Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Win98 errors during boot


  • Please log in to reply

#1
andymc

andymc

    Member

  • Member
  • PipPip
  • 10 posts
When booting my win98 pc it errors with msgsrv32 not responding. It sometimes lets me click cancel and continues, only to error with a succession of iexplorer, calcheck, ramex, FW_304 not responding errors. Occasionally I can get past this and log in, but Task Manager only ever shows restun as running and the PC usually hangs after a short while. I can get in using safe mode where the hijack this was run from. I would be grateful for any advice on how to proceed.

Logfile of HijackThis v1.99.1
Scan saved at 18:57:01, on 14/09/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.iesearch....rch/default.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://www-cache.freeserve.net:8080;ftp=http://www-cache.freeserve.net:8080
F1 - win.ini: run=hpfsched
O2 - BHO: HTML Class - {9C5B2F29-1F46-4639-A6B4-828942301D3E} - C:\WINDOWS\SYSTEM\SIPSPI32.DLL
O2 - BHO: CDllBho Object - {5A5B6916-ED71-4531-8018-E792DD44156E} - C:\WINDOWS\NCEERAT902.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [Dcfssvc] c:\windows\System32\Drivers\dcfssvc.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [resagnt] C:\WINDOWS\restun.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE" /background
O4 - Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O4 - Startup: Watch.lnk = C:\Windows\TWAIN_32\1200 UB\WATCH.EXE
O4 - Startup: reminder-ScanSoft Product Registration.lnk = C:\Program Files\TextBridge Classic 2.0\Ereg\REMIND32.EXE
O4 - Startup: KODAK Picture Transfer Software.lnk = C:\Program Files\Kodak\KODAK Picture Transfer Software\pts.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Freeserve - {4D9D5720-8597-11D4-A398-EBA26E882F4A} - http://www.freeserve.net/packard-bell/ (file missing) (HKCU)
O9 - Extra button: PB Home - {4D9D5721-8597-11D4-A398-EBA26E882F4A} - http://www.packardbell-europe.com/ (file missing) (HKCU)
O12 - Plugin for .mts: C:\Program Files\MetaCreations\MetaStream\npmetastream.dll
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .swf: C:\Program Files\Netscape\Communicator\Program\PLUGINS\NPSWF32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
O16 - DPF: {99B42120-6EC7-11CF-A6C7-00AA00A47DD2} (Label Object) - http://activex.micro...x86/ielabel.cab
O16 - DPF: {9C5B2F29-1F46-4639-A6B4-828942301D3E} (HTML Class) - http://www.123mania.com/SIPSPI32.cab
O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://C: oo.mht!http://198.88.20.155...chm::/win32.exe
  • 0

Advertisements


#2
Retired Tech

Retired Tech

    Retired Staff

  • Retired Staff
  • 20,563 posts
This will rebuild rather than restore the registry and also replace missing or corrupt system files

Boot the PC and keep tapping F8 right after the beep until you get options, select command prompt only, type scanreg.exe /fix then press enter, it will run through a few screens then say registry repaired. Press enter then press ctrl + alt + delete keys together to reboot.

When it has loaded, click start, all programmes, accessories, system tools, system information, tools then run system file checker and replace any files it asks for from the 98SE CD then reboot.
  • 0

#3
Guest_1069_*

Guest_1069_*
  • Guest
I may have missed it - but I don't see an Anti Virus in your log.

If you use it for Internet use you should have one. You can get a good free one from here: http://www.majorgeek...ownload886.html
  • 0

#4
andymc

andymc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Thanks for the replies. I went through all the steps, and had 1 file come up - setupx.dll. I loaded this back in - unfortunately no change. Any other ideas?

I will try and download the antivirus software, but I only get as far as the Internet about 1 in 30 attempts. I'm more concerned with just getting the machine up and running!
  • 0

#5
Retired Tech

Retired Tech

    Retired Staff

  • Retired Staff
  • 20,563 posts
Try Winsock2Fix for 98 here

http://www.geekstogo..._Log-t2852.html

At top in preparation

This

Adds the value:

"MSGSRV" = "MSGSRV.CXE"

to these registry keys:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Run

so that the Trojan runs when you start Windows.

is from here

http://securityrespo...n.wintrash.html

So you might want to run the programmes as advised in the malware link

As msgsvr is a system file it should have been replaced by system file check
  • 0

#6
andymc

andymc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
is it OK to run w32fix in safe mode as this is the only way I can get into the PC at the moment - it comes up with a warning when I try this :tazz:
  • 0

#7
Retired Tech

Retired Tech

    Retired Staff

  • Retired Staff
  • 20,563 posts
Winsock2fix deals with the internet connection so you should be able to run it in safe mode, what is the warning you get

The malware programmes are advised because it can also be malware related, and it is best to determine if this is the case
  • 0

#8
andymc

andymc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
The warning is - if you run a textbased program in safe mode you risk corruption of the video display or experiencing other anomalies.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP