Tech Support Guy banner
Status
Not open for further replies.
1 - 11 of 11 Posts

·
Registered
Joined
·
882 Posts
Discussion Starter · #1 ·
OS ME

I posted on security about this case, but now having additional problems. I don't mean to be duplicating

Ran spybot, got all cleared off. Can't run AVG or Adaware because the computer runs for a few seconds and then goes to that common error message (that blue screen) that says program is busy To reboot call alt delete,etc.etc.. If I click enter, it get a vxd error message at the top, then goes back to blue screen again. If I try call alt delete it just hangs up and I have to manually shut down.

At this point, if I let it reboot to normal windows, I get multiple kernel 32 errors. So I go into safe mode and restart and then I can get into normal windows.

I have disabled everything in startup in order to be able to get into Windows, but still can't run AVG or Adaware or some others even with those off.

One more thing, I read at MS knowledge base if you have ' kernell32.dll you can go to windows and rename applog and then reboot and it will create new. Did that but that didn't help.

Any suggestions would be greatly appreciated. I've tried everything that I can think of and spent like multiple hours. The client does not know where the ME disk is either.

Thanks!
 

·
Registered
Joined
·
882 Posts
Discussion Starter · #4 ·
I added this in case this helps.

Also, when to panda and or house call, it goes a little while and then crashes

Logfile of HijackThis v1.97.7
Scan saved at 8:27:51 PM, on 4/1/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38044.3046990741
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net
 

·
Banned
Joined
·
4,888 Posts
Use System Restore to roll your computer back to a date to before when your computer worked right. Before the error(s) started occurring.

To start System Restore, click Start, point to Programs, point to Accessories, point to System Tools, and then click System Restore. Or, in the Help and Support main screen, click Use System Restore under Fix a problem.

then get on-line and do the aforementioned on-line virus scan.
 

·
Registered
Joined
·
882 Posts
Discussion Starter · #6 ·
I tried to do that but in the middle of it, the computer shut down and now when I go there the calendar will not go back earlier than April 1.

Do you know a way I can get a C prompt when I reboot or turn off computer? I could try to scanreg/ restore if I could dothat.

Thanks for your input. Anything other advise would be so appreciated!
 

·
Registered
Joined
·
882 Posts
Discussion Starter · #7 ·
I finally was able to get the hijack. I didn't have both NAV and AVG, the Norton stuff was clean sweep and utilities. However, I uninstalled and not all of it came off. and now files are missing to get rid of the rest. I disable it from startup as I think that was some of the problem getting into normal windows.

ONe thing I didn't mention. I did add some Ram today. But most of these problems were before this. I don't know how bad, because I took this computer home with me to repair so client not available to ask

Here is hijack this

Logfile of HijackThis v1.97.7
Scan saved at 4:44:22 PM, on 4/1/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKLM\..\RunServices: [CSINJECT.EXE] C:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE
O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38044.3046990741
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net
 

·
Registered
Joined
·
882 Posts
Discussion Starter · #8 ·
I've given up on everything I've tried. Client find rescue disk. Does any one know if Dell has a rescue dick on their computer like HP? (Not restore disk, rescue disk.) That would bring it back to like it was when they got it? Thanks
 

·
Registered
Joined
·
882 Posts
Discussion Starter · #10 ·
Thanks for all the help. I cannot beieve it but I solved it. Ram add been added so I took out the new ram and it worked beautifully! However, they still only had 64 ram, so I took out the originAL RAM and put in the new ram. The computer wouuldn't even turn on. Then I switched places putting the new Ram and the old Ram still wouldn't turn on. Put them both back in where I had the original problem and windows opened but with the same problems as before. So I put the 64 ram back in, called the client and she is going to get a new ram piece. I just think that the Ram she bought was somehow corrupted. Their machine should be able to handle the additional ram as it is a Pentium 3 and they only had purchased an additional 124. Anyway thanks for the input. I certainly learned something today!!

Margie
 

·
Retired Administrator
Joined
·
103,703 Posts
Along the lines of the ram, sometimes with the newer PC133, it won't play nicely with PC100.....may or may not be the case, but thought I'd mention it ;)
 
1 - 11 of 11 Posts
Status
Not open for further replies.
Top