Hi there, I am running on a private home network with 3 computers. The computers use W2K and WIN98SE. These are all connected using a SMC router for ICS. In the last week I have had problems with all three computers freezing up for approx 3 seconds every couple of minutes. It is driving me mad. I have run NAV and come up clean. I have run spybot S&D and cleaned out all bugs that it finds. The problem is still there. I ran HijackThis and enclose the log file:
Logfile of HijackThis v1.99.0
Scan saved at 17:57:04, on 20/01/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32
.DLL
C:\WINDOWS\SYSTEM\SPOOL32.
EXE
C:\WINDOWS\SYSTEM\MPREXE.E
XE
C:\WINDOWS\SYSTEM\MSTASK.E
XE
C:\PROGRAM FILES\COMMON FILES\EPSON\EBAPI\SAGENT2.
EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\NORTON PERSONAL FIREWALL\NISUM.EXE
C:\PROGRAM FILES\NORTON PERSONAL FIREWALL\CCPXYSVC.EXE
C:\WINDOWS\SYSTEM\RPCSS.EX
E
C:\WINDOWS\SYSTEM\mmtask.t
sk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALS
CHED.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.E
XE
C:\PROGRAM FILES\ADSGONE\ADSGONE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.
EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\DESKTOP\HIJACKT
HIS.EXE
R1 - HKCU\Software\Microsoft\In
ternet Explorer\Main,Search Bar =
http://minisearch.startnow.comR1 - HKCU\Software\Microsoft\In
ternet Explorer\Main,Search Page =
http://minisearch.startnow.comR0 - HKCU\Software\Microsoft\In
ternet Explorer\Main,Start Page =
http://www.uk.yahoo.com/R1 - HKLM\Software\Microsoft\In
ternet Explorer\Main,Search Bar =
http://minisearch.startnow.comR1 - HKCU\Software\Microsoft\In
ternet Explorer\Search,SearchAssi
stant =
http://minisearch.startnow.com/R1 - HKCU\Software\Microsoft\In
ternet Explorer\Search,CustomizeS
earch =
http://minisearch.startnow.com/R1 - HKLM\Software\Microsoft\In
ternet Explorer\Search,Default_Se
arch_URL =
http://minisearch.startnow.comO2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-F
D60B590A87
D} - C:\PROGRA~1\COMMON~1\REAL\
TOOLBAR\RE
ALBAR.DLL (file missing)
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-1
4154ECE70A
C} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MY
BAR.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-7
84B7D6BE0B
3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\ACROBAT\ACTIVEX\ACROIE
HELPER.OCX
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-F
ADC6B08487
2} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: FCBHOBHO Class - {8B3868B4-EBA8-48FA-A19B-E
1DFB99066F
A} - C:\PROGRAM FILES\FLASHCAPTURE\FCBHO.D
LL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-C
F10577473F
7} - c:\program files\google\googletoolbar
1.dll
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-0
0E018981B9
E} - C:\Program Files\NewDotNet\newdotnet6
_38.dll
O2 - BHO: (no name) - {25B5BEF8-2910-46F0-228D-8
3646387412
B} - C:\WINDOWS\APPLICATION DATA\OKAY POLL\BARB FILM.EXE
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-F
D60B590A87
D} - C:\PROGRA~1\COMMON~1\REAL\
TOOLBAR\RE
ALBAR.DLL (file missing)
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-1
4154ECE70A
C} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MY
BAR.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7
859DF00B1D
6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
0A0C908246
7} - C:\WINDOWS\SYSTEM\MSDXM.OC
X
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0
09027A5CD4
F} - c:\program files\google\googletoolbar
1.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPw
rScheme
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.E
XE
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd
.exe -startup
O4 - HKLM\..\Run: [OmniPage] C:\PROGRAM FILES\CAERE\OMNIPAGEPRO90\
opware32.e
xe
O4 - HKLM\..\Run: [ICSMGR] ICSMGR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.
EXE" -atboottime
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAP
W32.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\reals
ched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMO
N.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECT
CD\DIRECTC
D.EXE
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDO
T~2.DLL,Ne
wDotNetSta
rtup -s
O4 - HKLM\..\Run: [nurbphonestupidcurb] C:\WINDOWS\Application Data\amenbytenurbphone\fil
e ooze.exe
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD
~2\CREATEC
D\CREATECD
.EXE -r
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPw
rScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SAgent2ExePath] C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.
exe
O4 - HKLM\..\RunServices: [GhostStartService] C:\PROGRAM FILES\SYMANTEC\NORTON GHOST 2003\GHOSTSTARTSERVICE.EXE
O4 - HKLM\..\RunServices: [DkService] C:\Program Files\Executive Software\Diskeeper\DkServi
ce.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [Nisum] C:\Program Files\Norton Personal Firewall\NISUM.EXE
O4 - HKLM\..\RunServices: [ccPxySvc] C:\PROGRA~1\NORTON~2\CCPXY
SVC.EXE
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [curbthat] C:\WINDOWS\APPLIC~1\NEWDVD
~1\wipe live setup.exe
O4 - HKCU\..\Run: [warez] "C:\PROGRAM FILES\WAREZ P2P CLIENT\WAREZ.EXE" -h
O4 - Startup: AdsGone 2004.lnk = C:\Program Files\AdsGone\adsgone.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02
.EXE
O6 - HKCU\Software\Policies\Mic
rosoft\Int
ernet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Mic
rosoft\Int
ernet Explorer\Control Panel present
O8 - Extra context menu item: Save F&lash with FlashCapture - res://C:\PROGRAM FILES\FLASHCAPTURE\FCIEXT.
DLL/FCIEXT
.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR
1.DLL/cmse
arch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR
1.DLL/cmca
che.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR
1.DLL/cmsi
milar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR
1.DLL/cmba
cklinks.ht
ml
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR
1.DLL/cmtr
ans.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-0
0aa003c157
a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-0
0aa003c157
a} - C:\WINDOWS\web\related.htm
O9 - Extra button: FlashCapture - {753BBC4B-CC73-4fb8-A5B5-C
A09C804C1D
D} - C:\PROGRAM FILES\FLASHCAPTURE\FCIEXT.
DLL
O9 - Extra button: AdsGone - {ECC5777A-6E88-BFCE-13CE-8
1F134789E7
B} - C:\PROGRAM FILES\ADSGONE\ADSGONE (file missing)
O9 - Extra 'Tools' menuitem: &AdsGone Settings - {ECC5777A-6E88-BFCE-13CE-8
1F134789E7
B} - C:\PROGRAM FILES\ADSGONE\ADSGONE (file missing)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugi
ns\NPDocBo
x.dll
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-0
06008A717F
D} (NCSView Class) -
http://www.emapsite.com/ecwplugins/ncs.cabO16 - DPF: {E77C0D62-882A-456F-AD8F-7
C6C9569B8C
7} (ActiveDataObj Class) -
https://www-secure.symantec.com/techsupp/activedata/ActiveData.cabO16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0
F47A330807
8} (ActiveDataInfo Class) -
https://www-secure.symantec.com/techsupp/activedata/SymAData.dllO16 - DPF: {C56CE781-A6FC-4706-8B32-6
EB4622155D
F} (MediaConnect Control) -
http://plugin.euro-infomedia.com/mpv0.cabO16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0
E40F83B1AD
F} (Live365Player Class) -
http://www.live365.com/players/play365.cabO16 - DPF: {644E432F-49D3-41A1-8DD5-E
099162EEEC
5} (Symantec RuFSI Utility Class) -
http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cabO16 - DPF: {CAFEEFAC-0014-0002-0005-A
BCDEFFEDCB
A} -
O16 - DPF: {8AD9C840-044E-11D1-B3E9-0
0805F499D9
3} -
As well as this when I try to shut down processes using CTRL-ALT-DEL I find that there is more than one version of iexplore running and that when i try to shut it down it keeps reapperaring as well as other processes appearing at the same time. No matter how many times I try to close the application it keeps comming back.
What the **** is wrong!!!
