PROGRAM FILES\WINDOWS MEDIA COMPONENTS\TOOLS\REXPROXY.EXE
C:\PROGRAM FILES\NETZIP DOWNLOAD DEMON\NETZIP DOWNLOAD DEMON.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\MY DOWNLOAD FILES\HIJACKTHIS.EXE
C:\PROGRAM FILES\INTERMUTE\SPYSUBTRACT\SPYSUB.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.dell.com/search/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telugumata.com/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\SYSTEM\NZDD.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\realplay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [PCHealth] c:\windows\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [LexStart] lexstart.exe
O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\msconfig.exe /reminder
O4 - HKLM\..\Run: [ShowIcon_Vosonic_USB Media Device Driver v1.19r003] "C:\Program Files\USB Media\shwicon.exe" -t"Vosonic\USB Media Device Driver v1.19r003"
O4 - HKLM\..\Run: [ABBYY Community Agent] C:\PROGRAM FILES\ABBYY FINEREADER 5.0 SPRINT\CAGENT.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [WZCBDLService] c:\Program Files\WZCBDL Service\WZCBDL9X.exe
O4 - Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O4 - Global Startup: Windows Media PowerPoint Helper.lnk = C:\Program Files\Windows Media Components\Tools\nsppthlp.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe
O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra button: Dell Home - {C505E760-43BF-11D4-9E68-00D0B7796CDD} - http://smbusiness.dellnet.com/ (file missing) (HKCU)
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://cs5.chat.yahoo.com/v/yacscom.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
O16 - DPF: Yahoo! Freecell Solitaire - http://yog55.games.scd.yahoo.com/yog/y/fs10_x.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = Pacbell.net
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 206.13.28.12,206.13.31.12
 

flavallee

Frank
Trusted Advisor
Joined
May 12, 2002
Messages
81,614
I'm sorry to hear about your loss.

----------------------------------------------------------------

You've got some unnecessary programs running in the background that don't need to be. A large startup load will contribute to a longer startup time, a reduction in system resources, a reduction in overall performance, and an increased risk of error messages and freezes.

Click Start - Run, type in MSCONFIG, then click OK - Startup(tab). Uncheck the following:

realplay.exe

mm_tray.exe

mstask.exe

cagent.exe

promon.exe

nsppthlp.exe


click Apply - OK, then reboot.

If you want to research the startup load in your computer yourself, go here and make use of the "Search" option. This is about the best site out there for doing this.

----------------------------------------------------------------

Open the C:\WINDOWS\DOWNLOADED PROGRAM FILES folder. If any of the list shows the status as "Damaged" or "Unknown", delete those entries.

---------------------------------------------------------------

Once you've done the above, post another log. Someone more proficient than me can tell you if anything else needs to be fixed or done.

----------------------------------------------------------------
 

Sury

Thread Starter
Joined
Feb 16, 2004
Messages
59
flavallee,
Thank you. Will do as suggested. I didn't have this problem till the beginning of this year. That's what bugging me most. I ran adaware, spybot, spyblaster and cleared all the cookies. Could you comment on 017 VxD report?Since at one time it complained about VxD hogging all the resources? It didn't expand on "x".
 

flavallee

Frank
Trusted Advisor
Joined
May 12, 2002
Messages
81,614
Make sure you have the most recent version of Ad-Aware(which is SE Personal 1.05) and Spybot(which is 1.3), and make sure to run their update function about once a week to keep them up-to-date. Don't just delete cookies. Delete everything that Ad-Aware finds and everything in red that Spybot finds.

----------------------------------------------------------------

Having too many programs running in the background is what's going to hog system resources.

----------------------------------------------------------------

How much RAM do you have in that computer? It should have at least 256 MB with Windows ME.

----------------------------------------------------------------
 

GoJoAGoGo

Joe
Joined
Dec 26, 2002
Messages
42,056
Sury:

I'm glad to hear the System Restore worked out for you.

As far as the 017 entries in your HJT log, they are Domain Hijacker entries associated with lop.com. I'm no expert on HJT logs but those 2 entries must definitely be deleted. I'm not sure if any other entry should be deleted or if perhaps you need to run any other tools to clean your system from this Hijacker. If you continue to have problems after deleting the 017 entries, I would suggest posting your HJT Log in the Security Forum where you would be able to get some further assistance.
 

Sury

Thread Starter
Joined
Feb 16, 2004
Messages
59
flavallee, Gojo,
I want to thank you guys tremendously. Thanks to your input I am now sending this message from the previously "dead" computer. I checked the memory and I have 128Mb and at the time I took the snap shot, it shows only 248K free space. At that time there are no other programs running. Not even IE browser. I am amazed that the system consumes 128Mb. That seemed too much. Here is the sys info. snapshot and HJT log for your consideration.
OS Name Microsoft Windows
Version 4.90.3000 Build 3000
OS Manufacturer Microsoft Corporation
System Name TELUGUMATA
System Manufacturer Dell Computer Corporation
System Model L500cx
System Type X86-based PC
Processor Intel(r) Celeron(tm) Processor GenuineIntel ~500 Mhz
BIOS Version Not Available
Windows Directory C:\WINDOWS
Locale United States
Time Zone Pacific Standard Time
Total Physical Memory 126.26 MB
Available Physical Memory 248.00 KB
Total Virtual Memory 2.00 GB
Available Virtual Memory 1.73 GB
Page File Space 1.88 GB
Here is HJT data
Logfile of HijackThis v1.99.0
Scan saved at 10:33:07 AM, on 2/12/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\LEXMARK X74-X75\LXBBBMGR.EXE
C:\PROGRAM FILES\USB MEDIA\SHWICON.EXE
C:\PROGRAM FILES\LEXMARK X74-X75\LXBBBMON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\INTERMUTE\SPYSUBTRACT\SPYSUB.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\HELPCTR.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\MY DOWNLOAD FILES\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.dell.com/search/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telugumata.com/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [PCHealth] c:\windows\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [LexStart] lexstart.exe
O4 - HKLM\..\Run: [ShowIcon_Vosonic_USB Media Device Driver v1.19r003] "C:\Program Files\USB Media\shwicon.exe" -t"Vosonic\USB Media Device Driver v1.19r003"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://cs5.chat.yahoo.com/v/yacscom.cab
O16 - DPF: Yahoo! Freecell Solitaire - http://yog55.games.scd.yahoo.com/yog/y/fs10_x.cab
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top