| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 60159 | 2005-07-24 10:27:00 | Windows ME freezing on startup | dianne (1940) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 374926 | 2005-07-24 10:27:00 | Freezes 1/2 way through when booting up. :help: Tried 3 times just to get on here. Running AVG, Quicktime, Msn. Tried pressing ctrl, alt, delete, comes up with a box IE not responding, click onto end task and then it freezes and cannot use the mouse. Reboot, same thing. Turn off completely and it loads fine. Have been getting a few blue screens with fatal exception error......something about IE. Have run AVG, Ad-Aware SE, CC cleaner, PC Bug Doctor and have done Maintenance. All clear | dianne (1940) | ||
| 374927 | 2005-07-24 10:48:00 | Welcome Dianne Get hijackthis www.merijn.org from here www.spywareinfo.com Sounds like you've picked up something. Then make a folder called HJT, then unzip this file. Then run hijackthis. Scan and post the log here. We'll see whats in it. |
Speedy Gonzales (78) | ||
| 374928 | 2005-07-24 11:03:00 | Logfile of HijackThis v1.99.1 Scan saved at 10:02:29 p.m., on 24/07/2005 Platform: Windows ME (Win9x 4.90.3000A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\SYSTEM\RPCSS.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\TASKMON.EXE C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE C:\WINDOWS\SYSTEM\QTTASK.EXE C:\WINDOWS\SYSTEM\FMCTRL.EXE C:\WINDOWS\SYSTEM\SISTRAY.EXE C:\PROGRAM FILES\MYWEBSEARCH\BAR\5.BIN\MWSOEMON.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\WINDOWS\RunDLL.exe C:\PROGRAM FILES\NETSHOW SERVICES\TOOLS\REXPROXY.EXE C:\PROGRAM FILES\ULEAD SYSTEMS\ULEAD PHOTO EXPRESS 4.0 SE\CALCHECK.EXE C:\WINDOWS\SYSTEM\PSTORES.EXE C:\PROGRAM FILES\WINZIP\WINZIP32.EXE C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE C:\PROGRAM FILES\HIJACK THIS SCAN\HIJACKTHIS\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = g.xtramsn.co.nz R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\5.BIN\MWSSRCAS.DLL O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\PROGRAM FILES\MYWEBSEARCH\BAR\5.BIN\MWSBAR.DLL O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\5.BIN\MWSSRCAS.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime O4 - HKLM\..\Run: [Q3dctlTray] Fmctrl.EXE O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\SYSTEM\SISTRAY.EXE O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\BAR\5.BIN\MWSOEMON.EXE O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe -quiet O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\BAR\5.BIN\MWSOEMON.EXE O4 - Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe O4 - Startup: Utility Tray.lnk = C:\WINDOWS\SYSTEM\sistray.exe O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\5.bin\MWSOEMON.EXE O4 - Global Startup: NetShow PowerPoint Helper.lnk = C:\Program Files\NetShow Services\Tools\nsppthlp.exe O8 - Extra context menu item: &Search - bar.mywebsearch.com O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - a840.g.akamai.net O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - chat.msn.com O16 - DPF: BNZ Migration Classes - www.bnz.co.nz O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - go.microsoft.com O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - messenger.msn.com |
dianne (1940) | ||
| 374929 | 2005-07-24 11:10:00 | Thanks for helping. Sorry to be so thick but was I supposed to go into the second website you mentioned.www.spyware..... I only went to hijack this and did the scan from there? | dianne (1940) | ||
| 374930 | 2005-07-24 11:22:00 | No worries. Tick the following in hijackthis. Make sure the browser is closed. Then click on fix checked. Then reboot. C:\PROGRAM FILES\MYWEBSEARCH\BAR\5.BIN\MWSOEMON.EXE R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\5.BIN\MWSSRCAS.DLL O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file) O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\PROGRAM FILES\MYWEBSEARCH\BAR\5.BIN\MWSBAR.DL O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\5.BIN\MWSSRCAS.DLL O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\BAR\5.BIN\MWSOEMON.EXE O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\BAR\5.BIN\MWSOEMON.EXE O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\5.bin\MWSOEMON.EXE O8 - Extra context menu item: &Search - bar.mywebsearch.com O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - a840.g.akamai.net See if your system freezes after this. |
Speedy Gonzales (78) | ||
| 374931 | 2005-07-24 11:45:00 | Thank you soooooo much. It's fine now. No trouble booting up. Two further questions if you don't mind. Why is my websearch still on the task bar and should I get rid of it? If I uninstall it willit affect any of my other settings. Secondly, I have three icons on my desktop which i would like to know if I should delete two which are not in use. They are Firefox 1.02 and Firefox 1.04 and I am using Firefox 1.06. Just came back into edit this as 2 more problems have surfaced. Got a message msimn caused error in Kernel 32.dll. Then a message Outlook Express could not be started because Msoeres.dll couldnot be found............sorry |
dianne (1940) | ||
| 374932 | 2005-07-24 11:55:00 | No worries. See if Mywebsearch (or some strange unknown names of programs appear in add/remove programs (this is in control panel). See how many entries of firefox are in control panel, if it shows firefox 1.02 and firefox 1.04 uninstall them using add/remove programs. (hopefully it doesnt remove firefox 1.06! Can u close this Mywebsearch icon on the taskbar?? if u can close it, then see if there are any strange names in Add/remove programs. |
Speedy Gonzales (78) | ||
| 374933 | 2005-07-25 06:57:00 | I have followed instruction in your post 7......thank you. Removed websearch and Firefox icons and firefox still works. Could you please see end paragraph in my post 6. Also now getting message aupdate has caused error in unknown.....what can I do now? | dianne (1940) | ||
| 374934 | 2005-07-25 07:16:00 | If u have a cd with Internet Explorer 6, reinstall it from cd. You may have to export email addresses etc before u do this. Thats if ME can run V6. Not too sure. Never used ME. |
Speedy Gonzales (78) | ||
| 374935 | 2005-07-25 08:08:00 | Don't have IE cd. Can it be downloaded from the web? It is version 6 I have. | dianne (1940) | ||
| 1 2 | |||||