Solved

Major 200 problem

Posted on 2002-07-15
20
134 Views
Last Modified: 2010-04-13
My machine locked up accessimg Outlook.  Starts in safe mode but either reboots each time it starts normally or loads but when you click on a icon, it does nothing.  Trying to end task reboots machine.

0
Comment
Question by:Stardotstar
  • 7
  • 5
  • 4
  • +2
20 Comments
 
LVL 44

Accepted Solution

by:
CrazyOne earned 500 total points
ID: 7155991
Well it sounds like you might consider doing this. It sounds like a device driver may be causing problems.

This is a in depth look at "Repair, Recovery, and Restore"
http://www.microsoft.com/windows2000/techinfo/reskit/samplechapters/fndc/fndc_rec_uctu.asp
The download is actually a MS Word Document with the info
http://www.microsoft.com/windows2000/techinfo/reskit/samplechapters/fndc/fndc_rec.exe

Here is a description of a couple of repair options.

The following is from the Microsoft Knowledge Base.

Differences Between Manual and Fast Repair in Windows (Q238359)
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q238359


The Crazy One
0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 7155995
BTW before doing anything boot to safe mode and do this

Start > Run eventvwr.msc /s

See if any errors have been logged and if so post those errors here.
0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 7155996
Sometimes doing the following helps rectify problems like this.

Note the following approcah will not replace any system files.

Can you boot to your Win2000 CD? If so then when it finally boots At the "Welcome to Setup" screen, press F10, or press R to repair, and then C to start the Recovery Console this will allow you to use the command line. From here do something like the following. Or if the file system is FAT32 you can use a Win98 bootdisk to do this. www.bootdisk.com

COPY /Y C:\WINNT\repair\RegBack\TheParticularHive C:\WINNT\system32\config\

This will replace the registry hive to the last time that hive was backuped. Hopefully you didn't backup the registry at the time the problems started to happen.

Following is a list of the files that are the registry hives. I would suggest starting with the SYSTEM hive and then reboot and if the problem still persists do the SOFTWARE hive next. Note these files don't have a file extension on them

DEFAULT
SAM
SECURITY
SOFTWARE
SYSTEM

I would suggest to first backup these hives from the C:\WINNT\system32\config\ to folder of your making or choice just don't back them up to the C:\WINNT\repair\RegBack\ folder.  

You will probably need to reapply any services patches that you have previously installed.
0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 7156109
Oh one thing I forgot is while in safe mode do this.

Start > Run sfc /scannow

If there are corrupted system files the sfc will find and replace them. I would suggest doing this first.
0
 
LVL 16

Expert Comment

by:GUEEN
ID: 7156164
For outlook go to start |  run and browse to  outlook.exe then add the safe switch
example:
"C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE" /safe

If you can start it with the above switch then you probably have an addin problem.
If not you need to repair office (have your Office XP CD handy) go to control panel |  add/remove programs  |Microsoft Office XP |  select the 'change' option then select 'repair Office'

Do you have all of your office updates applied via windows update?

Make sure to compact your folders often by right clicking on 'personal folders' (within outlook) | properties
advanced | compact now.  Be sure to also clean up your sent items and deleted items as well...

also as crazy mentioned above posting event viewer ID's and source will give more insight into your problem.
0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 7156284
Also I am wondering if you got hit with virus?
0
 

Author Comment

by:Stardotstar
ID: 7156774
Sorry I have not been back.  Here's what happened.  All was  peacefull yesterday until I applied the latest NAV July 15, 2002 update.  After updating, I then went into Outlook to write an email.  For some reason all locked up.  Upon reboot the machine would continually just reboot, after the NAV icon would appear in the tray.  NOw after much work, I have been able to stabilize the system, but only after removing NAV.  All starts and runs well EXCEPT now I cannot connect to the internet nor my home network.   CrazyOne, I think you are right, I have some massive virus.  I reinstalled NAV and all booted fine EXCEPT when NAV starts it appears in the tray with a red X over it.  I downloaded and installed the update of 7/15/02 and did a scan and it finds nothing, but yet it boots with the red x and I cannot get to the Internet either via explorer of outlook.
0
 

Author Comment

by:Stardotstar
ID: 7156785
Sorry I have not been back.  Here's what happened.  All was  peacefull yesterday until I applied the latest NAV July 15, 2002 update.  After updating, I then went into Outlook to write an email.  For some reason all locked up.  Upon reboot the machine would continually just reboot, after the NAV icon would appear in the tray.  NOw after much work, I have been able to stabilize the system, but only after removing NAV.  All starts and runs well EXCEPT now I cannot connect to the internet nor my home network.   CrazyOne, I think you are right, I have some massive virus.  I reinstalled NAV and all booted fine EXCEPT when NAV starts it appears in the tray with a red X over it.  I downloaded and installed the update of 7/15/02 and did a scan and it finds nothing, but yet it boots with the red x and I cannot get to the Internet either via explorer of outlook.
0
 
LVL 7

Expert Comment

by:franka
ID: 7156799
so, now that you found the reason for you lockups (NAV), what is you question? Gaining internet access again?
0
 

Author Comment

by:Stardotstar
ID: 7156831
The assumption that is was NAV is just that.  Because NAV starts up with a red x over it, it indicates a problem, since all is properly turned on in NAV (Load at windows startup).  I guess an answer for you is yes and no.  I believe that the problem is related to NAV, like a virus.  Yes, you are right the lock up is gone as well as the reboot, but I believe the underlieng problem is still there and now has taken a toll, my access to the Internet.  Network card is installed and lites indicate proper working, have reset modem and router.  Internet connection is active.  Signed on as I always have to home group.  Two other pcs have no problem accessing Internet so it is not a modem router issue.  BUt they do not see me and I do not see them.  So I guess from what you are saying, yes I need to figure out what is preventing the NAV from running and keeping me from the Internet.  I believe it to be all one big issue, and am willing to award more points.  Not trying to drag this out!
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 16

Expert Comment

by:GUEEN
ID: 7156963
DHCP or static IP?
Try this at command line:
netsh int ip reset resetip.log
(if static you will have to go back in and redo IP)
what do your event logs say?
0
 

Author Comment

by:Stardotstar
ID: 7156990
DHCP via a Linksys router.  What event logs?  How and where do I read these?

Thanks
0
 
LVL 16

Expert Comment

by:GUEEN
ID: 7157019
start  |  run type   eventvwr.msc
you should also be able to get to them through programs admin tools (or something to that effect.) I've configured my xp box differently so I do not have a clue as to the original path...
0
 
LVL 7

Expert Comment

by:jatcan
ID: 7157186
You will have to rule out virus's first. So, reboot the PC, press F8 when you see that message at bottom of screen(on the starting windows 2000 screen-F8 for advanced troubleshooting). Choose Safe mode with networking. Say OK to the "safe mode" prompt.

Then go to this URL and scan your PC for virus's:

http://housecall.antivirus.com/housecall/start_corp.asp

say yes to the activeX control prompt, before you start the scan click the autoclean check box, select all the drives on your PC, except floppy and cdrom(s) of course.\

After the scan report back her if uncleanable virus found.
=============================================
 If all is well, then we begin.

1.)What version of Norton Antivirus is it?
2.)Are we talking about a version that is included in another software package (such as Norton INternet Security or System Works)?
3.)What OTHER software/hardware has recently been installed/unbinstalled from the PC?
4.) Do you have any other antivirus products installed on your PC? Check add/remove programs in control panel.
5.)DO you have service pak 2 installed? If not ya might need this when we're done:

http://microsoft.com/windows2000/downloads/servicepacks/sp2/sp2lang.asp

================================================
Does the NAV icon EVER get rid of the red X? Does the rest of your startup programs work(do other icons load into the startup tray, near NAV icon?)
http://service2.symantec.com/SUPPORT/nav.nsf/b69c799adfa31ecc85256aa30052f4d0/87ae895a59acf2e385256aea0059be67
================================================
You should uninstall ALL Symantec Programs since they ALL share common components and one or more of those may be corrupted or missing. USe add/remove programs to do that.
Then see below.
===============================================
To completely un-install Symantec Products: Not only do you have to use add/remove programs but you should open regedit and do this to:delete the Symantec keys from the registry.

start button\run\type in regedit,click OK, click file menu,click export registry file,save in root of c:\.Name it the present date (IE- July6th02 OR 070602; it will append the .reg extension) then navigate to:

The following key may not exist on your nsystem, depending on WHAT Symantec products are installed and how much you've modified the default configuration, if it IS present delete it immediately after using add/remove programs to uninstall the Symantec products:

HKEY_CURRENT_USER\Software\Symantec

This key will be there for sure. Delete it also.

HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\

Then delete Symantec folders: C:\Program Files\Symantec AND C:\Program Files\Common Files\Symantec Shared.

There are some stray system folder files hanging around, even after doing the above deletions, if they become a problem(I seriously doubt it) then we'll hunt them down and kill them also.

Click start button\run\type in msconfig, click OK. OH, can't find it: get MSCONFIG for win2k from this URL:

http://www.thetechguide.com/downloads/msconfig.zip

unzip that file and copy the msconfig.exe file to your c:\winnt\system32 directory, then try the above steps for starting it.

Uncheck EVERYthing under the start up tab except for systray.exe AND explorer.exe.
Unplugged the NIC card from the router.
Reboot machine into Normal User mode.

Run msconfig again, is anything re-checked? If so, what is the file name and the path to it. Without running any apps, a re-check in here is MOST likely due to a virus/spyware being started from win.ini OR autoexec or some other method not related to the "run" keys.

You can check here also for a virus/spyware entry:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

look at the SHELL string, it's value should be explorer.exe and nothing else after. IF you see:

explorer.exe filename.extension
IE- explorer.exe virus.com

then you still have a virus/spyware problem. Delete the "extra" value so it looks like it should:

SHELL        explorer.exe

Reboot PC again. Recheck Startup tab in msconfig to make sure nothing is checked. Test. Everything but the network that is.

Once you're satisfied that the PC is stable again. PLug the nic in for a second just to see if network services have returned. If you can browse the network, then try internet explorer. If thats OK, then you can safely re-install Norton Anti Virus, I would suggest at least version 2001, 2002 IS better. If you cannot reach internal network/internet post here and we'll give some advice on how to proceed.

Cheers.






 

0
 

Author Comment

by:Stardotstar
ID: 7157244
Thanks, to all who are helping.  I will be working on this again in a few hours and will report back.  

Jatcan as far as the removal, I did that process with thier removal tool and reinstalled.

I cannot link into the Internet either in safe mode or normal.

0
 
LVL 16

Expert Comment

by:GUEEN
ID: 7157264
Did you try resetting your ip as listed above too?
0
 
LVL 7

Expert Comment

by:jatcan
ID: 7157313
OKEY DOKEY, I need shorter answers. Here we are. If the netsh comand doesn't work.Then,

This:

You can check here also for a virus/spyware entry:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

look at the SHELL string, it's value should be explorer.exe and nothing else after. IF you see:

explorer.exe filename.extension
IE- explorer.exe virus.com

then you still have a virus/spyware problem. Delete the "extra" value so it looks like it should:

SHELL        explorer.exe


Click start button\run\type in msconfig, click OK. OH, can't find it: get MSCONFIG for win2k from this URL:

http://www.thetechguide.com/downloads/msconfig.zip

unzip that file and copy the msconfig.exe file to your c:\winnt\system32 directory, then click start button\run\type in msconfig,click OK, ON the general tab, click selective startup, un-check everything, reboot, try to surf. If you can, re-check items under selective startup one at a time. When you find the culprit let us know.

If you still cannot surf after the above:

Remove everything from the network applet in control panel, Apply and OK all the way out, saying yes to the prompt to continue with an incomplete network setup.
Reboot, let system re-install NIC. Open network properties again and re-add client for microsoft networks. This should also re-add tcp/ip. Check tcp/ip properties. Click advanced, click options tab, click TCP/IP filtering, click properties, remove check box from enable tcp/ip filtering (All adaptors), apply everytihng on the way out, and reboot system. Test.

Cheers.
0
 

Author Comment

by:Stardotstar
ID: 7157529
Shekerra, No I am not at my machine right now but that will be my first action.
0
 

Author Comment

by:Stardotstar
ID: 7158039
Well you are not going to believe this one.  After doing all of the above, nothing worked.  So I deleted TCPIP connection, reinstalled and bam all was back.

I am awarding points to each of you so look for questions for points.

Thanks for all of your help.

0
 
LVL 7

Expert Comment

by:jatcan
ID: 7159096
Yeah, I beleive it. Glad you're up and running again.

Cheers!
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Never store passwords in plain text or just their hash: it seems a no-brainier, but there are still plenty of people doing that. I present the why and how on this subject, offering my own real life solution that you can implement right away, bringin…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now